shutterstock 145154578 scaled

DeFi Security 101

This article was written together with Ledger, a hardware wallet and application to securely buy, sell, exchange, stake, lend & manage your crypto.

Owning crypto is a path made of security choices. By saying owning crypto, we mean owning your private keys. And by security choices, we refer to the way you chose to secure your private key. Hardware Wallet, Paper Wallet or even Software Wallet: this was the first choice you had to deal with by entering in the crypto security universe. 

But do you know what is the best way to own your private key?

After discovering that keeping your digital assets on exchanges is not safe at all, you will then discover that there are several ways to properly own your digital assets.  Some of them are more convenient than others.  Some of them are more secure than others.

Note: Subscribe now and join over 100K subscribers and keep up to date with the latest Crypto, DeFi, and NFT content.

Software Wallet

  • Software wallets are downloaded and installed on a personal computer or smartphone
  • Classified as hot storage because of their online nature
  • Pros: high level of security, you have the ownership of your private key
  • Cons: cannot protect you against hacks and viruses as they are hot/online

Paper Wallet 

  • Generally classified as cold storage
  • Refers to a physical copy or paper print of your public and private keys
  • Pros: high level of security, you have the ownership of your private key
  • Cons: paper wallets can be easily damaged, burned, easy to copy and take pictures + not convenient 
  • Warning: Do not keep copies of your paper wallet on your PC. The private key of a paper wallet should always be kept offline.

Hardware Wallet

  • Hardware wallets store your private keys on an external device
  • Classified as cold storage
  • Hardware wallets are the safest way to store crypto assets
  • Pros: best level of security, you have the ownership of your private key, your private key is stored offline, you can verify all your transactions and manage all your crypto in a very convenient way by using the app that comes along with it.
  • Cons: accessing blockchain applications like DeFi dapps will require the additional steps of bringing your assets online. 

Some hardware wallets like Ledger, are taking steps to make sure users can still use their crypto while in cold storage, by displaying critical actions like signing a transaction or generating an address on the device.

Best security practices to keep your assets secure

Crypto is becoming more and more popular, phishing attacks also happen more frequently. You can keep your funds safe by taking the following steps. 

Here are the best security practices to prevent being scammed from phishing:

1. Never share your recovery phrase!

The most important (and simple) way to avoid being scammed from phishing is to remember that your private key (also known as your recovery phrase or your 24 for words) is the only access to your digital assets. Would you consciously give someone access to your funds? No! So keep in mind to never share your 24 words with anyone. 

2. Check who is asking for your personal information  

Your best defense to protect against phishing is to think critically about the emails you receive. Most of all, if someone is asking for your 24 words, you can be sure that is a scam. No one will ever ask you for your recovery phrase!

3. Never validate a transaction on your hardware wallet if you are not the author of this transaction.

Scammers may ask you to download a fake application that will trigger a transaction on your Hardware wallet. You must absolutely reject that transaction.

4. Always make sure that you interact through official channels

Be cautious, fake domain names are sometimes very close with a subtle spelling difference. Check website addresses closely for misspellings, unusual characters, and other irregularities.

Transition to DeFi

But with the exploding popularity of DeFi throughout the last two years, new choices are added to this crypto security dimension. Getting the right security information about DeFi, Choosing one DeFi protocol among others, or knowing the right monitoring tools: these are examples of questions which might pop up in your DeFi journey. 

Why it matters 

In addition to exploding value locked in DeFi and significant platform milestones, the industry has been subject to frequent occurrences of minor and major security incidents across both new and established DeFi applications. 

DeFi incidents examples:

  • on 19th, $25m USD stolen through a reentrancy attack vector; funds are re-issued after team’s negotiation with hacker.
  • Curve: A stablecoin exchange platform, revealed that they found and solved a bug in the sUSD reserve contract.
  • PegNet: A cross-chain DeFi platform PegNet suffered a 51% attack when 4 miners in their network controlled 70% hashrate.
  • Hegic: 28k USD of liquidity locked in expired options contract by a bug in contract, for which the team promised to compensate affected users with their own funds.

DeFi Due Diligence

Smart contracts audit

Identify potential contract vulnerabilities by using third-party automated tools + on-hands auditing services. Check to see whether auditing firms have reviewed the projects you are using, and importantly, check to see if those audits revealed any important bugs or flaws.

DeFi monitoring tools

DeFi-related monitoring tools are available to the public to more confidently interact with financial applications:

  • aggregate critical security information about DeFi protocols
  • public audits
  • admin key details
  • better inform users’ decisions when choosing between DeFi applications.
Security transparency

Dapps are becoming more open about identified security vulnerabilities. This sort of transparency is crucial to building trust among new and existing users and to scaling a more secure network of DeFi protocols.