The Complete Trust Wallet Security Guide

2022-06-22

Main Takeaways

  • The most important thing you need when investing in crypto is a secure crypto wallet that can effectively prevent hackers.

  • A non-custodial wallet like Trust Wallet does not own users’ private keys or assets. It’s a safer option to ensure full ownership of your funds as long as you take good care of your secret phrases. 

Disclaimer: This article is meant to provide general guidance to help protect Trust Wallet users from scammers. It should not be taken as financial advice, and Binance Blog is not responsible for your investment decisions or funds.

So you’ve bought some Bitcoin (BTC) and Ethereum (ETH), where should you keep them? Securing your coins is of utmost importance when investing in crypto. Otherwise, your funds could fall victim to hackers or scammers, and you could lose all your money. In this article, we will look at the best practices for keeping your funds SAFU and show you examples of some common scams to avoid.

What Are Crypto Wallets?

Contrary to popular belief, crypto wallets don’t actually store cryptocurrencies. They are tools that you can use to connect to blockchain networks. Crypto wallets generate the necessary information to send and receive digital assets via blockchain transactions. These transactions are done through the use of public and private keys. Public keys are used to generate wallet addresses, which you can share with others when you want to receive crypto. The private key is like your password, and is used to create digital signatures and verify transactions. The private key must be kept secret.

Typically, when setting up a wallet you will be given a twelve-word secret phrase that is unique to each individual crypto wallet you hold and should never be shared with anyone. It is linked to your private keys and should be written down and stored securely offline. Your private keys are cryptographic codes linked to your public keys and are used to verify transactions. Due to the architecture of crypto wallets, in many cases, you won't be required to directly interact with your private keys as the wallets usually process them automatically. Typically, your access to your private keys will, more often than not, be through your secret phrase. Your private keys are represented to you in the 12-word secret phrase you will receive when you open a wallet; they are your PIN number effectively and would also be used to recover/access your wallet should you lose your phone, for example. 

There are two main types of crypto wallets, software wallets and hardware wallets. Software wallets are accessible via apps installed on a hardware device such as a phone or laptop. It is advisable to use secure, encrypted apps such as Trust Wallet when looking for the best wallets to use. Software wallets allow you to govern your crypto through internet connectivity and fall under the category of 'hot wallets.' 

Trust Wallet and MetaMask are two of the most popular software wallets on the market.

On the other hand, hardware wallets enable you to manage your portfolio through a hardware device and store your private keys offline. Digital signatures are made “in-device” (offline) before being broadcast to the network via your laptop (the internet-connected device); these are known as 'cold wallets.' 

You can learn more about different types of crypto wallets from Binance Academy. 

What Is Trust Wallet?

Launched in November 2017, Trust Wallet is a non-custodial mobile multi-chain crypto wallet and your go-to wallet for Web3 access. You can use Trust Wallet to access more than 4.5 million digital assets, including cryptocurrencies and NFTs, and fiat currencies.

Trust Wallet also has a wide range of functionalities beyond holding funds. You can easily access 66 blockchains like BNB Chain and connect to popular DApps, such as PancakeSwap and SushiSwap, with the built-in DApp browser. In addition, you can buy, swap, and stake your digital assets in the Trust Wallet app. 

One of the unique selling points of Trust Wallet is that it is a non-custodial wallet. This means you fully own your private keys and your assets on the blockchain. Unlike web extension wallets, your secret phrases are encrypted and stored on your phone only. Most importantly, Trust Wallet doesn’t have any access to your funds. It is the safest option for your funds as long as you take good care of your secret phrases

Check out our Academy article on Trust Wallet, including how to use it and its unique features.

How to Secure Your Trust Wallet?

Now that you’ve opened your Trust Wallet. More power (the ownership) comes with more responsibilities. The next step is learning how to keep your funds secure. Some tips include: 

1. Never share your secret phrases or private keys with anyone

Your funds are only as secure as the method by which you store your secret phrases. They protect your wallet from any unauthorized access. Never share them with anyone and always keep them in secret and secure offline locations.

2. Always keep a backup of your secret phrases 

Remember, always keep backup copies of your secret phrases. In the event that your phone is broken, stolen, lost, or the Trust Wallet app is accidentally deleted, you will be able to restore your wallet using the secret phrases. Note that there’s no reset or recovery process — if you lose your phrases, you lose your funds.

3. Keep a copy of your secret phrases offline in a secure location 

Storing your secret phrases online, such as in cloud services, means that hackers could still get their hands on your funds. On the contrary, writing your secret phrases down on paper is among the safer options, as long as you keep them in a secure place. You may also consider making multiple copies, in case you lose one of the papers. Using engraved metal or fireproof envelopes are also good options.  

4. One wallet, one secret phrase

In some cases, it may be possible to use the same secret phrase on different wallets – do not do this. The best practice is to always use a unique secret phrase for each wallet. This ensures hackers can’t get their hands on all of your wallets using the same secret phrase. 

5. Keep it cold, keep it hot 

Divide and protect your assets using cold storage and hardware wallets to store more significant amounts of crypto. You can use secure and decentralized hot wallets like Trust Wallet for daily trading needs and storing smaller amounts of crypto.

6. Stay updated from the official Trust Wallet channels

Trust Wallet staff will never message you directly for any promotions or giveaways, or ask you for your secret phrases or private keys. When in doubt, always refer to the official Trust Wallet channels to confirm the other party’s identity and never share any personal information with them. 

We do not recommend installing Trust Wallet on rooted devices as they could contain malware. Make sure you always download the app from the official Trust Wallet website and confirm that you're using the official site before downloading any app.

Common Cryptocurrency Scams and How to Avoid Them

As more people invest in cryptocurrencies, scammers keep finding more ways to take advantage of those new to the space. Here we’ll identify some of the most common crypto scams and precautions you can take to avoid them.

1. Fake websites and mobile apps

On top of the list are fake websites and mobile apps. They are easy to overlook if you’re not being careful. Typically, scammers will post URLs that look almost identical to the real ones and invite you to click. If you do, you could be redirected to a fake website and asked to log in or install a malicious app. Everything might seem to work as intended, but once you log in, the app’s malware could steal your personal information, login credentials, and even private keys and secret phrases. Scammers could then transfer your cryptocurrency out of your wallet easily.

You should also pay attention to the websites and DApps you’re connecting your wallet to. Do not give them access to your private keys or permit them to do so. Signing transactions or messages from malicious websites and interacting with malicious DApps might authorize transfers of your assets to scammers.

Tips to reduce risk:

  • Check the exchange’s official website to verify whether they have a mobile app. If so, download it from the official link on their website.

  • Bookmark your frequently visited domains and official websites. Sometimes search engines can mistakenly display malicious ones to you. Always check the URL of the websites you’re visiting before logging in or connecting your wallet.

  • Activate 2FA for your accounts. This doesn’t guarantee 100% security, but 2FA is much harder to bypass than simply using a password. It can make a huge difference in protecting your funds, even if your login credentials are phished.

You may refer to this article for more examples of common mobile device scams

2. Fake customer support

Scammers might also pose as support staff on social media like Twitter, Reddit, or Telegram and message you. For example, they may tell you that your account has been “compromised” and you’ll need to send your funds to a “temporary” wallet while they resolve the issues. But once you make the transfer, your crypto could be compromised.

If you see a customer support DM, text, or email from a crypto exchange or wallet that you’re using, don’t panic. Ignore it and contact the business or person via official channels to verify their identity. Remember, nobody needs to know your private keys or secret phrases. If they ask you to share them, it’s highly likely that they’re scammers posing as customer support to steal your funds.

3. Fake giveaways

The number of giveaways on social media nowadays is significant. You may have seen crypto companies or influencers doing giveaways for free crypto. However, if they ask you to send them your money first, it’s highly likely a scam. Chances are you’re sending funds to an address owned by the scammer, and once you do, you probably won’t be able to contact them anymore.

Typically, legitimate giveaways never require you to send your own crypto to enter. If someone asks you to send them 1 BNB for a 10x return, the best way to handle is to just ignore it.

4. High APY projects

DeFi projects often provide a high yield for staking to attract users. The idea is that users lock their crypto into smart contracts and liquidity pools. In return, they will be rewarded a portion of the project’s newly minted tokens, which can then be traded on crypto exchanges for profits. 

High APY certainly looks attractive, but as the crypto rule of thumb goes: always DYOR (Do Your Own Research) before investing. DeFi scams are abundant. We’ve seen projects that withdraw users’ funds from the liquidity pools and disappear, and some that dumped the new tokens on the market, resulting in the token price going to zero.

Most DeFi projects are open source. While talented developers can make changes to the protocol to improve the project, it also means that the projects are more prone to bugs or fraud if someone decides to exploit them. You could separate a proper project from a scam by checking the purpose of the project, the team behind it, development activities, token roadmap, and its smart contract audits. Check out this Academy article to learn how to identify DeFi scams

Learn more on how to spot and avoid common cryptocurrency scams from Binance Academy.

What to Do If You’ve Been Compromised 

In the unfortunate event that your Trust Wallet is compromised, we recommend doing the following to protect yourself:

  • Report the incident to the customer service team on the Trust Wallet official website. This will help other users to stay alert as well.

  • Create a new wallet from a secured device and move your funds out of the affected wallet. Remember to store your new secret phrases and private keys in a secure location.

However, due to the nature of blockchain transactions, stolen funds are hard to trace and unlikely to be recovered. Once transactions are confirmed on the blockchain, they are irreversible. As Trust Wallet is a non-custodial wallet, it doesn’t hold users’ private keys and doesn’t have access to their funds. 

Closing Thoughts

We hope this article helps you understand how to secure your crypto wallet and prevent risk through various recommended steps. Crypto is an exciting space, and like many industries that cause focus and attention, it also raises the interest of bad actors. Be conscientious, do your own research, and try to use wallets and exchanges that have customer service teams. By following the advice in this article, you are already mitigating risk and increasing the safety of your investments with Trust Wallet.

Disclaimer: Cryptocurrency investment is subject to high market risk. Binance is not responsible for any of your trading losses. The statements made in this article are for educational purposes only and should not be considered financial advice or an investment recommendation.