Metamask safety and best practices in DeFi
Protecting your privacy and assets
By Wendy’s Whitepaper contributor @LibertyRaider
For daily news, reviews, and educational content on all things crypto subscribe to CryptoWendyO on YouTube, and follow on TikTok and Twitter
MetaMask is a web extension that manages and encrypts your private keys in your web browser and serves as a crypto wallet for Ethereum and ERC20 tokens. It allows you to interact with dApps (Decentralized Apps) right from your browser.
Follow the guide to installing MetaMask on their website and be sure to backup your seed phrase. It is also highly recommended to connect a hardware wallet to your MetaMask.
Read Dragonwolftech’s guide to Ledger Nano S
What is a seed phrase?
The use of a seed phrase is standard with crypto wallets. When you create a MetaMask wallet, you will be given your 12-word seed phrase. You can think of this like a password to your wallet backup. You will use it to restore your wallet in the event something happens to your device.
Protect your seed phrase and store it on paper, engrave it on some tin, or use a specialty product like CryptoSteel – an almost indestructible stainless-steel device made just for storing your seed phrases. It is your responsibility to secure this, and there is no bank to call if you lose access. So, keep that in mind as you decide.
Privacy is the key to safety
Ideally, we would all use a separate laptop or device to use just for crypto and nothing else. Obviously not everyone can do this, so we will cover some best practices whether you use a different device or not.
Just like traditional banking, a common risk for MetaMask users is phishing attacks. It is probably not a good idea to be browsing some shady website in one tab while doing your banking in another.
Always use a VPN when doing anything crypto related. Not doing so exposes your IP address to every website you visit and potentially your physical location. This is also why you should never talk about trade size or amounts on social media. Don’t make yourself a target.
Many people in crypto have switched from Chrome to the Brave browser because they don’t want Google tracking their online activity. As an added perk, it is also faster and uses less battery than other browsers.
You can also sandbox your MetaMask by creating a separate browser profile that is only used for crypto and has no other browser extensions installed. Simply switch back and forth between your crypto profile and your web browsing profile.
Using (and not using) MetaMask
Throughout your DeFi journey you will grant access to your wallet for many dApps. This is normal but you should only do so with websites you trust.
Read Sherpa’s guide to spotting scams
While granting dApps permissions is normal activity, it can be a source of vulnerability in our DeFi opsec. When you are not using MetaMask - Lock it. This is a simple operation that will greatly improve security. Go to the main account menu (the round circle) and click the LOCK button.
Revoke access at least daily. Go to the account options menu (the 3 dots) and click on CONNECTED SITES where you can see all the sites you have granted access. Revoke access for all of them. Even the ones you trust. They can get hacked too.
The unlimited approval problem is another issue. To improve user experience, many DeFi apps will default your spend limit to an unlimited amount so you only have to do it once. Maybe you trust them, but what if they get hacked or you fall for a phishing attack?
Check your spend limits on Token Allowance Checker or UnRekt.
Another common practice is creating separate wallets for different assets. If one of your wallets is breached, they only have access to that one asset.
This guide has been geared towards the retail trader/investor and does not cover every possible attack vector. Never put more in your MetaMask wallet than you are actively using and leave the rest in cold storage. If you are moving large amounts, you might be better off exploring institutional grade solutions.
It takes a lot of time and effort to become comfortable and confident interacting directly with the blockchain. Anyone can learn if you really want to; however, if you still feel this is all too much you can use an app like Voyager that does all the DeFi behind the scenes. The gains aren’t as high, but all you have to do is make your deposit and let it happen. That’s DeFi made easy!
If you found this helpful, feel free to follow me on Twitter @LibertyRaider or toss a few shekels in the tip jar.
BTC: bc1qzq3res0wkltm6j05l33qvl0fe87sk86h2mafjy
DOGE: DSLFG8yGjCzfqecyndcuMDBjbmbk4woeTP
Wendy’s Whitepaper Disclaimer: Please be advised that I own a diverse portfolio of cryptocurrency assets, and anything written or discussed in connection to cryptocurrencies– regardless of the subject matter’s content– may represent a potential conflict of interest. I wish to always remain transparent and impartial to the cryptocurrency community, and therefore, the content of my media is intended FOR GENERAL INFORMATION PURPOSES ONLY. Nothing that I write or discuss should be construed, or relied upon, as an investment, financial, legal, regulatory, accounting, tax, or similar advice. Nothing should be interpreted as a solicitation to invest in any cryptocurrency, and nothing herein should be construed as a recommendation to engage in any investment strategy or transaction. Please be advised that is in your own best interests to consult with investment, legal, tax, or similar professionals regarding any specific situations and any prospective transaction decisions.
I’m not clear what sandbox means when you say”You can also sandbox your MetaMask” so creating a Brave account for just crypto is a wiser choice to maintain a better level of let’s say security?
Thanks Wendy- this is VITAL information!!