Connect with us


NFT, DeFi and crypto hacks abound – Here’s how to double wallet security

The explosiveness and high dollar value of non-fungible tokens (NFTs) seem to prevent investors from increasing their operational security to avoid exploits, or hackers simply follow the money and use very complex strategies to exploit wallets collectors.

At least that was the case for me a long time ago when, after falling in love with a classic message sent to me on Discord, it caused me to slowly but too quickly lose my most prized assets. .

Most Discord scams happen in a very similar way when a hacker takes a list of members from the server and then sends them direct messages in the hopes that they take the bait.

“It happens to the best of us” aren’t the words you want to hear in relation to a hack. Here are the top three things I’ve learned from my experience on how to double down on security, starting with minimizing the use of a hot wallet and simply ignoring DM links

A quick crash course in hardware wallets

After my hack I was immediately called back and I can’t repeat it enough, never share your seed phrase. No one should ask. I also learned that I could no longer give up security for convenience.

Yes, hot wallets are much more transparent and faster to redeem, but they don’t have the added security of a PIN and passphrase like they do on a hardware or cold wallet.

Hot wallets like MetaMask and Coinbase are connected to the internet, which makes them more vulnerable and susceptible to hacks.

Unlike hot wallets, cold wallets are applications or devices where the user’s private keys are offline and do not connect to the internet. Since they work offline, hardware wallets prevent unauthorized access, hacking, and typical system vulnerabilities that are likely to happen while online.

Additionally, hardware wallets allow users to set up a personal PIN to unlock their hardware wallet and create a secret passphrase as an additional layer of security. Now, a hacker not only needs to know his recovery phrase and PIN, but also a passphrase to confirm a transaction.

Passphrases are not as well-known as Seed Phrases because most users may not use a hardware wallet or may not know the mysterious passphrase.

Accessing a seed phrase will unlock a set of wallets that matches it, but a passphrase also has the power to do the same.

How do passphrases work?

Passphrases are in many ways an extension of a person’s seed phrase, as they mix the randomness of the given seed phrase with the user’s personal input to compute a completely different.

Think of passphrases as an ability to unlock a whole set of hidden wallets in addition to those already generated by the device. There is no incorrect passphrase and an infinite amount can be created. This way, users can go the extra mile and create decoy wallets as plausible deniability to prevent any potential hacks from targeting a primary wallet.

Recovery seed/passphrase diagram. Source: Trezor

This feature is beneficial for separating digital assets between accounts, but terrible if overlooked. The only way for a user to repeatedly access hidden wallets is to enter the exact passphrase character by character.

Similar to a seed phrase, a passphrase should not come into contact with any mobile or online device. Instead, it should be kept on paper and stored in a safe place.

How to set up a passphrase on Trezor

Once a hardware wallet is installed, logged in, and unlocked, users who wish to enable the feature can do so in two ways. If the user is in their Trezor wallet, they will tap on the “Advanced Settings” tab, where they will find a checkbox to enable the passphrase feature.

Trezor wallet landing page. Source: Trezor

Similarly, users can enable the feature if they are in the Trezor suite, where they can also see if their firmware is up to date and their PIN installed.

Trezor wallet landing page. Source: Trezor

There are two different Trezor models, Trezor One and Trezor Model T, both of which allow users to activate passphrases in different ways.

The Trezor Model One only offers users the option of entering their passphrase on a web browser, which is not the most ideal in the event of a computer infection. However, the Trezor Model T allows users to use the device’s touchpad to enter the passphrase or type it into the web browser.

Trezor Model T / Trezor wallet interface. Source: Trezor

On both models, once the passphrase is entered, it will appear on the device’s screen, awaiting confirmation.

The downside of security

There are security risks, even if it seems counterintuitive. What makes the passphrase so strong as a second authentication step to the seed phrase is exactly what makes it vulnerable. If forgotten or lost, assets are virtually lost.

Of course, these extra layers of security take extra time and care and might seem like a bit of a stretch, but my experience was a hard lesson in taking responsibility for making sure every asset was safe and secure.

The views and opinions expressed herein are solely those of the author and do not necessarily reflect the views of Every investment and trading move involves risk, you should conduct your own research when making a decision.