Basic Safety Rules

BASIC SAFETY RULES, PART 1

NOTE: this will not make you hack proof. But these basic rules should prevent 95% of the attacks.

1. 1EMAILS

Use a different email for each exchange. This way risk is greatly reduced if one email account is compromised. These email accounts should not be using your main personal email account as a recovery email. Otherwise if your main email account is compromised, all your other accounts are. In fact, searching your main email address will even give away the email address you're using. I use protonmail, it's free.

1. 12FA

Should be enabled on all your exchanges, but also on your email accounts. Use Yubikey or Google Auth or Google Auth compatible app. I use a second phone with Google Auth. Phone remains in airplane mode, permanently offline. Reliable phone, with removable battery so that I'm not in trouble in case the battery dies. The purpose of 2FA is an extra layer of safety if your computer or email accounts are compromised. Store both the 2FA key given when adding 2FA to your mail/exchange safely. Not in Evernote, or a text file on your computer, or in your emails, but instead in your encrypted password manager.

1. 1PASSWORDS

Choose strong and various passwords (duh). I store mine in a password management database, there are many free ones on the market, make sure it's an encrypted database so that someone gaining access to the password manager's database cannot access your passwords. I use KeePass. Avoid installing the mobile version of these password managers on your phone, remember all your passwords are in there.

1. 1DEVICE SAFETY

Ideally you use a dedicated computer for trading, and you avoid sharing this with other people, even if you trust them, they will have shitty practices, get phished, download infected software and etc. Better use a VPN as well, in many P2P software (games, Bittorrent, mining...) your IP address is known by the other participants, don't make yourself an easy target. You MUST use a VPN if you use a public network (eg: airport/Starbucks Wifi). Keep your OS, OS antivirus, and browser up-to-date. Do NOT use shady browser extensions, do not install pirated software on your computer. Most pirated software/cracks come with malware. Metamask or known wallets are probably the only extensions you should use. Overall I don't recommend mobile devices. They're single points of failure. Upon unlocking your phone someone has access to Metamask, exchanges, email, your password manager, and even 2FA if you don't keep it on an a separate offline device like I do.

1. 1SEED/KEY MANAGEMENT

Don't keep your seeds and recovery phrases on a sheet of paper at home. If your house gets robbed/burns/get flooded you will likely lose both your hardware wallet and recovery phrase. A safe at the bank for your hardware wallets recovery phrases is probably a good choice. Yes very sadly and ironically at the end of the day we end up trusting banks for our crypto, I know. If you think banks can burn too, then use these metal engraving kits.

1. 1FUNDS MANAGEMENT

Hardware wallet for everything not on exchange, and hardware wallet for Metamask or equivalent when trading on DEX. If you're trading coins that are available on derivatives, you should be using the derivatives, you will not only benefit from better order types and lower fees, but leverage will allow you to keep less funds on the exchange, for the same position size (do not use leverage to increase your risk!).

1. 1SMART CONTRACT PERMISSIONS

This was the #1 reason for hacks on BSC/Trust wallet. You connect to some shady swap exchange, and they end up asking for more permissions than required, which may include the permission to spend/move your funds. Avoid swap exchanges other than Uniswap, Sushiswap, PancakeSwap, Raydium, Serum, and the leaders on Avax (Pangolin) and Cosmos (Osmosis). Check URL properly to make sure you're not being phished. Always read the permissions when asked by your wallet, the only permission required should be for the swap to access the currency you're trying to sell (the Allow swap step). When going to Etherscan or BSCscan, you can connect your wallet and take a look at the permissions you granted. You can then revoke the permissions that don't seem necessary.

1. 1USE COMMON SENSE

• ●If you are careful, phishing attempts are very obvious (sender, typos, offers too good to be true...) - Don't give seeds/passwords/recovery phrases to anyone, including exchange support staff. - Don't be bragging anywhere IRL you made millions with crypto, or even say you own crypto. Best way to make yourself a target. - If something is too good to be true, it likely is. No project admin will DM you on Telegram to ask you to enter their exclusive private sale. - Same when you play video games, probably better to avoid using handles like "Doge2theMoon", especially considering your IP address is likely visible to other players using a network sniffer.