If you are coming from the world of centralized finance there are support teams, refund policies, and someone is usually a call/email away to help answer any questions. Enter in crypto and the world of decentralized finance (DeFi) where scammers and con artists are waiting to prey on newcomers from the centralized finance world. This article will be very extensive, but we believe it will contain helpful information for both the novice and the seasoned crypto investor.
There are many ways your security can be compromised if you do not take precautions. Unfortunately, even with the best safety and security measures in place along with best practices, there is always the possibility that a determined hacker can somehow get your information, or your bad attitude, and lack of understanding will cause you to make mistakes.
The steps below are the best way to protect yourself and your crypto assets from nefarious bad actors. DO NOT HESITATE to implement these things, they are important to keep you safe!
*There will be some affiliate links associated with some of the links shared from the contributors to this article. Please feel free to do your own research and utilize the links you find while searching through various topics. A word of caution though to do your own due diligence with crypto websites as scammers will often attempt to create fake sites in order to phish for your information. Welcome to your first lesson =)
- Use a quality anti-virus software.
- MAC/APPLE users need to do this too.
- Don’t give people easy access to your accounts.
- NEVER SHARE YOUR PRIVATE KEYS OR SEED PHRASES WITH ANYONE. DO NOT STORE THEM ON YOUR COMPUTER OR PHONE, EVEN AS IMAGES.
- “NOT YOUR KEYS, NOT YOUR CRYPTO”.
- If your crypto is sitting on an exchange you technically do not own it.
- Hardware wallets can be used to actually retain custody of (own) your crypto.
- Make copies of your seed phrases and private keys on paper, store them in two or three different places.
- COLD WALLETS / HARDWARE WALLETS can be used for added security or for holding long-term assets you do not plan on trading or selling for a while.
- Always double-check the last 4 digits of addresses to send or receive crypto.
- Con artists run rampant in crypto, if you find yourself rushing and acting on emotions…STOP, take a breather, re-examine the reason and logic behind what you are doing.
- Never try to sell random tokens/coins you did not buy that show up in your wallets. Scammers can use these to drain your other funds.
- More of this is covered in the Common Scams section.
- Disconnect your wallet from sites/dApps that you are no longer using.
- Use 2FA (2 Factor Authentication) for access to your exchanges.
- Perfect security is impossible, but making yourself a hard target to hit is easy to do.
- Prepare for the possibility of a compromised wallet.
Notes From An Expert
Credit goes to Jason Ansley, Wolf Den Member and former IT professional and password/security cracker.
Once a hacker has to go through 7 layers of roadblocks, the risk reward for time invested diminishes. Doesn’t mean it’s not hackable…
Just about everything is hackable given enough time/effort. But is it worth it?
The easiest hack is social engineering. This would be most of what you are seeing in crypto with DMs and offers of help but you’ve got to go connect your wallet to a site they give you.
This is easy. 1 road block. Getting you to trust them in a convo.
As for keyboard loggers, those are a bit harder to install but can be done. Using a secure auto fill tool such as LastPass adds a barrier here.
Make sure you have 2FA activated everywhere you can and use it via an Authenticator app such as the one by LastPass Authenticator.
Email and SMS 2FA is false peace of mind.
Longer passwords are better than shorter complex ones, all my personal are minimum 24 characters. Complex and long is best.
In the context of a cold wallet, I do use a hardware wallet for my big long term holds.
7 Minimum Roadblocks
- Own your private keys.
- Complex >24 character passwords.
- Disconnect wallet from sites.
- Lock MM after you are finished using it.
- Copy/paste MM password from a password safe such as LastPass (I like this one as it was developed by a top security guy at the University of Kentucky about 20 years ago and has stood the test of time…LP also has a “no see” policy…the database is hashed and encrypted so no LP employee can view passwords).
- Cold storage wallet as 2FA for every transaction in MM.
- BITDEFENDER Total Security for proactive monitoring.
So at this point, a hacker would have to be deep in your system for a very long time to have the slimmest chance.
Setups: Safe & Safest
Follow the items outlined under these two options. Both SAFE and SAFEST are decent options, or a combination of the two. But we absolutely do not recommend doing anything less than the SAFE option.
- BITDEFENDER TOTAL SECURITY or PREMIUM + VPN.
- Note, BitDefender WILL work on Chromebooks if you choose to get a Chromebook You just need to install it from the Google Play store and then sign in to your account.
- TREZOR MODEL T for long holds/macro beliefs like BTC, ETH and others.
- SEED PHRASE / PRIVATE KEYS.
- 2 copies on paper, stored in different places.
- Never store these on your devices as text or images. Not even for a minute.
- DOUBLE-CHECK WALLET ADDRESS BEFORE SENDING OR RECEIVING.
- Only the first four and last four digits of the address need to be checked regularly.
- But they should be checked against the original record, not something you copied and pasted.
- LAST PASS TO SAVE PASSWORDS.
- Never use Chrome or another browser to save your passwords.
- Make your master password easy to remember (for you) and at LEAST 24 characters long.
- LASTPASS can also be used to store SEED PHRASES and PRIVATE KEYS. However, it does pose risks. Of course, writing them on paper poses risks too.
- 2FA WITH LASTPASS AUTHENTICATOR or GOOGLE AUTHENTICATOR.
- Never use an SMS (text message) authenticator option… EVER.
- USE SIGNAL MESSENGER APP TO SEND SENSITIVE INFORMATION.
- Works on phones, tablets and computers and you can have one account synced to all.
- There are times when you may need to send yourself or someone else sensitive data. Signal is one of the only messenger apps that is encrypted end-to-end as well as on the device.
- Text, WhatsApp and FB Messenger are a big NO.
- Signal will NOT work on Chromebooks.
- For added security, you can use proton mail or any similar encrypted email service.
- Gmail, Outlook and other services are not natively encrypted. Don’t ever send sensitive data over them if it can be helped.
- USE ONE DEVICE EXCLUSIVELY FOR CRYPTO.
- Believe it or not, the preferred device is a Chromebook. They are inexpensive and Chrome’s OS natively “sandboxes” everything. So if one part of your system is compromised the malware, virus or hacker would find it near impossible to infiltrate anything else.
- Note, BitDefender will work on Chromebooks, even though BitDefender says differently. You just need to install it from the Google Play store and then sign in to your account.
- USE A HARDWARE WALLET TO CONFIRM ALL TRANSACTIONS IN METAMASK.
- Create a “ghost wallet”.
- Buy a second wallet and copy the seed phrases onto it. This is in case you and your backup seed phrase perish, quite literally. Store in a safety deposit box or safe with instructions for a family member.
- Create a “ghost wallet”.
- TREZOR MODEL T
- Setup 16 SEED PHRASES, requires multiple to recover wallet.
- Create “hidden wallets” to store long holds.
- Create a “ghost wallet”.
- Have a second blank wallet setup in case your current wallet becomes compromised.
- Best to have it setup and ready to go on a different device then the one your primary wallet is setup on.
- Add any networks to it that you use and then don’t touch it unless you believe your primary wallet has been compromised.
This goes for everyone, even for MAC users. Many believe that Apple products are not vulnerable to viruses but this is simply not true. If you believe this you are the victim of marketing at the cost of your security.
The best consumer-grade software, in our opinion, is BITDEFENDER Total Security. Click on the products for home, then it is recommended to get the Total Security with VPN if you do not already have VPN.
- They consistently get high ratings in all tests and their pricing is great. 5 devices for 1 year averages $35-$100.
- It covers all device types and is easy to install.
- Barely uses any system resources.
- They also offer a dedicated piece of hardware called the BITDEFENDER BOX, which protects EVERYTHING connected to your home network, including guests who log in and have infected devices.
- We recommend staying away from Kaspersky, McAfee, Norton, and Symantec.
- These services hog resources from your computer and always have some major flaws.
A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
- For some things in crypto, you need a VPN because your country may be on a blacklist for the service or exchange.
- Sometimes it’s just good to always use a VPN, for instance, if you are connected to public wifi or sending sensitive data.
- It needs to be noted that VPNs are not security software. Many are under the impression that a VPN is some sort of coverall for digital security. This is another case of people being the victim of marketing.
- There are many choices for VPNs, Bitdefender comes with it for free with their total security package.
CC Cleaner https://www.ccleaner.com/. This software does a lot of nifty things, including:
- Clearing browser cookies automatically when you close your browser.
- Updating drivers for you.
- Cleaning up your hard drives and generally keeping your PC working at peak condition.
2FA is a vital tool in keeping your assets secure. It is like needing two keys turned simultaneously to launch a nuclear missile. It can be a hassle but it serves two purposes. First, it adds an extra layer of verification, and second, it forces you to slow down a little. Some sites and apps offer the option to use 2FA (2 Factor Authenticator). This is always recommended by TGA.
Note: DO NOT USE TEXT/SMS 2FA. Use an App like Google Authenticator or Authy, both are available for apple and google devices.
Authenticator Apps use codes that change every 30 seconds to add an additional layer of security when logging in to websites like Crypto Exchanges and transferring funds. This is always recommended whenever offered.
There are several types of “identifying” information in crypto. Knowing what is okay to share and what is not will save you from theft.
- Most wallets have public addresses, these are okay to share with people as the information they provide is public.
- These are frequently used by people to help troubleshoot issues. It is still a good idea to only share these with people you must transact with or who are admins in a TRUSTED group.
PRIVATE ADDRESS/KEYS and SEED PHRASES
- Your private address/keys and seed phrases allow access to your wallets.
- They can be used to import wallets into new accounts or to recover access if a device it was saved on is lost or destroyed.
- NEVER SHARE THESE WITH ANYONE YOU DO NOT KNOW AND TRUST.
- Never send these “in the clear” either.
- Don’t text them or send them via regular email.
- Signal Messenger is one of the most secure messaging services out there. It is end-to-end, and on-device encrypted.
- When you start a new wallet or account: Write these down on paper, make two copies, triple check they are accurate, and store them in separate places so that if one gets destroyed you have a copy of it somewhere.
- If you ever lose these AND lose access to your wallets you will have no way of recovering the crypto assets stored there.
- There are several alternatives to the tried and true, thousands of years old paper & pen.
- LastPass has an option for storing documents and notes encrypted, if you don’t have a great password for LastPass it is not as secure as storing them on physical means and storing them in a safe place.
- Another option for storing these is an encrypted USB drive that uses physical buttons to enter a password. There is the possibility that if a device you plug it into is compromised, the data will be stolen. So this is only for people who are confident in their ability to secure their devices. DatAshur is a good brand that doesn’t cost an arm and a leg.
Staying Safe With Telegram, Discord, & Twitter
This section’s credit goes to one of our Guardian members, Malek (WDWP #17).
In your crypto experience you will most likely find your attention being spent on one of these (if not all of these platforms). This unfortunately is also where many scammers are lying in wait. Read through Malek’s article below as he discusses the best practices to stay safe on the 3 biggest platforms for cryptocurrency.
In Case of Emergencies
What happens if the worst-case scenario happens to you? You get hacked, an accident, premature death or something else? You have options.
PREPARE FOR THE POSSIBILITY OF A COMPROMISED WALLET.
- Setup a new wallet with all of the networks you use added to it
- You would preferably set it up on a different device then the one you primarily you use in case the compromise is due to a hack and not a scam token or contract.
If you suspect your wallet has been compromised you have several options.
- Move all your funds to a new wallet.
- This requires you to create a new wallet (or have a backup on standby) and have access to both at the same time.
- Move all your funds to a CEX until you setup a new wallet.
- Requires trading any funds that are not currently supported by the Centralized Exchange(s) you have access too and transferring them. This takes more time then the first option.
- Do nothing and kiss it all goodbye.
- This obviously is not recommended.
The recommended method is to move the funds to a new wallet. This is because it is the quickest and easiest.
You can create a new wallet on the same device that your existing wallet is on, or you can create a new wallet on a different device.
If you are using a computer you will want to open a new instance of the browser you are using (chrome browsers you will want to open chrome as a different user.) This will allow you to add the MetaMask extension to your browser and create a new wallet while having the old wallet still accessible.
If you are using a mobile device you will need to get a different wallet app. So if you are using MetaMask you will want to get Trust Wallet, SafePal or another comparable mobile wallet.
Using A Computer To Create A New Wallet
1. Open your chrome based browser (or chrome browser itself).
2. In the top right corner click on the User Icon.
3. Then click on an existing profile at the bottom if you already have one or add one. You can make up an email on the spot or use an existing email.
4. Leave the original instance of Chrome open.
5. Now install MetaMask extension for this new instance of the browser https://metamask.io.
6. Create a new wallet.
- Write down the seed phrase. Do not take screen shots, pictures or email/text it to yourself to “save time”.
- Do not worry about adding networks now. You can check the transactions via the block chain scan for whatever network you are sending tokens on.
7. Now with both browsers open, copy the address to the new wallet you create and start transferring funds over.
- Be sure to double check the last four digits of the new wallet address you are sending tokens too.
- To make this easier write down the last four for quick reference.
8. If you want you can add the networks you use to MetaMask before you start moving funds but for the sake of speed it is not necessary until after you are done.
- Pick an alternative mobile wallet OR setup a new wallet on a computer.
- If you chose to setup a wallet on a PC it will allow you to scan the QR code for the wallet to make transferring the funds easier.
- If you chose to remain on mobile pick a wallet app other than the one you are currently using.
- Trust Wallet
- Setup the new wallet, copy the address and begin sending funds.
- Write down the seed phrase. Do not take screen shots, pictures or email/text it to yourself to “save time”.
- You do not need to add the networks to the new wallet right away to receive funds on that network. This can be done afterwards.
- Be sure to double check the last four digits of the new wallet address you are sending tokens too.
- To make this easier write down the last four for quick reference.
Once the funds are moved you should be safe. However if you were not using a hardware wallet before this should be a wakeup call for you. Check out the Cold/Hardware Wallets section for more info.
Adding Networks to your new wallet on computer. Go to the Blockchain scan, scroll to the bottom and you will see a link that looks like this:
Last pass has an option where you can give someone access only if you don’t deny the access within a certain time frame. So if you die, they put in an access request and as long as you don’t deny them access (which you won’t cause you’re dead) they gain access after a few days, a week or whatever you sent the timer for.
So you would store the seed phrases on Titanium plates in a safe or a bank lockbox. In LastPass, you would store instructions on how to get access to the plates, how to access the wallet using the seed phrases AND if necessary a trusted contact to walk them through the process of managing and acquiring the funds. The instructions should include a note not to share the seed phrases with anyone they get help from. You never know.
These are not the only options, think of them as more of a blueprint on how you can ensure if the worst happens to you the funds will be SAFELY passed on to the right people.
There are two primary types of HOT and COLD wallets.
HOT wallets are software-based and are always “ON”.
COLD wallets are hardware-based and can be disconnected or never connected to the internet. They require some sort of physical interaction to confirm transactions and are considered safer than HOT wallets.
Sending & Receiving
- ALWAYS CHECK THE FIRST AND LAST FOUR OF SEND/RECEIVE ADDRESSES
- There are malware programs that can detect when you have copied a crypto address and swap it with one of their own. An easy way to prevent this and also prevent you from accidentally sending stuff to an incorrect address is to double-check.
- When you check, do so against the original record, not what’s in the clipboard or a text message. Look at the ORIGINAL record. So if you got the address from Binance, look at Binance when you double-check it.
- There may be times when you cannot purchase something and need someone else to do it, or there is a specific whitelist or presale that requires you to blindly send crypto and trust that the dev will send it back. Understand there is always a risk you will lose everything you send.
- Only send crypto to people you trust and, preferably, have met in real life or are truly doxed.
- Do not send more than you are willing to lose.
- Also note that when you are sending crypto to centralized exchanges like Coinbase, Binance, and Kucoin the addresses may not stay the same. So do not save them in an address book, always get the most up-to-date address so you are sending them to the correct one.
NOTES FOR WALLETS:
- Always write down your SEED PHRASE on paper and make 2 or 3 copies. Store them in different places.
- If you create a sub-account write down the PRIVATE KEY, MAKE 2 or 3 copies, and store them with your SEED PHRASES.
- If you have multiple accounts under one SEED PHRASE and need to recover your accounts without PRIVATE KEYS on Metamask, first import your main wallet with the SEED PHRASE. Then follow these instructions: https://metamask.zendesk.com/hc/en-us/articles/360015489271-How-to-add-missing-accounts-after-restoring-with-Seed-Phrase-Secret-Recovery-Phrase.
The premise of securing your crypto is very simple. Instead of creating and storing that seed phrase on a device that is connected to the internet, you create, store and use it from a device not connected to the internet.
Gregory Esman, a Guardian of TGA, did a deep dive on hardware wallets in this article here. The information below will give you a quick snapshot of the recommended hardware wallet but if you’d like to get a full grasp as to why one would use a hardware wallet and the benefits of securing your own crypto then would read this article.
We recommend the Trezor Model T, and the Ledger Nano (S, or X) as a second choice. Here are our reasons:
They both work natively with MetaMask. MetaMask will be our way to communicate with most applications, and since a majority of applications you’ll use work really well with MetaMask, including KnightSwap (TGA’s preferred DEX on BNB Chain), we want a hardware wallet that supports MetaMask.
Both companies were created in 2014, as a result, they’re tested and proven through time.
- 24-word seed phrase
- Ability to create multiple addresses per coin. Imagine one address gets hacked. The other isn’t touched if you separate your assets.
- Only one wallet, though
- PRIMARY PROS:
- 12, or 24-word seed phrase
- Or up to 16 paired seed phrases at 33 words each
- Ability to create multiple addresses per coin
- An unlimited number of hidden wallets
- This creates plausible deniability if someone forces you to open your wallet. “$100 is all I got, Joe!”
- 12, or 24-word seed phrase
- Additional protection Trezor Model T has on top of what Ledger supports
- Against hackers- Ability to add custom passwords on top of your seed phrase for all new wallets. I would not recommend using wallets without this feature.
- Against Physical Attacks- A microSD Card slot.
- When the card is inserted, your pin code works. When it isn’t, your real pin code won’t work. Remove it or remove and break it if you are being attacked. Your device will be made useless.
- A wipe code- Type it in on the same screen as your pin code and your device resets.
- Your hidden wallets are not shown. Due to this, you can deny there is any more than what’s in the standard, non-hidden wallet.
- Against Theft and Destruction- Instead of relying on 1 seed phrase, you have the ability to create up to 16 different seed phrases where each one can be up to 33 words.
- To recreate your wallet, you have to input a certain number of those 16 seed phrases. 4/16, for example. You choose how many. If someone steals one, they need 3 more to access your wallet. If one is destroyed in a fire, you have another 15 to use. This makes theft practically impossible to pull off, and makes destruction a non-issue.
Setup Specific to Chromebooks
Original content written by Chef (Guardian of TGA) and some content modified for the purposes of this article.
Safety and security are paramount when conducting any activity involving your cryptocurrencies. This guide is not a deep dive into security best practices, so for a reference on safely navigating within the cryptocurrency ecosystem, refer to the rest of this safety and security article.
I picked up my Chromebook on sale for $160 and the only thing I use this Chromebook for is my crypto. I don’t do work, I don’t watch movies, and I don’t browse the web for anything other than the crypto sites I actively use. If I want to learn about a new token, for example, I do that on one of my other devices. Only after I have committed to buying will I navigate to the site on my Chromebook.
The first thing to know when getting started with your Chromebook is that it is Linux-based, and runs apps that you download from the Google Play Store, many of which are the mobile version of the app. Therefore, some apps will not have the same functionality you may be used to from their PC or Mac versions.
Before you do anything crypto related, make sure you have an antivirus/anti-malware program running as well as a VPN. For antivirus, I personally use BitDefender Security, which I downloaded from the Google Play Store. For my VPN, I use KeepSolid’s VPN Unlimited mostly because I got a good price for the lifetime subscription. Before I do anything with my crypto, I ensure the VPN is running and I run a security scan in BitDefender, every time.
As mentioned above, ensure you have all your security measures in place before you begin. Chromebook uses the mobile version of many apps, including MetaMask and Brave browser. You cannot connect a hardware wallet to the mobile version of MetaMask, and I have been unable to use MetaMask with Brave on the Chromebook, therefore I use Chrome with the MetaMask extension (so it isn’t the mobile version which will allow you to pair this with a hardware wallet).
Open Chrome and go to the MetaMask website. Once you are there, click download and choose the Chrome extension. Once MetaMask is installed, open MetaMask and create or import a wallet to get started with the extension. Now that you have MetaMask installed and ready to go, you will need to set up your Trezor T.
Trezor Model T Setup
I had no knowledge of setting up or using a hardware wallet before getting my Trezor T and I found the setup to be fairly straightforward. While I don’t have screenshots of my original setup, I used some shots from after-the-fact and some images I found online. You can also now reference the Trezor Guide in this article.
There are two options for setting up your Trezor T for the first time.
- If you plan to only connect your Trezor T to your Chromebook, which is my plan, then you will use the Trezor suite for web
- Alternatively, you can set up your Trezor T for the first time on a PC or Mac using the desktop app and then connect it to the Chromebook for use. The desktop app is not available for Chromebooks.
For the Trezor suite for web, simply navigate to the official Trezor website and click “I already own Trezor.” On the next page in the upper right corner, click “Trezor suite for web.” The site will now step you through your setup. It will install the firmware on your Trezor and begin the wallet setup.
Throughout the setup process, my recovery phrase was only ever displayed on the Trezor T screen itself. At no time did I type, view, or otherwise display the recovery phrase anywhere on my Chromebook.
Once you create your wallet and before you transfer any funds, I recommend you wipe it and reinstall it using the seed phrase(s) you just created. Alternately, you can use the Check Recovery Seed option in the Trezor suite for web settings. It may seem like a hassle, but it will ensure you copied your phrase(s) correctly. I also recommend you inscribe or stamp your phrase(s) onto a steel wallet backup for safe keeping. If you used the Shamir backup, use one steel wallet per phrase.
Reauthorizing Any DeFi Contracts
Because this is a new wallet, you will have to re-authorize all the farms, pools, etc before you use them. When you click “authorize” or “approve,” MetaMask will pop up the usual window to confirm your transaction. Once you click “confirm,” a new window will open and step you through the transaction. It will start in the new window where you confirm the use of the Trezor. It will then transition the transaction confirmation to the Trezor itself.
It will ask you to verify the contract address you are using and then the gas fee. Once you “Hold to confirm,” the transaction will execute. Check your wallet activity to verify the transaction went through. And that is it.
Once you are complete with your transactions, click on the three dots next to your Trezor wallet and remove the wallet. When you need to access your wallet again, simply repeat the steps above to connect your Trezor T.
In my experience, about 25% of the time I have some issue completing transactions. Usually the problem that manifests is the Trezor window does not open after clicking confirm in MetaMask when starting a transaction. The second issue I tend to see is the yellow pending wheel just spins and nothing happens.
Some combination of the following fixes the problems:
- Changing my VPN connection location
- Unplugging and re-connecting the Trezor
- Removing the wallet and reconnecting in MetaMask
- Clearing your Chrome browser cache and browsing history
A best practice that reduces these occurrences is, once you are complete with your transactions:
- Unplug your Trezor from your computer
- Remove your wallet from MetaMask
- Lock MetaMask
- Clear your browser cache and history, and close Chrome
- Shut down your Chromebook
These are my experiences and options and are provided for informational purposes only. Before making any purchases or transferring funds, ensure you do your own research into these technologies.
This is an alternate wallet that can store your crypto assets. Written by Rocket Raccoon (Guardian of TGA)
- Fully air-gapped. Never connected to internet, cellular data, or bluetooth.
- Seed Phrase only appears on the device itself, will never be logged into a computer or mobile device -6-12 digit custom PIN created by user, numbers to enter PIN rotate order on LED screen every time you input it so pattern can’t be recognized easily.
- Passphrase can be created and utilized so that if any part of it is entered incorrectly, it will bring up a false wallet account.
- If physically tampered with, has a self destruct function so information can’t be harvested from the internal chip.
- 32 blockchains supported with firmware updates available for new technology upgrades (the only time it will be connected to a computer and is only directly connected while undergoing firmware upgrade process).
- Supports multiple wallets.
- Inexpensive (about $50 USD).
- Integration with SafePal mobile app is seamless and SafePal mobile app itself is extremely smooth and has great, easy functionality once you take some time to learn where everything is located.
- Can currently purchase BNB, ETH, Matic, and USDC (ERC-20) by credit or debit card directly on the mobile app and have it delivered directly to your cold wallet (further asset direct buy support to be added in due time).
- Lightweight construction appears to be on the more fragile side
- That’s actually the only observable con in my opinion at time of writing this
Where to buy:
FROM THEIR OFFICIAL SITE- https://www.safepal.com/
Setting Up SafePal S1
- Once you receive your SafePal S1, download the SafePal mobile app if you haven’t already, click the top left corner tab, click the + button, select Hardware Wallet.
- Turn on your SafePal S1, follow the step by step directions displayed between the device and mobile app to create the wallet account and pair it with the SafePal mobile app.
- Here is a set by step guide if you would like further assistance/clarification on any parts of the setup process – https://safepalsupport.zendesk.com/hc/en-us/articles/360046051752-How-to-Set-Up-a-S1-Hardware-Wallet
- Transactions will be set up via the mobile app internal dApp browser or direct transfers by clicking on the asset itself and selecting “Send” or “Receive.”
- When confirming the transaction as you would with a “hot” wallet such as MetaMask, TrustWallet, SafePal software wallet, etc., it will prompt you with a QR code.
- Press/hold the side button on your SafePal S1 to turn it on if it’s off, select “Scan” and scan the QR code from your mobile app.
- The device will then ask you to enter your custom PIN, once properly entered, it will prompt a series of QR codes for you to then scan with your mobile app.
- Select “Next” on your mobile app for it to use the camera to scan the QR codes on the SafePal S1.
- This process provides a “signature” from you, the wallet owner, via the device to confirm the transaction. The mobile app then submits the signed transaction to the blockchain for validation and it will be processed.
- I would recommend checking to ensure your S1 has the most up to date firmware when first setting up the device. After that initial upgrade, your SafePal mobile app will typically notify you when a new firmware update is available.
- Go to https://www.safepal.io/upgrade.
- On your S1, go to Settings -> About.
- Type the Serial Number listed on your device into the bar on the webpage, it should begin with “S1” then click search.
- If there is an available firmware upgrade, it’ll be displayed with a “Download” button.
- It will download a zip file titled “upgrade.bin” you do NOT need to unzip this file.
- Connect your S1 to your computer via USB cable provided.
- On the S1 display, go to Settings -> Upgrade, ensure you have your seed phrase written down for safe measure, click “Backup already”.
- This is the only time your S1 will be visible to your computer and no internal data from your S1 is shared with your computer. It displays as a connected external drive.
- Drag and drop the “upgrade.bin” zip file onto your S1, select “Upgrade”.
- It will commence the firmware update and automatically disconnect from your computer.
- Assets will either be automatically recognized and added to your asset list or can be manually added via typing the asset name or contract address in the search bar on the main home screen of the selected wallet. (You can also create SafePal software wallets or import MetaMask or TrustWallet accounts in the mobile app).
- Main view of your assets is displayed in the left-most tab on the bottom bar.
- Total detected value will be displayed at the top.
- Just below the total value, there’s a small bar with a few options.
- You can sort the asset list by Value, Name, Amount of assets, or Custom Sort.
- When “Asset” is selected, it will list all of your imported singular assets.
- When “DeFi” is selected, it will display a list of platforms where you have staked holdings. Clicking each will display what you have staked including number of tokens making up you LP token pairs. Sometimes it’s slightly off in updating exact number in real time, but have found it to be largely accurate.
- When “NFT” tab is selected, your NFT collection will be displayed from both ETH and BSC networks. Additional network NFT support to be added in due time.
- At the top right corner, there is a button to open the QR code scanner and a circular button with … in the middle. That button will drop down a small menu from which you can add an additional wallet account, Buy Crypto directly by credit or debit card through a third party provider, Simplex, contact Support, and select Settings where you can adjust security settings, preferred gas for transactions, clear browser cache, adjust appearance and other preferential settings.
- You can also go to dApp Node Settings, where for each network you can select to see which network nodes are currently running most efficiently, select, and save very easily. (Personally really like this feature).
- From the bottom bar of the app, first tab on the left is of course the main overview of your wallet account(s).
- Second tab from the left with the three columns displays a list of asset prices and can bring up their current charts by clicking on them.
- SafePal is directly partnered with Binance, so data is provided by Binance, you can favorite as many assets as you’d like.
- Middle tab from the bottom bar brings up the internal dApp browser. There is list of popular/frequently used platforms and tools listed from a variety of networks or you can search/type web address in the top bar.
- When you type in a web address, you’ll notice a symbol drop down just to the left of the “Go” button. This drop down menu is to select the network you’ll be using for the web page you’re navigating to.
- Fourth tab from the left bottom bar with the two arrows is an internal bridge and swap router with allows you to swap assets or bridge between networks. The bridge is a bit limited, but you can swap cross network which is pretty cool (Example: can swap (BEP20) BNB for (fantom) FTM.
- You can also click the “Exchange” tab which allows you to connect with your Binance account and directly trade on Binance from the app
- The Final tab on the bottom bar (far right) has staking options where you can stake various prominent LP and earn additional LP+SFP (safepal’s token) as well as single stake Cake and Banana.
CONNECTING/DISCONNECTING FROM SITES & TOKENS.
- Always double-check the URL of any site you are using for the first time. Copycat sites will use the same name with a different suffix like changing “pancakeswap.finance” or “pancakeswap.io”
- A 5-second check will keep you from losing your crypto to scammers.
- This is especially true if you use a search browser to find the site for the first time.
- Never connect your wallet to a random website or follow instructions to verify your holding from anyone you do not know. Scammers will access your funds in this way and drain your wallet.
- TELEGRAM: EVEN IF you recognize the name of a Telegram contact, if they ask you to connect to an unknown site assume it’s a scam! Always look at people’s user names and not their screen names.
- Display names and icons can be duplicated but usernames cannot.
- If you are no longer using a site with your MetaMask it is always recommended to disconnect/unlink your MetaMask from it. On PC/MAC Open your MetaMask browser extension. Click the three dots in the upper right-hand corner. Click “Connected Sites” in the drop down menu. Click the trash can symbol next to any sites that you no longer use.
- You can also do this directly from the blockchain via the below links
Crypto is the frigging wild west, and just like that time period and place, there is a lot of excitement, opportunity and people out there who will monopolize on others with the wrong attitude and motivations.
- If you don’t know what you’re doing, don’t rush through it. The biggest mistakes can be made when you are doing something for the first time in a hurry.
- Understand that scam tokens are run by con artists. They know you want to make a lot of money and make it fast. They play to your greed and jealousy. They build confidence in their victims and they are good at it.
- Assume if an opportunity is too good to be true, or it’s a “do it now or miss out kind” or thing that rushes you, you’re better off missing out.
- Smart crypto growth can be had, and a small percentage of your assets can be used for high risk plays, but you should have the attitude that only a SMALL percentage of your crypto assets are for those high-risk plays.
- NEVER REVENGE TRADE.
- If you get yourself in a honeypot or rug pull, DO NOT immediately go and try to find another 100x. This is called a revenge trade and it is an easy way to get rekt multiple times in row.
- This also applies to swing, leverage and margin trading. If you take a loss and are very emotional, take a step back and wait, take another look at the chart and be smart.
This guide written by Malek, a Guardian of TGA will detail some of the more common scams typically seen on the 3 main platforms of Crypto: Telegram, Discord, and Twitter.
That’s it! We hope this guide was helpful and as we learn more or as new information presents itself we will update this document, so be sure to bookmark this so that you can have it as an easy reference for anyone new coming into the space.