Protecting Your Crypto Butt with Hardhat & Foundry
Two Wallets Walk Into a dApp
Welcome to Web3, where the gains are sweet, the risks are spicy, and one wrong click sends your life savings to a phishing wallet named rekt.eth. But fear not, brave dev! Today, we embark on a hilarious and semi-responsible journey into protecting your private keys while developing with Hardhat and Foundry — and why you need two wallets like Batman needs Bruce Wayne.
HARDHAT: The Leather Glove of Web3 Dev
Hardhat is like the Swiss Army Knife of Ethereum development — sharp, versatile, and dangerously easy to misuse. Most tutorials tell you to do this:
jsCopyEditconst PRIVATE_KEY = "0xYOURSUPERSECRETKEY";
Then BOOM — you push it to GitHub, forget it's there, and some script kid empties your wallet before you can say “testnet”.
So, what should you do?
Step 1: Use. env like your life depends on it
bashCopyEdit# .env
PRIVATE_KEY=0xYOUR_PRIVATE_KEY
jsCopyEditrequire("dotenv").config();
const privateKey = process.env.PRIVATE_KEY;
Why? Because committing your private key to Git is like leaving your ATM card taped to an actual ATM with your PIN written in lipstick.
Step 2: Use HD Wallets for Local Dev
Instead of using real private keys, Hardhat can spin up HD wallets with a mnemonic you can throw away after testing:
jsCopyEditmodule.exports = {
networks: {
hardhat: {
accounts: {
mnemonic: "test test test test test test test test test test test junk",
},
},
},
};
Remember: no one ever cried over losing 10 test ETH.
FOUND(RY) THE LIGHT
Foundry is faster, rustier, and a little more paranoid (which is good). By default, it stores your keys safely in:
bashCopyEdit~/.foundry/keystores
And you can encrypt them with a password like a normal human being:
bashCopyEditforge wallet import --private-key 0xabcdef1234...
# Prompts for password
Foundry also has smart support for impersonation, so you don't need to risk anything while testing:
bashCopyEditanvil --fork-url https://mainnet.infura.io/v3/KEY --fork-block-number 9999999
You’re now god. Don’t abuse it. (Okay, maybe just a little.)
TWO WALLETS, ZERO REGRETS
Let’s talk about the real alpha: you need two wallets.
Wallet Type | Purpose | Nickname | Example Use |
|---|---|---|---|
Developer Wallet | Testing, deploying, breaking stuff | “The Lab Rat” | Connecting to dApps, debugging |
Pay Wallet | Holding funds, NFT flex, staking | “The Vault” | Actually, valuable stuff |
Why two?
Because all those flashy sites with Connect Wallet buttons aren’t your friends. Some of them are like sketchy nightclubs — you enter once and wake up airdropped an STD (Suspicious Token Drain).
By using a developer wallet, you:
Keep your main wallet untouched
Can nuke it and start over if things go bad
Test risky sites without fear
Don’t lose your $420 Blur NFT
And your pay wallet? Treat it like it’s made of actual gold. Cold storage, hardware wallet, multisig... go full Fort Knox.
Real Talk: What Not to Do
Don't store private keys in plaintext in your repo
Don't use one wallet for everything (you’ll regret it)
Don’t paste your private key into chatGPT, Discord, or Google Docs 😬
Don't connect your pay wallet to cutehotgirl.eth, cute girls online are usually Male.
Don't reuse testnet accounts on mainnet
The Zen of Web3 Dev
To survive Web3, think like a squirrel with trust issues. Hide your nuts (private keys), test before leaping, and never put your treasure map (mnemonic) in the cloud.
Use Hardhat responsibly, switch to Foundry when you're ready to feel the Rust, and keep your wallets separated like a DJ and his groupies.
Lastly
Use. env for keys in Hardhat.
Use Foundry’s secure wallet imports for dev workflows.
Have two wallets: one for dev, one for funds.
Don’t be that person in Discord begging for a refund after “just clicking a mint button.”