How to protect your wallet and NFT assets with frequent hacking incidents?

Editor’s note: Today, the well-known public chain Solana was exposed to a vulnerability incident, resulting in the theft of assets from more than 8,000 wallet addresses. At this time, everyone should pay attention to how to protect their wallets and the assets in them.


Recently, the co-founder of DeFi venture capital fund DeFiance Capital had $1.7 million worth of NFTs stolen from his personal wallet. He claims he fell victim to a phishing attack after opening a suspicious-looking email attachment that apparently came from a DeFiance portfolio company.

This attack has even affected some seasoned individuals with 5 years of crypto experience interacting with DeFi protocols using password managers and hardware wallets.

Frequent hacking incidents, how to protect your wallet and NFT assets?

Despite the hack, this is a timely reminder for all of us that hot wallets are still vulnerable to cryptocurrency hacks, especially when we are active DeFi users.

In this article, we will explore several ways to secure our crypto wallets and NFTs.

Create multiple wallets

It is technically feasible to create an unlimited number of crypto wallets to hold and custody our digital assets, although managing a large number of digital assets would become quite cumbersome. Cold wallets are a great, safe way to store our digital assets because they protect our assets offline and away from bad people or malicious computers on the internet, which means no compromise in terms of security. On the other hand, hot wallets like MetaMask and Coinbase Wallet offer more convenience at the expense of security, because when we copy and paste these wallets, these wallets are often open for hackers to steal our private keys and hollow out Our wallet creates an attack vector.

Once we have purchased a cold wallet, do not store all of our assets in a wallet tied to our online identity. This also creates an attack vector where a single security breach can drain our entire net worth.

Instead, a good practice is to create 2 levels of wallets:

  • Hot wallets (like Metamask) for daily transactions
  • Cold hardware wallet for storage (e.g. Ledger X)

Cold hardware wallets can also be further broken down into 2 sub-wallets using the same mnemonic.

  • Cold wallet address 1 for vault storage (send/receive only)
  • Cold wallet address 2 for infrequent transactions on trusted sites such as Aave

Using multiple wallets, we can ensure that we have multiple defenses against bad actors. Even if our hot wallet is compromised, our assets are still safely stored in the cold wallet.

Sign the contract carefully

We will only use hot wallet address or cold wallet address 2 to sign contracts. Cold wallet address 1 is purely for storage, and to send/receive transactions to our other wallets. When signing transactions, make sure to only sign transactions on sites we trust. A malicious contract, if signed improperly, would allow it to transfer all the assets in our wallet to another wallet – effectively draining our funds. There are many phishing sites, emails and messages that pretend to be legitimate sources and then manipulate us into signing contracts that appear to be genuine, but behind the scenes it masks the fact that we gave the contract permission to withdraw all funds from our wallets .

Phishing is one of the most popular ways hackers try to trick us. For example, we could be the victim of a targeted scam, email, or website that tricks us into signing something in exchange for a limited NFT or something. Always keep a clear head. If something is too good to be true, even a little suspicious, avoid it. Don’t take this risk. If we ever inadvertently signed a malicious document, or think we may have been the victim of a malicious document, please revoke our permission to the contract immediately.

Protect mnemonic and private key

Mnemonic phrases and private keys need to be protected at all costs. These are the gateways to our full collection of assets. Do not store our mnemonic phrases on the internet, in the cloud, in any computer files that could be compromised, whether it’s an input or a photo. There are many programs and malware that can figure out mnemonic phrases that, once detected, can be used to gain access to our entire portfolio. Likewise, don’t enter mnemonics on the computer, even if we’re using a cold wallet. Because most modern wallets (eg MetaMask) are able to import accounts from our Ledger without revealing our mnemonic.

Using a mobile wallet like MetaMask mobile or Coinbase Wallet comes with a higher risk of compromise. We never know when our phones are going to get hacked, especially when we’re traveling and connected to public WiFi or other untrusted hotspots. It is important that we should not store too much in hot wallets imported into mobile phones, as these devices have huge security risks and often lead to the total loss of our wallets.

Spread our assets across multiple wallets

The last tip is to diversify your wallet. For example, we can create two sets of hot/cold wallets for different chains to further spread the risk of being hacked. Obviously, this comes at the cost of inconvenience, but if we hold a large portfolio, it’s worth considering considering the cost of losing everything far outweighs the cost of inconvenience.

What if we think we’ve been compromised?

If we believe our wallet has ever been compromised, please take the following steps:

  • Disconnect from the network immediately
  • On a brand new device, create a new wallet
  • Import the broken wallet seed and instantly send all assets to our newly created wallet
  • To determine which assets we own, a blockchain explorer or an aggregator such as Zapper can be used to help determine

The key is to remain calm when we think we might be a victim. However, this may be too late. To preemptively detect unauthorized transactions, you can use or build a service to monitor transactions from addresses and send notifications to your own account. Hopefully these tips will help protect our crypto wallets and prevent ourselves from being hacked.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-08-03 11:22
Next 2022-08-03 11:25

Related articles