Originally posted on December 12, 2024 at labs.wonderfi.com/blog
The Wonder Wallet launch is approaching, and we’re excited to bring the world of blockchain technology to more people than ever before. To prepare for launch we wanted to share some best practices for managing the security of your self-custodial wallet. With the following tips in your toolbelt, you’ll be prepared to stay safe in DeFi space.
Before we dig into the tips, let’s first look at...
A self-custodial wallet means that you, and only you, are responsible for your wallet’s security and the assets within. They also don’t have accounts in the traditional sense – no emails, no passwords – so there's no easy reset if you lose access or get locked out of your wallet.
Think of it like a traditional cash wallet, just in the digital space. Only you have access to the wallet and what funds go in and out. This also means you are responsible for keeping it safe, and that if you lose it there’s no recovery if someone spends the cash in the wallet before you find it again.
The traditional cash wallet comparison also extends to the companies that build and offer self-custodial wallets. They do not have any access to your wallet, nor are they able to recover your wallet, or your funds, if you lose control.
What can I do to keep my wallet safe?
Practicing the following security habits can help you with protecting your wallet and your assets in the digital space.
1 - Always backup your wallet
Wonder Wallet will offer two styles of wallet: traditional seed phrase wallets and MPC wallets. Depending on which method you choose to use it can affect how you look at backing them up.
If you lose your phone, or accidentally remove the Wonder Wallet app, you can use the backups in place to recover access to your wallet.
MPC wallets
These wallets are encrypted and backed up through a third-party provider of your choosing. This could be Google, Apple or another option. The backup itself is protected by an extra layer of security from those third parties.
However, this means you need to practice good security habits with those accounts:
-
Create a separate email just for your crypto wallets that you do not expose elsewhere on the web with everyday usage.
-
Change your password for these accounts regularly
-
Enable 2FA (Two Factor Authentication); Authenticator apps (Google Auth, Authy, Microsoft) are the most secure method, and we recommend using them over other options like SMS or email.
Seed phrase wallets
These wallets are protected by a 12, 18 or 24-word phrase that you set up when you create the wallet. This word phrase is essentially the password to your account except unlike traditional password you cannot reset it if you get locked out.
Your wallet seed phrase is like the keys to your house, or the PIN on your debit card: it controls all access to your wallet. Write your phrase down and keep it in a safe and secure location such as a physical safe.
DO NOT:
-
Create your seed phrase in a place where someone else can see it.
-
Share the seed phrase with anyone else.
-
Keep it anywhere on your phone (notes app, screenshot, etc).
-
Keep it in a cloud-based service (i.e. Google Drive) where it can be accessed online.
Finally, NO ONE from WonderFi will ever, ever contact you asking for your Seed Phrase.
2 - Don’t keep all your assets in one wallet
You've heard the expression "Don't keep all your eggs in one basket"? Same thing applies to your digital assets and your wallet.
As you explore and interact with what blockchain technology has to offer, you may find yourself growing your collection of tokens and holdings. As your holdings grow, it’s good practice to start storing your assets in different wallets.
There are two different approaches you can take for this method.
Multiple hot wallets
Did you know? - Online wallets, self-custodial or otherwise are referred to as hot wallets. They’re actively connected to the internet.
Your Wonder Wallet can hold multiple hot wallets, and you can easily send between them. It’s good practice to keep one wallet for your day-to-day activities with a bit of ETH. This is the wallet you use to interact with dApps and smart contracts.
Then keep your collectibles and other long-term assets in another wallet that doesn’t interact with the web3 space directly. This puts a further step in place for protecting your assets. Even if you take an action that exposes access to your day-to-day wallet, only that wallet can be accessed while your major assets are protected in another wallet.
Hardware wallets
Did you know? - Opposite to hot wallets are cold storage wallets (aka hardware wallets). These wallets are physical devices that can store your wallet keys and crypto completely separate from the internet.
If you’re planning on holding a large number of tokens or collectibles long term, you can store them safely in a hardware wallet. Once you’ve transferred your funds in, you can disconnect the wallet from the internet, and no one can access it unless they physically get their hands on it. This is one of the most secure methods for storing assets that you are not planning on actively using.
Hardware wallets come in many forms, some of the more well known and trustworthy ones are Ledger and Trezor. Always buy your hardware wallets new, as used wallets have the potential to be compromised.
If you store your tokens in a hardware wallet, make sure the physical wallet itself is kept in a secure place, like a physical safe or lockbox at a bank.
3 – Practice good device security habits
Your device is your access point to your wallet. If you lose your phone or tablet, you need to make sure that no one can gain access. Always maintain good security habits with your phone:
-
Enable biometrics (fingerprint, face ID, etc) whenever possible.
-
If biometrics are not available on your device, make sure to set a secure PIN or pattern that is not easy to guess.
-
Do not access your wallet on public or unsecured Wi-Fi.
-
If you must access your wallet while travelling or away from home, use a VPN for an extra layer of protection.
4 - Set up auto lock
Auto lock is a feature that will automatically lock down your phone if you leave the device open but inactive for the period of time you set. Once the auto lock kicks in, you’ll need to sign in again before you can access your device.
If you find yourself checking your phone regularly but not locking it before setting it down, we strongly recommend enabling auto lock. If you are in public a lot, work from an office, travel extensively or aren’t generally a homebody, having auto locks enabled can help easily prevent unauthorized access to your wallet.
Your device has two levels of auto lock available; your phone’s own auto lock, and the Wonder Wallet specific auto lock.
Device auto lock
This is set in your device’s own settings and will lock down the entire device after the time limit you’ve set for inactivity has passed. The best practice will always be to set the shortest time limits available.
Wonder Wallet auto lock
The Wonder Wallet app has its own auto lock feature called Timeout when you enable biometrics. Timeout will kick in anytime you minimize, but don’t close, your Wonder Wallet app.
You’ll be able to enable and customize your Timeout length in the Wonder Wallet Settings.
Wrap up
We covered a lot in this article today, so let’s sum up the key points to remember!
Self-custodial wallets:
-
Are totally under your control.
-
Rely on you to maintain secure practices.
-
Cannot be recovered by the company that made the wallet application.
Key safety points:
-
Back up your wallet and seed phrases safely.
-
Don’t keep all your assets in a single wallet.
-
Always maintain proper device security measures.
-
Be extra vigilant if you access your wallet regularly in public.
While no one tip or combination of practices can guarantee complete security, the ones we discussed today can certainly help greatly reduce the risk of unauthorized access to your wallet if practiced consistently.
We can’t wait to have you join us in the DeFi space! Keep your eyes peeled on X or join us on Discord to stay up to date as we get closer to the launch.