# Protecting Your Crypto Butt with Hardhat & Foundry **Published by:** [fabian](https://paragraph.com/@fabiancreative-operations.group/) **Published on:** 2025-04-29 **Categories:** wallets, developers, protection **URL:** https://paragraph.com/@fabiancreative-operations.group/protecting-your-crypto-butt-with-hardhat-and-foundry ## Content Two Wallets Walk Into a dAppWelcome to Web3, where the gains are sweet, the risks are spicy, and one wrong click sends your life savings to a phishing wallet named rekt.eth. But fear not, brave dev! Today, we embark on a hilarious and semi-responsible journey into protecting your private keys while developing with Hardhat and Foundry — and why you need two wallets like Batman needs Bruce Wayne.HARDHAT: The Leather Glove of Web3 DevHardhat is like the Swiss Army Knife of Ethereum development — sharp, versatile, and dangerously easy to misuse. Most tutorials tell you to do this:jsCopyEditconst PRIVATE_KEY = "0xYOURSUPERSECRETKEY"; Then BOOM — you push it to GitHub, forget it's there, and some script kid empties your wallet before you can say “testnet”. So, what should you do?Step 1: Use. env like your life depends on itbashCopyEdit# .env PRIVATE_KEY=0xYOUR_PRIVATE_KEY jsCopyEditrequire("dotenv").config(); const privateKey = process.env.PRIVATE_KEY; Why? Because committing your private key to Git is like leaving your ATM card taped to an actual ATM with your PIN written in lipstick.Step 2: Use HD Wallets for Local DevInstead of using real private keys, Hardhat can spin up HD wallets with a mnemonic you can throw away after testing:jsCopyEditmodule.exports = { networks: { hardhat: { accounts: { mnemonic: "test test test test test test test test test test test junk", }, }, }, }; Remember: no one ever cried over losing 10 test ETH.FOUND(RY) THE LIGHTFoundry is faster, rustier, and a little more paranoid (which is good). By default, it stores your keys safely in:bashCopyEdit~/.foundry/keystores And you can encrypt them with a password like a normal human being:bashCopyEditforge wallet import --private-key 0xabcdef1234... # Prompts for password Foundry also has smart support for impersonation, so you don't need to risk anything while testing:bashCopyEditanvil --fork-url https://mainnet.infura.io/v3/KEY --fork-block-number 9999999 You’re now god. Don’t abuse it. (Okay, maybe just a little.)TWO WALLETS, ZERO REGRETSLet’s talk about the real alpha: you need two wallets.Wallet TypePurposeNicknameExample UseDeveloper WalletTesting, deploying, breaking stuff“The Lab Rat”Connecting to dApps, debuggingPay WalletHolding funds, NFT flex, staking“The Vault”Actually, valuable stuff Why two?Because all those flashy sites with Connect Wallet buttons aren’t your friends. Some of them are like sketchy nightclubs — you enter once and wake up airdropped an STD (Suspicious Token Drain). By using a developer wallet, you:Keep your main wallet untouchedCan nuke it and start over if things go badTest risky sites without fearDon’t lose your $420 Blur NFTAnd your pay wallet? Treat it like it’s made of actual gold. Cold storage, hardware wallet, multisig... go full Fort Knox.Real Talk: What Not to Do❌ Don't store private keys in plaintext in your repo❌ Don't use one wallet for everything (you’ll regret it)❌ Don’t paste your private key into chatGPT, Discord, or Google Docs 😬❌ Don't connect your pay wallet to cutehotgirl.eth, cute girls online are usually Male.❌ Don't reuse testnet accounts on mainnetThe Zen of Web3 DevTo survive Web3, think like a squirrel with trust issues. Hide your nuts (private keys), test before leaping, and never put your treasure map (mnemonic) in the cloud. Use Hardhat responsibly, switch to Foundry when you're ready to feel the Rust, and keep your wallets separated like a DJ and his groupies.LastlyUse. env for keys in Hardhat.Use Foundry’s secure wallet imports for dev workflows.Have two wallets: one for dev, one for funds.Don’t be that person in Discord begging for a refund after “just clicking a mint button.” ## Publication Information - [fabian](https://paragraph.com/@fabiancreative-operations.group/): Publication homepage - [All Posts](https://paragraph.com/@fabiancreative-operations.group/): More posts from this publication - [RSS Feed](https://api.paragraph.com/blogs/rss/@fabiancreative-operations.group): Subscribe to updates ## Optional - [Collect as NFT](https://paragraph.com/@fabiancreative-operations.group/protecting-your-crypto-butt-with-hardhat-and-foundry): Support the author by collecting this post - [View Collectors](https://paragraph.com/@fabiancreative-operations.group/protecting-your-crypto-butt-with-hardhat-and-foundry/collectors): See who has collected this post