Sirwin
Sirwin
Stay safe in defi with these top security tips

Defi Safety 101

By benn0xake | cryptoinvesting | 17 May 2024


I've been hacked; I've been scammed; I've been laughed at for getting hacked and scammed. And I'm still here full-throated in defi. 

Why? 

Unscrupulous deviants steal from me and the rewards in decentralized finance still far outweigh the bumps and bruises. Stay involved in defi and the system will eventually forgive your mistakes. What's more, you'll have no fear of moving forward into a decentralized digital finance future. This is most important, because it's coming whether you like it or not.

The purpose of this article is to save you tons of money as you navigate this insanely interesting new world of defi. I'm writing for non-technical folks, because you're just like me. Read to the end, apply what I've learned, and you'll have multiple layers of titanium armor protecting you from the bad actors in this space.

Can you remember a fun little 1️⃣2️⃣3️⃣4️⃣ four word sequence?

1️⃣ Silo
2️⃣ Insure
3️⃣ Silence
4️⃣ Ensure

Defi safety 101. Let's go!

Silo

Defi safety starts by locking down your hardware and tech stack like a bank vault. Honestly, you should feel a bit like James Bond doing this stuff. I did.

Materials needed: The Three Amigos. Cold wallet (Trezor), cheap Macbook, super cheap Android

Cold wallet — This is where you keep your defi feeder funds. All money that you're not using within the next two minutes is in your cold wallet, no exceptions. Your cold wallet never touches the Internet except to hook into your Macbook to transfer funds into your transaction wallet. Your cold wallet is an incel. It goes nowhere and has no friends save your siloed Macbook.

Why Trezor for a cold wallet? I've never had an issue with Trezor getting hacked from the supply side, unlike the more popular Ledger, which has lost my trust after being hacked multiple times.

Your cold wallet can get even more esoteric with smart keys and multisigs, but I'm assuming you're doing defi solo (and the topic is beyond the scope of this article). Silo the Three Amigos in the manner described and you'll be fine.

Transaction wallet — Macbooks work best for non-techies, as PCs are more easily compromised. I like Macbooks over iPads because you'll be less likely to take it outside and pierce your silo. Again, this Macbook does not touch the Internet except to make transactions. You do not explore defi protocols, answer emails or slip up and watch pr0n on this computer.

Defi often gamifies itself and becomes gamefi — gaming with a defi layer. You do not gamefi on your transaction Macbook. (Your transaction Macbook likely isn't powerful enough to game anyway because it should be cheap.) If you're playing something like Shrapnel, an FPS that uses the $SHRAP token, transfer your crypto into your gamefi computer, disconnect and offline your transaction Mac and do all the swaps from your gaming computer.

Hot wallet — If you want to take a crypto device outside of your safe place, grab a cheap Android. Why Android? Because I don't want your siloed Macbook widening your attack surface by syncing with your iPhone hot wallet. (Apple is CREEPY like that!)

As crypto becomes more widely accepted, you will need a travel hot wallet phone to transact in public or interact with consumer sites. This is the device you use to buy a hotel with crypto, move into fiat or show your buddy your gains. Yes, this means if you want money on this phone you'll have to move it twice, first from your cold wallet to your transaction Macbook, then to your hot wallet. Annoying, yes. On purpose so you only do it when you really need to.

Socials — You give yourself another layer of diamond armor by creating a social footprint unique to your web3 presence. Some defi protocols may ask you to connect to your Facebook, Discord, Twitter, what have you. If those profiles have your government name, pictures and other info, they could be compromised. Create a brand new, siloed social presence with email. Use proton.me as your first stop, because all other socials will require an email for sign up.

Keep an eye on Dmail.ai as it improves. You can sign up with nothing more than a wallet signature, but it's not the best at receiving confirmation emails from other platforms. Fortunately, technology improves quickly, and Dmail may soon be robust enough to serve as your completely siloed web3 mail hub. 

Insure

Believe it or not, defi will end up looking quite similar to tradfi once all is said and done. (Defi doesn't think tradfi is all bad; tradfi just needs a few upgrades.) One of the most important holdovers from tradfi is the notion of insuring your deposits SIPC style.

Siloing your hardware and tech stack lowers your attack vectors exponentially, but defi is nothing if not interaction with third party smart contracts. And those contracts aren't perfect. Fortunately, with insurance products like Nexus Mutual and OpenCover, you are not completely reliant on the team's competence.

And yes, crypto insurance products actually do pay out. In the millions.

You can look at your insurance like an HMO. Stay within the covered network, and you gain an additional layer of protection.

Silence

Defi is about privacy. The less you broadcast your position, the less likely you are to have funds stolen.

Broadcasting yourself in the digital world means interaction with protocols that require you to hand over information outside of a wallet connection/signature. Your attack surface increases if you give away emails and socials. But! If you're following all steps, you have already created a siloed social web for your crypto identity, so you won't be compromised as easily.

Your browser broadcasts your position — if you're using old school tech. Consider replacing Chrome with Masq, a web3 dedicated browser with a multihop VPN. You can also explore the built in web3-centric Finance tab for a free and convenient introduction to important defi protocols that you might never find using Safari or Firefox.

A good dVPN helps to silence your position as well. Mysterium Dark is a great option and may be used in tandem with the Masq VPN.

Ensure

I don't know why Ensure is marketed at old people. Everybody needs the stuff in Ensure, and it tastes good! When you Ensure, you take your daily defi vitamins by keeping up with the latest goodness in the space.

For instance: Knowing that Rabby Wallet giving you the option to revoke transactions unlike Metamask. Metamask is the most popular option for normies, but those who know have already switched. Just like the Ledger v. Trezor example above — the more popular option is not always the best.

You can get livesaving tidbits like this by joining a security focused Discord like Nexus Mutual DAO. The Spaces on security are pure gold, as they usually focus on the most recent newsworthy hack and solve.

When you get in the groove of steady updates, you'll naturally begin to pick up on the nuances of sensing shiftiness in web3. Here are a few things that should pique your Spidey sense:

❗️Any link from Twitter promising you are eligible for an airdrop you know you did nothing to earn 🤣
❗️Sites that make your wallet pop up automatically (some legit sites do this as well, but I always clear the autopop, scan the site, and manually sign in)
❗️DMs from important people in crypto on any social media website (it's a big thing that no one legit in crypto DMs first)
❗️Wallet signature advisories with overly technical or unreadable technobabble
❗️Copypasta swap websites with blue chip LPs (they want your ETH! It may not be a hard rug, but there are other ways to rug you!)
❗️New tokens with a low Dextools score
❗️Abandoned protocols (e.g. stay away from ForTube & Umbria Bridge. They worked fine... last cycle. Put your money in there now, and you won't get it back. Tells: Low TVL and protocol usage)

SISE

Silo, insure, silence, Ensure. SISE.

Most important takeaway: Your education in defi is never ending. Overall, defi is in a state of discovery and experimentation. If you put one yen or GBP into any defi protocol, you are an active part of a new paradigm with the potential to change the way the world interacts with money. Stay safe, and you can be rewarded very well for your participation.


👁️‍🗨️ Follow on Diamond (fuck Twitter).

👁️‍🗨️ Make sure you're in position to profit from web3 gaming in 2024.
👁️‍🗨️ The truth about these NFT communities.

How do you rate this article?

49


benn0xake
benn0xake

https://diamondapp.com/u/Benn0xake


cryptoinvesting
cryptoinvesting

I traded up to 7 figures in the 2021 bull market, and I'm going to hit 8 figures by 2025. Here's how.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.