Choosing a cryptocurrency storage location
All crypto is stored on the blockchain, and cryptocurrency wallets are essentially programs that interact with it. In other words, crypto wallets provide you with an interface to interact with the blockchain.
Wallets can be custodial or non-custodial.
In a custodial wallet, private keys are stored and managed by a third party on your behalf. In other words, the owner does not have full control over his funds and cannot sign transactions.
Non-custodial wallets are completely autonomous. Only the owner can manage the balance. To access such wallets, a private key and seed phrase are required, which the user must store securely.
In turn, custodial and non-custodial wallets are divided into two types: cold and hot.
A cold wallet is a wallet that does not have a permanent connection to the Internet. The connection to the network is carried out only for a few seconds at the time of the actual transaction.
A hot wallet is a wallet that is constantly connected to the Internet.
Exchange wallets (custodial, hot)
These are exchange wallets: Binance, Huobi, Bybit, Coinbase, etc. The peculiarity is that the funds lying on the exchange do not belong to you, but to the exchange - you only use the exchange with your virtual account.
How to protect a custodial, hot wallet in the example of the Binance exchange?
Email. It is best to use a separate email for the exchange
Use a strong password. It is advisable to generate and store it in a password manager
Add a list of wallets allowed for withdrawal in the "Security" section
2FA - two-factor authentication.
Add anti-phishing code for emails.
When working with your wallet, use incognito mode. This way you will minimize the list of extensions added to the browser and avoid saving data.
Mobile wallets (non-custodial, hot)
Wallets with online access - Trust Wallet, Metamask, etc. They are non-custodial, do not require KYC, and only the owner has access to the account.
How to create a wallet:
Download applications to your mobile phone from the AppStore or Play Market.
Go through a short registration, receive a seed phrase of 12 words and write it down on paper.
What to do to protect your funds:
Do not leave the seed phrase and private key on electronic media. Information can be transferred manually onto a sheet of paper.
Do not share your seed phrase with third parties.
Check the links you follow to connect your wallet.
Always check the transactions you confirm.
Application updates must only be done through official websites or application stores.
Never use your main wallet for random interactions with contracts that you do not trust.
If you still have to do this, always check what exactly you are signing: for example, whether there is an approval for allowance (this will empty your wallet) or proxies that may hide the mentioned function.
You can check contracts on the following sites:
https://revoke.cash/
https://zapper.fi/revoke
https://app.unrekt.net/
https://cointool.app/approve/eth
https://etherscan.io/tokenapprovalchecker
https://bscscan.com/tokenapprovalchecker
https://polygonscan.com/tokenapprovalchecker
https://debank.com/
Having received Approve, the contract can spend any amount within the issued permission!
Hardware wallets (non-custodial, cold)
Cold wallets (hardware): Ledger, Trezor, BitLox, SafePal, etc. These wallets are used in physical form, connected via USB or bluetooth to a computer.
What is the advantage over hot wallets?
In order to hack a hot wallet, intervention in the virtual environment is sufficient. There are a great variety of hacking tools, ranging from keyloggers (programs that read text entered on the keyboard), viruses, Trojans, exploits and ending with social engineering. As for the hardware device, these conditions are not enough, since an external device with its own operating system is added to the virtual environment. It turns out that even by hacking your computer, an attacker will not be able to steal money.
Physical confirmation for each transaction. When making each transaction, the owner must enter a special password for approval.
How to protect yourself from asset loss
Buy wallets only from authorized dealers.
It is strictly not recommended to buy a used one, as the device may be hacked.
Store your seed phrase only on paper.
Loss protection. Non-custodial wallets use the Bitcoin improvement proposal BIP39. The master password is encoded into a convenient form - a seed phrase, which can consist of 12, 18 or 24 words. Thanks to this, if you lose your device, you can restore your account in any wallet through a seed phrase.
How to safely transfer cryptocurrency?
We recommend that you go to settings and add frequently used sending addresses to your address book, as well as any other sites that you use on a regular basis, so that you don’t have to look for them in a search engine every time, as the risk of running into a phishing site increases
Do not transfer your funds to strangers who promise you account promotion, insiders with coins, financial pyramids, where without doing anything they will increase your deposit. This is all a scam, by transferring funds you lose them forever
How to recognize fraudulent sites?
We download wallets only from official sites, such as:
https://metamask.io, https://trustwallet.com
Always check the project domain if you need to connect your wallet.
When initially placing a project: Check the white paper (technical map), fame of the developers, aggressive marketing or not, other basic information
Viruses, third-party software, spam mailings, free tokens
Spam mailings and third-party interference are also frequently used tools. Let's go through the most basic ones:
Do not follow the links that you receive by email claiming to update the metamask application or that you need to enter KYC (Passport data). All of these are also fraudulent sites that do everything to get a gullible user to enter their seed phrase
Here is one example of a fraudulent mailing:
When downloading anything from the Internet, you also run the risk that the file will contain a Trojan or stealer that copies everything you have in your computer memory and later your accounts can be cleaned out by attackers.
How to protect yourself:
Protect your account with two-factor authentication. If your account is protected in this way, then a stolen login and password will not be enough to log into it
Do not download anything from dubious sites or pirated sites. Attackers know people's desire for free things and take advantage of it
Use reliable antivirus programs if you are using the Windows operating system.
Always update your software. This is doubly true for important programs. Attackers use known holes in the security system and through them send Trojans to your computer to do their dirty work.
Spam mailings can also be sent to your wallet in the form of free tokens:
Why is this necessary?
They create some kind of token with a similar name to expensive projects, encouraging the user to try to sell this token. You can only sell it on the cybercriminals’ website, and by connecting a wallet to sell these tokens, you also allow the rest of your tokens to be used.
It is very important, every time you sign any permission in Metamask, to expand the contract to see what exactly you are giving permission for. Exclusively for one token or for the entire portfolio as a whole!
*Which stemcoins are more reliable: USDT, USDC, BUSD and DAI
Due to recent events, a huge wave of mistrust has now hit stablecoins.
After Terra Luna crashed and their stablecoin UST was untied at 99% of the dollar, people began to lose trust in algorithmic stablecoins, causing USDD (Tron) and many others to unplug.
After this, the largest stablecoin USDT (Tether) showed a decrease of 4%
Against this background, the volumes of USDC and BUSD increased by an average of 20%, which showed a clear flow of funds.
There are currently 4 major stablecoins on the market: USDT, USDC, DAI and BUSD. And USDC is fighting for leadership with USDT
Tether (USDT) is one of the most famous and popular coins among crypto investors. Every dollar in USDT is backed by USD, which is stored in Tether reserves and can be received in exchange for project tokens.
USDC - Issuer of “Circle Internet Financial”. The company claims that the token is fully backed by cash and short-term US Treasuries and is beginning to act as a premier stablecoin that can be used to short other stablecoins.
BUSD is issued by Binance in partnership with Paxos and is regulated by the New York State Department of Financial Services and undergoes monthly audits. BUSD is centralized, Paxos is responsible for issuing and burning coins, which does not entirely comply with the principles of digital currencies, and is also strictly monitored and regulated; in case of suspicious activity, the balance may be frozen.
It is important to remember: it is beneficial for Binance and Circle to remove Tether from the market so that their influence on the market becomes even greater and there is at least some advantage over FTX and Alameda (which simply absorb companies on the verge of bankruptcy due to a strong market decline).
**It is also impossible not to mention DAI - a stablecoin issued by the decentralized MakerDAO platform on the Ethereum blockchain. In other words, the DAI token is a stablecoin, that is, a digital analogue of the dollar, but, unlike it, it is decentralized and not controlled by anyone.
The DAI rate is stabilized by the Target Rate Feedback Mechanism (TRFM), an automatic algorithm that provides price regulation and maintains the rate at approximately $1 with minimal deviations. The TRFM mechanism is activated when the stable price deviates from the target value, in order to then restore it.
The current supply of DAI is 2/3 backed by centralized stablecoins, for which a bear market is not so bad.