Great post here. On top of following all of this to a T, I use this software called Kerberus to protect my Metamask wallet. Basically, it just scans the sites before you connect to them to see if there is malicious code on the backend. It prevents you from connecting your wallet from a drainer site and costs me a Starbucks run per month.
Idk if I can or should drop a link to the chrome extension here but I guess that depends on the Defi Ed Team.
I just found out they’ve shifted from a subscription model to a fee-based structure. They now offer up to $30,000 in insurance if they fail to detect malicious software. Their service boasts a 99% detection rate, backed by numerous positive testimonials on their website. However, I just discovered that this new fee model applies only to specific exchanges.
Friendly reminder for everyone to use a temporary/disposable email address whenever possible and use a unique one for each service
For example, a crypto tax company had a data leak a few years back involving email addresses (can't remember which one). Scammers then know with 100% certainty you are involved in crypto, which makes it much easier to spearfish you.
Pretty sure that Trezor had a similar data leak involving email addresses.
What would you recommend doing after probably already doing all the wrong things years ago. Honestly, I assume every single piece of data on me (and most of us) is exposed so how to rectify / cover our tracks?
2) there are probably going to be some awesome farms on Hype chain e.g. stake Hype -> Hype LST -> deposit in CDP -> borrow stablecoins -> farm lending protocol or perps basis for more airdrops etc
1) no. Either just buy the spot ETFs in your brokerage account for exposure to the space, or buy the actual crypto and learn to custody it properly. Don't go in the middle for the worst of both worlds.
For spare hardware wallets (ie old Trezor version which has a passphrase and PIN) and seed phrase backups, do you hide them in a family members house or mostly keep them on you? I’ve gathered bank safety deposit box isn’t fool proof and otherwise my only other idea is burying it in the ground but then there’s risk of finding it again.
Currently auditing my project Fume with https://www.chainsecurity.com/, and considering https://paladinsec.co/. Would you say they are good and secure, also reputation-wise Any auditors to specifically avoid (I know some names that are actually detrimental getting an audit from them)?
Can vouch for Blockaid. Integrated them into our wallet the beginning of this month for transaction and message scanning. Much better chain support than Blowfish (RIP).
Burner phone with no billing records tied to you and 4/5G is a perfectly good solution. Put it in hot spot mode and connect over WiFi, don't put crypto stuff on the device itself.
Thank you for the safety reminder. Q1 about travel and mobility. Would you recommend traveling with a clean, crypto only laptop with access to some hot wallets, running VPN and AV? For some who travel a fair bit, weeks at a time, it is a conundrum as the necessity for the ability to trade is legit. Border control is always a stress. Q2. Kill MM on phone even if we never sign anything?
towards the end you speak about detecting rug pulls and how to screen for them. im a paid member but dont remember seeing that article on the BtB or DeFi Edu substack - please could you share the title of the blogpost that covers this topic?
For metamask wallets that we had previously connected to a phone can we just delete metamask or are are these wallets still at risk after removal?
Would you recommend a Trezor safe 3 or Trezor safe 5 if one has around $100,000 in Crypto?
Great post here. On top of following all of this to a T, I use this software called Kerberus to protect my Metamask wallet. Basically, it just scans the sites before you connect to them to see if there is malicious code on the backend. It prevents you from connecting your wallet from a drainer site and costs me a Starbucks run per month.
Idk if I can or should drop a link to the chrome extension here but I guess that depends on the Defi Ed Team.
Good point.
I use the Scamsniffer extension which is free. Any particular feature that Kerberus delivers that makes you opt for a paid subscription?
I just found out they’ve shifted from a subscription model to a fee-based structure. They now offer up to $30,000 in insurance if they fail to detect malicious software. Their service boasts a 99% detection rate, backed by numerous positive testimonials on their website. However, I just discovered that this new fee model applies only to specific exchanges.
Friendly reminder for everyone to use a temporary/disposable email address whenever possible and use a unique one for each service
For example, a crypto tax company had a data leak a few years back involving email addresses (can't remember which one). Scammers then know with 100% certainty you are involved in crypto, which makes it much easier to spearfish you.
Pretty sure that Trezor had a similar data leak involving email addresses.
What would you recommend doing after probably already doing all the wrong things years ago. Honestly, I assume every single piece of data on me (and most of us) is exposed so how to rectify / cover our tracks?
Thanks for another great post,
(1) looks like you guys favor Defi but would Coinbase will keep being a long term solution for normie?
(2) now hype is almost TGE, any good farm alpha?
2) there are probably going to be some awesome farms on Hype chain e.g. stake Hype -> Hype LST -> deposit in CDP -> borrow stablecoins -> farm lending protocol or perps basis for more airdrops etc
1) no. Either just buy the spot ETFs in your brokerage account for exposure to the space, or buy the actual crypto and learn to custody it properly. Don't go in the middle for the worst of both worlds.
For spare hardware wallets (ie old Trezor version which has a passphrase and PIN) and seed phrase backups, do you hide them in a family members house or mostly keep them on you? I’ve gathered bank safety deposit box isn’t fool proof and otherwise my only other idea is burying it in the ground but then there’s risk of finding it again.
Currently auditing my project Fume with https://www.chainsecurity.com/, and considering https://paladinsec.co/. Would you say they are good and secure, also reputation-wise Any auditors to specifically avoid (I know some names that are actually detrimental getting an audit from them)?
We worked with Halborn for pentesting and code review. Can’t speak on their smart contract audits but their team was very professional and competent
Thanks rabbit!
Paladin are solid, worked with them on a project I was advising and they were very professional.
Thanks iguana 🙏
How do you guys withdraw to FIAT if you are not KYC'd anywhere?
Bisq works both directions.
Can vouch for Blockaid. Integrated them into our wallet the beginning of this month for transaction and message scanning. Much better chain support than Blowfish (RIP).
Is a satellite or burner phone with data recommended for internet hot spot usage with vpn?
Burner phone with no billing records tied to you and 4/5G is a perfectly good solution. Put it in hot spot mode and connect over WiFi, don't put crypto stuff on the device itself.
Thank you for the safety reminder. Q1 about travel and mobility. Would you recommend traveling with a clean, crypto only laptop with access to some hot wallets, running VPN and AV? For some who travel a fair bit, weeks at a time, it is a conundrum as the necessity for the ability to trade is legit. Border control is always a stress. Q2. Kill MM on phone even if we never sign anything?
great post as always, thankyou
towards the end you speak about detecting rug pulls and how to screen for them. im a paid member but dont remember seeing that article on the BtB or DeFi Edu substack - please could you share the title of the blogpost that covers this topic?