Minting the latest projects can be really exciting. You’ve been following the project for months, your friends are talking about it, and the countdown timer has it ready to go live in just a few minutes… But are you ready to mint safely? Unfortunately most people are two preoccupied getting ready to mash the mint button to think about what could go wrong. So here’s an easy guide for how to protect yourself against malicious websites.
There are two key factors in determining the safety of your assets:
- How secure is my private key? Can someone, somehow get access to it?
- What happens if I interact with a malicious contract? Can it trick me into signing away my assets?
Our key principle: You need to remember that it’s BOTH the wallet you use AND what you use it for that determines its safety.
Our goal: Create an easy to use system for keeping important assets away from malicious software while maintaining the flexibility to move quickly on exciting mints.
| Needs to be able to send quickly? | Connects to various sites to operate? | Requires funds in it for the long term? | Suggested Solution | |
| Minting / Selling | Yes | Yes | No | Software Wallet (Like Metamask) |
| Storage | No | No | Yes | Hardware Wallet |
Storage
Before we get into minting or selling your tokens, let’s talk about the best way to store everything before and after the mint. We’re going to leverage the idea of “Cold Storage” to keep all of it safe.
For cold storage, we’re going to use a hardware wallet and we’re only going to use it for very specific purposes. Here are some examples of tried and true hardware wallets:
Sending to Cold Storage
Sending tokens or NFTs to your cold storage can take place from anywhere you hold assets. You can move them from a centralized exchange like Coinbase or Binance or from another wallet, like your hot wallet. Once they’ve arrived in your cold storage wallet, there is no considerable risk that them being there has compromised the rest of your cold storage. You should feel comfortable sending things like ETH, ERC20 tokens, or NFTs into your cold storage from your own other wallets.
Sending from Cold Storage
This is where we need to be extremely careful. While your hardware wallet is much better at making sure your private keys are safe, they do not protect against interacting with malicious contracts or sites. This is why the most important rule of a cold storage wallet is that you never connect it to a website. Once you do, you may accidentally give permission to that site and its smart contracts to use your or take your tokens.
The only way you should move funds from a cold storage wallet is via a safe-to-use desktop application built for that wallet. For example, Ledger wallets have the companion Ledger Live application. Make sure you have the verified copy from Ledger and use that to move any of your assets.
Reasonable times to send from cold storage back to your hot wallet
- When you’re trying to sell an asset
- When you’re trying to get funds to your hot wallet for a mint
Minting / Selling
In the heat of moment, you’re going to want a hot wallet. This is a wallet that you create and use specifically for minting and selling assets. It should be empty 99% of the time. When a mint is coming up or you’re ready to sell something that’s in your cold storage, that’s when you move assets into your hot wallet.
I recommend Metamask for most hot wallet needs. It’s compatible with most sites and works as a lightweight chrome extension.
Interacting from a Hot Wallet
Your hot wallet, at any given moment, should only hold funds you intend to use right now. Going into a mint? Have your ETH at the ready. Ready to sell an NFT you’ve been holding, only put the NFT and a bit of gas. This doesn’t protect you from a malicious site, but it does limit your downside in case you make a mistake.
There’s a lot of people out there who have made a mistake and had all of the assets taken from their wallet. It’s awful. While you might interact with that same site, your downside is only what you’ve put in your hot wallet. Own 10 Bored Apes and looking to sell 1? Only put 1 in your hot wallet. The other 9 remain safe and sound in cold storage.
Once you’ve done what you need to do with your hot wallet, remove the relevant assets back to cold storage. It’s an extra step and it can cost gas, but consider it insurance. If you believe what you own is valuable, protect it. And with gas prices where they currently are, it’s probably the cheapest insurance you can find.
Conclusion
This is the simplest setup one can have to keep their assets safe. Hold your assets in cold storage to keep them safe. Never let cold storage touch unknown software. Limit your downside with a hot wallet.
In case you wanted to supercharge your security, here are a few bonus tips or additional options:
- Use a different hot wallet for each interaction. Once you’re done and have moved abc to cold storage, discard the hot wallet. They’re free to use assuming you’re using a software one! You also never have to worry about the keys getting lost since you only used it for a few minutes.
- Create different “warm” wallets for each asset you’re selling. If you somehow get phished into using a malicious exchange or site when trying to sell it, then no worries. The downside here is private key management, but if you use a solution like a Ledger for these wallets, you can create more and more wallets off of a single private key.
- Learn a bit about smart contracts and read the source of the ones that you’re interacting with. Head to Etherscan and find the contract that you’re going to be minting from. Check if it’s verified and read through the code. Look to see if there’s a mint() function (or something named similarly, like publicMint(), etc.) and try to follow the logic. You should see it include code like _mint(msg.sender, tokenId). In addition, make sure that when you do the actual mint, the address you’re interacting with matches the contract you checked!
In case you want to easily move tokens between a hot and cold wallet, you can use Omnisender. It lets you batch send tokens and NFTs to multiple addresses so that if you just minted a bunch of NFTs or splitting assets to a few different wallets, you can do it in a single transaction. It can also save you some of the gas fees as well. Follow me on Twitter for more articles and to reach out!