YES BRUV
The Britain Restoring Underlying Values party will restore the once Great Britain.
As leader I am held fully accountable.
If the plan has not been actioned within 45 days of power I will step down from leadership.
No delays.
Charter below.
Join the movement: https://t.co/Zyp9aabp52
I've helped several people this week who got drained, all seed phrase / private key compromises from malware or LastPass.
Besides giving them an action plan, my goal is for them to understand this:
YOU ARE YOUR OWN BANK. You must take it seriously.
How? Here you go:
1) Don't store your seed digitally. I shouldn't have to say this, but veterans in the space are still doing it. If you download one malicious file, your seed and private keys can be compromised, and you will never be able to use the wallets from that seed again.
2) Treat your hot wallets as always compromised. You never know when you'll download an infected file that fully compromises them. Only store in them what you're willing to lose.
3) Invest in more than 1 hardware wallet. You must own at least one to store your valuables. Hardware wallets protect you mainly from malware and unauthorized access to your computer/phone (they don't protect you from signing malicious transactions).
I recommend you own 2 or 3 in total for two possible setups. A) 1 hardware wallet for valuables and 1 as a backup in case the other one breaks. B) 1 hardware wallet for valuables that doesn't do "risky" transactions such as approvals, swaps, etc. It only sends and receives assets. 1 hardware wallet that does "risky" transactions, and 1 as a backup in case one of the others breaks.
Which one? I suggest you go for the big brands, aka @Ledger and @Trezor. You don't want to be the cool one who owns the newly hot and experimental hardware wallet. Remember: this is your bank we're talking about. Reliability has to be the #1 priority, and time in the market with no compromises increases reliability. If you go for Ledger, do not buy their shiny new devices. I got one, and the paper ink screen means every transaction I do takes a long waiting time to display in several parts. I recommend their cheapest device, the Nano S Plus.
4) If you transact in crypto on mobile, do it on an iPhone. I don't recommend doing crypto on mobile at all, but if you must, Android's design is much more prone to downloading a file that compromises your hot wallets. Your preference for one over the other doesn't matter; we are talking about your own bank. Would you build your physical bank with plywood or steel walls?
5) Consider purchasing a Mac computer exclusively for crypto. This is annoying for most people, including me, but if you buy a cheap MacBook Air that you only use for crypto and never download things on, you decrease your chances of downloading malware on your computer and wrecking your hot wallets. Mac over Windows because it's less prone to malware/viruses.
6) Protect yourself from malicious or hacked Web3 sites designed to steal your assets with the best security tool @Kerberus Sentinel3. No user losses since January of 2023, 99.9% detection rate, and if we miss, up to $30k in coverage from @fairside. There is no second best.
7) Revoke approvals regularly. Open approvals can rekt your assets even on "trusted" protocols (e.g., Radiant Capital hack). An open approval = an open door for a wallet or contract to take a specific asset from your wallet. In my testing, I found @RevokeCash to be the most reliable.
8) Use @delegatedotxyz where you can. If a project integrates it, you can use a hot wallet to sign on behalf of your hardware wallet.
9) If your seed or private key were compromised and you have valuable staked assets that you can unstake now or in the future, consider hiring a white hat hacker from @flashbots_x to retrieve them for you. There is a possibility that your compromised wallets involve hackers who have bots listening to your wallets' transactions. When they see valuable assets entering your wallet, they immediately drain them. A white hat hacker who knows how to operate your wallet expertly can unstake and move them faster than the attackers. Hiring one is not free and will cost you around 10% of the value of the assets upon successful retrieval.
Feel free to comment or DM me if you'd like me to elaborate on any of these points or if you have other questions on Web3 security.
All of these recommendations are very Web3-oriented, which is my specialty. Would you want the #1 guy working in crypto security today to create a list of Web2-oriented security recommendations? Tag @An7i21 in the comments so he gets to work on them ๐ฅ