Dodging DeFi Disaster — OpSec Basics
TradFi to DeFi is a networking hub, project incubator, talent connector, mentorship provider, and opportunity maximizer for the DeFi enthusiast, whether new or experienced. Every Friday at 3 pm EDT, we host an open mic round table, where we discuss DeFi (decentralized finance), how it intersects with traditional finance, and where we see this whole thing going. This article briefly summarizes the topics of our latest discussion. Want to join us? Check out the links below!
👾 Discord | 💌 Telegram | ⭐️ Twitter | 💼 LinkedIn
Safety First — An Important Lesson
Fraud remains an unfortunate part of our financial reality. Many of us have felt its effect firsthand — you check your bank account and notice a charge that doesn’t seem quite right, only to discover a trail of fraudulent activity. In the traditional financial industry, these instances present a frustrating experience. Nevertheless, individuals have recourse. In most situations, the financial institution replaces any lost funds and re-secures the impacted user’s accounts with no charge to the affected client. After some phone calls, paperwork, and explanations, most users can be made financially whole.
In crypto and DeFi, things are very different. Often referred to as a financial wild west, there exists significant potential pitfalls for new users that can result in a complete loss of funds when interacting with crypto and DeFi products. With no support number to call, impacted users must absorb the total loss of their assets — there remains only an infinitesimal chance for users to recoup their lost capital. As one might imagine, this potentially disastrous learning curve serves as a detriment to wider industry adoption.
In this week’s Weekly Wrap Up call, the TradFi to DeFi community explored several important concepts regarding securing your crypto assets and outlined some important ways to keep you and your funds safe. Let’s dive right in!
Whose Key is it Anyway?
The first concept we’ll consider rests at the heart of keeping your funds safe. Whenever a user creates a new cryptocurrency wallet, a pair of keys are intrinsically associated with that given wallet. Known as the key pair, this duo represents a core feature in public-key cryptography and serves as a cornerstone in crypto and DeFi. Without getting into the technical weeds, these two distinct strings of numbers and letters respectively represent a public key and a private key.
As the name suggests, users can safely share the public key of any wallet without risking the security of their funds. You can think of a wallet’s public key like your residential address. It differentiates your owned property from others and allows anyone who knows it to send you things. However, this knowledge alone doesn’t allow someone to control your property. Let’s alternatively conceptualize public keys using a traditional financial example. Think of the public key like a PayPal handle — anyone who knows your handle can send you funds, but they can’t control the actual funds in your wallet!
Now let’s explore the other side of this equation — the private key. A wallet’s private key allows any user with knowledge of the said key to take full control of that wallet! Think of your crypto wallet’s private key as your bank account, security questions, and your debit card’s PIN all wrapped into one. Anyone with a wallet’s private key can move funds at will from that wallet, thereby making securing your wallet’s private key a crucial aspect of securing your funds. A good rule of thumb: NEVER share your private key!
Some applications alternatively issue a seed phrase, generally consisting of a string of twelve to twenty-four human-readable words. This seed phrase serves as a more human-friendly version of a private key and generally prompts users to also enter a custom password for further security. Treat any seed phrase like a private key! Both represent an essential tool for accessing your wallet. Best security practices entail treating any leak of your private key or seed phrase as a security breach. If this happens, then users should create a fresh wallet and promptly transfer their funds.
Building Your Crypto Fort Knox
The first step to protecting your digital assets entails developing day-to-day security habits that minimize the chances of losing your funds. Many custodial crypto companies now require or at least prompt their users to set up two-factor authentication software on their mobile devices to protect their accounts. This process entails entering a series of numbers generated on your mobile device that change after a short, preset time frame. Two-factor authentication makes it much more difficult for hackers to access your account without your mobile phone. Currently, Google and Microsoft offer the most popular two-factor authentication apps on the market.
One of the best ways to protect your crypto assets is to take them offline entirely using a hardware wallet. These tools are physical devices that allow users to move their funds to a secure environment that isn’t actively connected to the internet. In this way, hardware wallets protect users’ digital assets from certain attack vectors, such as compromising the user’s computer network. Some popular examples of hardware wallets include Trezor and Ledger. Both popular hardware wallet companies are known for their excellent operational security practices and customer service.
Remember a time before these pesky electronic devices permeated every aspect of our daily lives? If you harken for simpler, tangible times, you can record your wallet’s seed phrase on a physical piece of paper and store it in a fire-safe location. Some individuals prefer to keep their paper private keys in their home safes, while others opt for a safety deposit box at their local bank branch. Both options offer some peace of mind when considering your ability to back up your wallet.
Putting it All Together
Keeping your private keys and seed phrases completely private, utilizing two-factor authentication, and securing your funds via hardware wallet all present excellent opportunities. Using these tools lets users minimize the risk of financial exploitation in the rapidly expanding financial wild west we call DeFi. While the process can appear intimidating, these represent accessible steps that allow users to take their financial security into their own hands. The initial intimidation gives way to empowerment as users learn how to secure their funds and grow to understand the intersection of financial literacy and operational security.
Finally, let’s wrap things up on a personal level. Securing $5000 does not look the same as securing $5 million. Users with only a few hundred dollars on Coinbase should absolutely set up two-factor authentication as a low-cost option for maximizing the security of their funds. Users with $5 million might want to seek the assistance of a well-known custodial entity to assist them in securing their wealth. While using a dedicated hardware wallet might not be the best move for small holders, its importance grows with a portfolio’s size. At the end of the day, how much crypto you have in your wallet remains a significant consideration regarding how you approach securing your funds.
The TradFi to DeFi community contains several individuals with deep industry knowledge as it pertains to operational security. This write-up only scratches the surface of the dynamic and educational daily discussions occurring in the Telegram and Discord communities. If you’re a diehard DeFi denizen or just casually crypto-curious, drop in and say hi! We’re all learning and growing together, and we’d love to hear your story.
