Security Advice | Safely Store Digital Assets

Security Advice | Safely Store Digital Assets

The main reason for digital asset loss is the failure of users to correctly backup wallet mnemonic phrases. If the mnemonic phrases are not correctly backed up and the wallet device is damaged or lost, the assets will be lost. In addition, malicious contracts, fraudulent activities, and hacker attacks can also lead to asset loss. Therefore, it is recommended that users confirm the accuracy of the mnemonic phrases and backup them properly, only authorize trusted contracts, protect personal information, use strong passwords, and regularly update software systems. At the same time, using hardware wallets, offline device backups, backing up mnemonic phrases multiple times and storing them in a dispersed way are also effective methods to protect assets.

Common Causes of Asset Loss and Strategies to Address Them

1. Failure to Properly Back Up Mnemonic Phrases

Decentralized wallets do not store users' mnemonic phrases, so once the phrase is lost, it cannot be recovered. Incomplete statistics show that the most common reason for digital asset loss is not theft, but users' failure to properly store their wallet's mnemonic phrases. If the phrase is not backed up properly and the wallet carrier is damaged or lost, this can lead to asset loss. In addition, if the mnemonic phrase is not stored securely, the assets in the wallet can easily be obtained by others.

Response Strategy:

  • Be sure to carefully confirm the accuracy of the mnemonic phrase and back it up properly before using the wallet;
  • Try to use physical media to back up the mnemonic phrase, such as writing it on paper or using a mnemonic phrase box, to ensure the security of the mnemonic phrase;
  • Backup the mnemonic phrase multiple times and distribute it to a safe place.

2. Accidentally Granting Transfer Permissions to Malicious Contracts

Authorization operations usually occur during the interaction with DApps. Be sure to authorize carefully, as if the authorization object is a malicious contract, the assets in the wallet may be transferred without the wallet owner's confirmation. The DApp ecosystem is mixed with good and bad, and casual authorization can lead to asset loss, so only by increasing their own awareness of security can users avoid such risks.

Response Strategy:

  • Review Contract Source Code: You can look for professional auditors to review the contract code to ensure its security;
  • Use Trusted Contracts: Try to choose well-known and trusted contracts;
  • Regularly check wallet authorization status: If you find that the wallet authorization is associated with a strange contract, please cancel the authorization as soon as possible;
  • Use Transfer Permissions Wisely: Do not easily grant transfer permissions, and be vigilant after granting authorization to be ready to revoke it at any time.

3. Falling victim to fraudulent activities

Fraudsters use various tricks to deceive users, and users with low awareness are often inadvertently deceived by fraudsters to obtain their mnemonic phrases or token transfer permissions, resulting in asset theft.

Response strategy:

  • Protect your mnemonic phrase/private key: Any request asking for your mnemonic phrase/private key in a text message or phone call should not be trusted;
  • Do not click on unknown links or download unknown software easily: They may be phishing websites disguised by hackers;
  • Pay attention to website security: Choose legitimate websites and ensure that the security certificate of the website is valid;
  • Regularly monitor your account: Check your wallet account regularly to ensure its security;
  • Consult professional organizations: If you encounter a fraudulent incident, you can seek advice from professional organizations or the police.

4. Encountering a hacker attack.

On the blockchain, the mnemonic phrase represents asset ownership. Once someone else obtains your mnemonic phrase, they can import it on another device and steal your assets. Therefore, the most important thing is to ensure secure generation and backup of your mnemonic phrase.

Response strategy:

  • Use an offline hardware wallet to generate and store your private key to increase security. Do not save it on a connected mobile device to avoid being hacked and having your assets stolen.
  • Only download wallet software and applications from official channels, and avoid downloading unverified software to avoid security risks and malicious software stealing your digital assets or other sensitive information.
  • Do not copy and paste wallet mnemonic phrases or private keys; manually enter them to increase security. Also, do not jailbreak or root your device to prevent hackers from exploiting vulnerabilities to steal your digital assets or other sensitive information. Additionally, avoid accessing unknown links to avoid the risks of phishing attacks and data leaks, and only visit known and trusted links.

Other Recommendations

1. Keep cold and hot wallets separate

Hot wallets (such as imToken) are easy to use, but users need to have good security awareness. Hardware wallets (such as imKey) use secure chips to ensure the security of private keys from the hardware level, making it more beginner-friendly. It is recommended to use the imToken software wallet for small assets and the imKey hardware wallet for large assets. Combining software and hardware can ensure asset security while maintaining a good user experience.

2. Regularly update software and operating systems

Regularly update or upgrade software and operating systems on devices to fix vulnerabilities or errors and avoid being attacked by hackers.

3. Manage applications on your device

Limit the self-starting settings of applications, completely delete unnecessary applications, and do not install programs from unknown sources. Avoid installing applications that include remote desktop viewing functions, as criminals may steal mnemonic phrases or private keys by spying on the desktop.

4. Disable cloud storage functionality

Do not use automatic cloud functions to upload sensitive data to online accounts to avoid the risk of sensitive information leakage caused by cloud data breaches.

5. Use a strong password

Set a strong password consisting of uppercase letters, lowercase letters, numbers, and special characters, and change it regularly.