# Security in crypto

By [Untitled](https://paragraph.com/@0x7db9d3a9c53cff63cf69f0620ffd21f8bb30a99e) · 2023-04-18

---

**How to store? Where to store?**

All crypto is stored in a blockchain, and cryptocurrency wallets are essentially programs that interact with it. In other words, cryptocurrency wallets provide you with an interface to interact with the blockchain.

**And so, what types of wallets there are:**

**Wallets come in custodial and non-custodial.** 

In a custodial wallet, private keys are stored and managed by a third party on your behalf. In other words, the owner does not have full control over his or her funds and cannot sign transactions.

Non-custodial wallets are completely autonomous. Only the owner can manage the balance. Access to such wallets requires a private key and a seed phrase, which the user must store securely.

**In turn, custodial and non-custodial wallets are divided into two types: cold and hot.**

A cold wallet is a wallet that does not have a permanent connection to the Internet. It is connected to the network only for a few seconds at the time of the immediate transaction.

Hot wallet - a wallet that is permanently connected to the Internet.

**Exchange wallets (custodial, hot).**

These are wallets of stock exchanges: Binance, Huobi, Bybit, Coinbase, etc. The peculiarity is that the funds lying on the exchange belong not to you, but to the exchange - you only use the exchange with your virtual account.

![](https://storage.googleapis.com/papyrus_images/f407fdffb757834dfb138146fbb0ca02a0e29d39c338bb26fb8e04adb4cc5900.png)

**How to secure a custodial, hot wallet in the example exchange Binance?**

E-mail. It is best to use a separate email for the exchange.

**Use a strong password**. It is desirable to generate and store it in a password manager.

Add a list of purses allowed for withdrawal in the "Security" section.

**2FA** - two-factor authentication.

Add an anti-phishing code for emails.

Use incognito mode when working with the wallet. This way you minimize the list of extensions added to your browser and get rid of data saving.

**Mobile wallets (non-castodial, hot)**

**Online access wallets** - Trust wallet, Metamask, etc. They are non-custodial, do not require KYC, only the owner has access to the account.

**Trust Wallet**

**How to create:**

*   You download the app on your cell phone from the AppStore or Google Play Market.
    
*   Go through a small registration, get a 12-word phrase and write it down on paper.
    

**What to do to secure your funds:**

*   Don't leave the seed phrase and private key on electronic media. You can manually transfer the information to a piece of paper.
    
*   Do not give the seed phrase to third parties.
    
*   Check the links you follow to connect your wallet.
    
*   Always verify the transactions that you confirm.
    
*   Only update apps through official sites or app stores.
    

Never use your primary wallet for random interactions with contracts you don't trust. If you still have to do so, always check what exactly you are signing: for example, if there is no uprooting (which will empty your wallet) or proxies behind which the mentioned function can hide.

**You can check your contracts at the following sites:**

[_https://revoke.cash/_](https://revoke.cash/)

[_https://zapper.fi/revoke_](https://zapper.fi/revoke)

[_https://app.unrekt.net/_](https://app.unrekt.net/)

[_https://cointool.app/approve/eth_](https://cointool.app/approve/eth)

[_https://etherscan.io/tokenapprovalchecker_](https://etherscan.io/tokenapprovalchecker)

[_https://bscscan.com/tokenapprovalchecker_](https://bscscan.com/tokenapprovalchecker)

[_https://polygonscan.com/tokenapprovalchecker_](https://polygonscan.com/tokenapprovalchecker)

[_https://debank.com/_](https://debank.com/)

Once you receive an Approve, the contract can spend any amount within the limits of the Approve!

**Hardware wallets (non-custodial, cold)**

**Cold wallets (hardware)**: Ledger, Trezor, BitLox, SafePal, etc. These wallets are used in physical form, connected via usb or bluetooth to your computer.

![](https://storage.googleapis.com/papyrus_images/1277e443ee13b07956e045a93ff6daf58819ad4ff31df31e78dd2ce08bf29d69.png)

**What is the advantage over hot wallets?**

In order to hack a hot wallet, it is enough to interfere in a virtual environment. There are a lot of cracking tools, starting from keyloggers, viruses, trojans, exploits and finishing with social engineering. As for the hardware device, these conditions are not enough, since an external device with its own operating system is also added to the virtual environment. It turns out that even if an intruder breaks into your computer, he will not be able to steal money.

Physical confirmation of each transaction. When making each transaction, the owner must enter a special password for the appraisal. How to protect yourself?

Buy wallets only from official dealers.

It is strictly not recommended to buy used, as the device can be hacked.

Keep the Sid phrase only on paper.

Protection from loss. Non-custodial wallets use the BIP39 bitcoin enhancement suggestion. The master password is encoded into a handy form, a sid-phrase, which can be 12, 18 or 24 words. Thanks to this, if you lose your device, you can restore your account in any wallet through the sid-phrase.

**How to transfer cryptocurrency safely?**

We recommend you to go to settings and add to your address book frequently used addresses for sending, as well as any other sites you use on a regular basis, so that you don't have to search for them every time, as there is an increased risk of running into a phishing site

Do not transfer your money to strangers who promise you promotion of accounts, insides with coins, pyramid schemes, where doing nothing will increase your deposit. It's all a fraud, you lose your money forever after you transfer it.

**How to detect fraudulent sites?**

**Download wallets only from official sites, such as:**

[_https://metamask.io_](https://metamask.io) 

[_https://trustwallet.com_](https://trustwallet.com) 

[_https://phantom.app_](https://phantom.app)

Always check the project domain, if you want to connect your wallet.

When you place a project for the first time: Check the white paper (technical map), the prominence of the developers, aggressive marketing or not, other basic information

**Viruses, third party software, spam, free tokens**

Spam mails and third party intervention are also commonly used tools. Let's go over the most basic ones:

*   Don't click on links that email you supposedly about the metamask app update or that you need to enter KYC (Passport Credentials). These are also all fraudulent sites that do everything they can to get the gullible user to enter their cid phrase
    

Here is one example of a fraudulent mailing list:

![](https://storage.googleapis.com/papyrus_images/71f6ec16af4772173f0ec7ad210df0e3d5d9156d28f7547009402642b121aa12.png)

By downloading anything from the Internet you also run the risk that the file will contain a Trojan or a stealer, which copies everything you have in your computer memory and later your accounts can be cleaned by criminals.

**How to protect yourself:**

*   Protect your account with two-factor authentication. If your account is protected this way, your stolen username and password won't be enough to log in.
    
*   Do not download anything from suspicious sites and pirate sites. Attackers know how people like free stuff and use it.
    
*   Use reliable anti-virus software if you use "Windows" operating system
    
*   Always keep your software up to date. This is doubly relevant for important programs. Attackers use known security gaps and they send Trojans to your computer to do their dirty work.
    

Spam mailing can also be to your wallet in the form of free tokens.

**What is this for?**

They create some token with a similar name to expensive projects, encouraging the user to try to sell this token. You can only sell it on a malicious site and by connecting a wallet to sell these tokens, you also allow the use of your other tokens.

It is very important that every time you sign any permission into the metamask, you deploy the contract to see exactly what you are giving permission for. Exclusively for one token or for the whole portfolio!

_\*Which Stablecoins are more reliable: USDT, USDC, BUSD and DAI_

Due to recent events, a huge wave of distrust has now descended on stablcoins.

After the collapse of Terra Luna and the 99% decoupling of their UST steblycoin from the dollar, people began to lose confidence in algorithmic steblycoins, which led to the decoupling of USDD (Tron) and many others.

After that, the largest stablcoin USDT (Tether) showed a decline of 4%.

Against this background, the volumes of USDC and BUSD grew by an average of 20%, which showed a clear flow of funds.

Now there are 4 major stablcoins on the market: USDT, USDC, DAI and BUSD. USDC is fighting for the leadership with USDT.

Tether (USDT) is one of the most well-known and popular coins among crypto investors. Every dollar in USDT is backed by USD, which is held in Tether's reserves and can be received in exchange for the project's tokens.

USDC is issued by Circle Internet Financial. The company claims the token is fully backed by cash and short-term U.S. Treasury bonds and is starting to act as a major stablcoin with which to short other stablcoins. BUSD is issued by Binance in cooperation with Paxos, regulated by the New York State Department of Financial Services and subject to monthly audits. BUSD is centralized, Paxos is responsible for issuing and burning coins, which is not exactly in line with the principles of digital currencies, and it is strictly monitored and regulated, in case of suspicious activity the balance can be frozen.

It is important to remember: that Binance, that Circle profitable to remove Tether from the market, so that their influence on the market became even greater and there was at least some advantage over FTX and Alameda (which simply absorb companies on the verge of bankruptcy because of the strong market decline).

_\*\*DAI, a stabelcoin issued by MakerDAO, a decentralized platform on the Ethereum blockchain, is also worth mentioning. In other words, the DAI token is a stabelcoin, that is, a digital analogue of the dollar, but, unlike it, it is decentralized and is not controlled by anyone._

The DAI is stabilized by the Target Rate Feedback Mechanism (TRFM), an automatic algorithm that regulates the price and maintains the exchange rate at about $1 with minimal deviations. The TRFM mechanism is activated when the stable price deviates from the Target Rate to then restore it.

The current DAI supply is 2/3 backed by centralized Stablecoins, for which the bear market is not as scary.

---

*Originally published on [Untitled](https://paragraph.com/@0x7db9d3a9c53cff63cf69f0620ffd21f8bb30a99e/security-in-crypto)*
