How to set up your Crypto Wallet for DeFi Safely

You’re excited because you’ve learned its possible to earn an income on your crypto assets through the decentralized finance space (DeFi). You’re exploring your options to grow your wealth through Decentralized lending, borrowing and liquidity pooling.

But before you get ahead of yourself, you need to make sure your crypto wallet for DeFi has been set up properly, and is as secure as possible.

They say building wealth isn’t about how much you make, but how much you keep. You’re working on the first part, so let’s make sure the wealth you’re building through DeFi isn’t lost.

When it comes to DeFi wallet Security: you have two enemies

DeFi allows you to become your own bank, which has benefits. You decide how to deposit, lend or invest your assets, meaning you receive the juicy upside that’s usually harvested by an expensive middleman (i.e banks).

But you also have responsibilities, one of which is security. And when it comes to security you face two enemies.

The first enemy is yourself. Or your clumsiness, rather.

Have you ever lost a password? Losing a password in the legacy financial system is no big deal. A quick phone call to customer service and a few security questions and you’re good.

But losing a password in DeFi has consequences. DeFi requires that you operate a self-custody crypto wallet, so if you lose access to your crypto wallet there ain’t no customer service to help out. Lose your password, lose your crypto.

Maybe you think this wouldn’t happen to you? Neither did a fellow named Stefan Thomas.

Stefan was early to crypto, and in 2011 he made a video about Bitcoin and was rewarded 7002 bitcoins from a cryptocurrency enthusiast. Bitcoin was worth around $1 at the time. Stefan saved his bitcoin wallet password on an external hard drive and got on with his life.

Years later the price of Bitcoin skyrocketed, and Stefan realized he was sitting on a casual $250 million dollars.

But of course; he forgot the password to his hard drive, which only allows ten incorrect password attempts before self-destructing.

Last time we heard Stefan had two password guesses left before his fortune disappears forever. Ouch.

Stefan’s story isn’t unique; It’s estimated that 20% of all Bitcoin in existence is lost. That’s hundred of billions of dollars worth. So losing your password is a real threat, despite you thinking it won’t happen to you.

The second enemy is everyone else.

…Or the growing army of ruthless online hackers who will steal your cryptocurrency if you give them the smallest window of opportunity. They are everywhere, as you’ll see.

Traditional banks have robust security departments. You don’t. Combine this with the trillions of dollars flowing through the market, and you can see why bad characters are incentivized to take their scams to the crypto-sphere. You must constantly be on the defense to survive in DeFi.

The good news is that you can safeguard your wealth against many of these problems by setting up your browsing and wallet environment for DeFi properly. And you’re about to learn just that.

How to Set up Securely for DeFi

Speculating in crypto is easy: Just buy and hold and follow a few basic security tips and you’re (mostly) safe.

Stacking crypto through DeFi requires you to move your crypto assets around from wallet to decentralized apps and back. More moving parts means more risk.

So before you do anything in DeFi, ensure your assets safety by following the three steps below. And if you’re already operating in the DeFi-sphere, use this tutorial as a way to beef up your security.

1. Secure your Device, and Passwords

Let’s start with some basic cyber security precautions, because many crypto scams and attacks take advantage of vulnerabilities in your operating system.

Run a security audit on your laptop

A virus-free device is important any day of the week, but even more so when using your computer to move valuable digital money around in the DeFi-sphere. 

So the first step is to make sure your computer is free of malicious software, virus, or any third party program susceptible to hacking. 

We’ll dive into wallets shortly, but if you plan to only use a software wallet for DeFi (like MetaMask), running this security audit is extremely important. Software wallets store your wallets private key on your device, so if your device is compromised, so is your wallet. And so is your wealth.

🤔 No idea what a private key is? read the terminology section in our guide on types of cryptocurrency wallets.

Connecting a hardware wallet to your software wallet will eliminate this risk and I’m going to urge you to do so throughout this guide. However, running a security audit on your device anyway doesn’t hurt.

To do:

Beef up your password security

If you use the same password across multiple accounts, and your password is hacked or leaked: you’re in trouble. The more of your accounts a scammer controls, the more likely they will be able to scam you.

So take this opportunity to improve your password security.

To do:

  • Sign up for password manager such as 1 password. Pay for the premium version – it’s worth the few dollars per month. If you use duplicate passwords, 1 password will warn you so you can update them.
  • Update compromised logins by checking haveibeenpwned.com (which reveals if your email or phone has been compromised via a data breach). Update these passwords immediately.
  • Delete all of your saved passwords from your web browsers.

IMPORTANT: Even though password managers like 1 password encrypt your data, you still shouldn’t store your DeFi wallet secret recovery key in your password manager to be safe.

2FA everything (but not using SMS verification)

Your password manager helps you create and save strong passwords, but this isn’t always enough. 

Your logins can still be compromised if one of the companies you hold an account with is hacked through a data breach. If this happens (and it does), your password is kaput.

Enter 2 factor authentication: a simple yet powerful second line of defense for password security. A shady character might get your password, but without physically controlling your phone with its 2FA app, they ain’t getting in.

You have a few different options for 2FA: via phone app, SMS verification, or via physical 2FA device. See the recommendations below.

But first, an important warning:

Do not use SMS verification for 2FA because it leaves you at risk of an SMS porting scam which we talk about here. Only use app based or physical device based 2FA.

To do:

  • Download a 2FA phone app such as Google Authenticator or Twilio Authy. These do the trick, but if you feel like stepping your security game up a notch use a third party 2FA device like Yubico. DON’T USE SMS AUTHENTICATION.
  • Set up 2FA now for all crypto sites (like your crypto exchanges) and any for any other major logins, like email, social networks, banking, etc.
  • Disconnect your phone number from your main email accounts*

*Once you’ve set up (non-SMS) 2FA make sure your phone number is not tied to your main email account, like your Google account. It turns out a scammer can “recover” access to your google account via your phone number through a SIM card porting scam. If this happens, your precious 2FA is obsolete. 

Disconnect your phone number from Google account
Log into myaccount.google.com/personal-info and make sure your phone number is not listed

2. Set up a Crypto only web browser

Your device is secure, your passwords are bulletproof, and you’ve set up 2FA for good measure. Now you’ll set up a safe web browsing environment specifically for DeFi. 

We’ll do this by setting up a crypto only browser and some good ol’ bookmarking.

Set up a Crypto only browser (or browser profile)

Choose a web browser that you don’t already use to be your DeFi only web browser. Don’t use this browser for anything else. Don’t log into email. No social media, no Netflix.

Don’t add any browser extensions to your crypto only browser, except for the ones suggested in this tutorial (like Metamask).

I recommend Brave, but if you already use Brave or insist on using another browser, set up a new browser profile at the very least. Follow these instructions to set up a new browser profile on Brave, Firefox, and Chrome now.

Bookmark (the real) Crypto and DeFi websites

Time for some good ol’ bookmarking but not as a time saving hack, but as a security precaution. 

Imagine it’s 7am on a Monday morning. You wouldn’t usually trade Crypto this early but today is an exception; an exciting token you’ve been watching is on sale and you want to buy the dip before you miss your chance.

You feel rushed. And tired. You haven’t had your caffeine yet and you’re already late for work so you decide to make a quick trade and grab a takeaway coffee on the way to work. You start thinking about what you’ll tell your boss. The traffic congestion story usually works.

You open up your web browser search for “1 inch exchange” and hit enter. 1 Inch is your favorite decentralized exchange aggregator, and you’ve used it many times before.

You click the first result, connect your wallet, swap your tokens, but the transaction seems to be pending. Network activity must be high. You rush off to work expecting your transaction to complete before you arrive.

As you sit at your desk, your colleague Jimmy announces that token you guys were talking about last night just tripled. Which was the token you just bought. Hooray!

But you never bought it; you just sent money to a crypto scammer through a fake, malicious versions of the 1 inch exchange website. These exist, look:

search engine showing two 1 inch exchanges websites
Hmm. Which one is the correct one?
Fake 1 inch exchange website
Something is not right. Can you see it?

What gives it away? The button on the page had a spelling error. Funny how scammers do all the work to get a malicious site ranked, but forget to use spell check before shipping  ¯\_(ツ)_/¯

Hiding amongst the search engine results and ads lie malicious rip-off websites posing as popular crypto websites. These websites mostly look real, but they were created with one goal: to steal your data and or crypto. 

And they are everywhere! This is why we bookmark our DeFi websites. If you don’t, it’s only a matter of time before you have an encounter with one. The scammers behind these websites take advantage of the split second you let your guard down.

Don’t give them the chance. Bookmark every crypto website you plan to use right now. It only takes an extra few minutes, but could save you a fortune.

3. Set up a secure cryptocurrency wallet for DeFi 

You bought cryptocurrency from an exchange and its sitting in your account. You’re using the exchange’s online custodial wallet.

To participate in DeFi you’ll need to withdraw your cryptocurrency from the exchange and deposit it into your own self-custody cold wallet. Doing so will allow you to interact with decentralized applications known as Dapps while retaining a high level of security.

Step three will show you how to safely set up and connect a software wallet to a hardware wallet and record your recovery keys. If you’re new to cryptocurrency wallets read this guide for a refresher: types of cryptocurrency wallets.

If you haven’t already set up your wallet you may be excited to rush so you can ape into DeFi and reap the rewards of being early.

meme of apes getting excited about lambos in crypto
Settle down tiger

Slow down. I can’t overstate the importance of setting up your DeFi wallet properly. Mistakes when setting up your wallet could put you in the same ‘hall of fame’ as our friend Stefan from earlier who owns $300m in crypto but can’t touch it.

The next few steps will walk you through setting up a DeFi wallet that can interact with Dapps while being as secure as possible.

Set up a throwaway email (optional)

When you order something online, like book for example, you follow a process that you’ve followed many times. Add to cart, enter personal details (name, address, phone), click purchase. You don’t give much thought to privacy, because who cares if someone knows you ordered a book? (unless you’re ordering naughty books)

But privacy matters when ordering something like a crypto hardware wallet online. Imagine if you were doxxed, and a bad character intercepted this order data? They know your name, address and phone number. And since you ordered a crypto wallet they assume you own enough crypto to take security seriously.

This would not be good.

And this scenario became a reality in 2020 when the most popular crypto hardware wallet brand in the world (Ledger) suffered a data breach leaking customer data information of over 250,000 customers. Ouch!

The hacker sold this data on the dark web. Scammers bought this data and got to work. 

Life as a ledger data breach customer got hairy. They became spear-phishing targets (the target of a personalized phishing attack). They where bombarded with a huge amount of malicious emails and SMS messages. Strangers on the internet even threatened them.

If I was on this list, I would have worried about hooded thugs appearing in my street carrying $5 wrench’s. I would have shut down my email, changed my phone number and moved to a new neighborhood.

Sounds terrible, right?

I doubt Ledger will make this mistake again, as this lesson in customer data security almost ruined their reputation. 

But you can never be too safe, so here are a few extra steps for peace of mind. Before you order your Crypto hardware wallet:

  • Set up a throwaway email address (like Proton mail)
  • Open a local PO box

Doing so will keep your identity safe in the event of a future data breach.

Order a hardware wallet

Order a hardware wallet now, as it might take a few weeks to arrive based on your location. We recommend Ledger.com or Trezor.io, but there are a few more options here.

IMPORTANT: only ever order from the manufacturer’s website. Shopping around for a better deal on hardware wallets might come with catastrophic ‘hidden costs’. See the poisoned hardware wallet scam below.

Wait…do I really need a hardware wallet?

Over the few steps you’ll set up and sync a software wallet called MetaMask with the hardware wallet that you just ordered.Yes, you’ll be setting up both a software and hardware wallet.

This might leave you wondering if you can save a hundred bucks on the hardware wallet and just use a software wallet.

You can just use a software wallet like Meta Mask alone to participate in DeFi. But this comes with risks that are not worth taking. Connecting a hardware wallet is not compulsory, but it’s highly recommended, as it will add an extra layer of security to your crypto wallet. If you want to understand how, read our FAQs.

Order a wallet secret recovery phrase backup tool

Another optional but strongly recommended tool to order now is a secret recovery phrase backup tool. In reality this is a steel product that you can use to make words. Let me explain. 

When setting up your crypto wallet, you’ll be given a secret recovery phrase that will help you restore your wallet on a new device in the event your wallet is lost, damaged, or stolen. 

If you lose this phrase, you lose your crypto.

Sure, you can record this phrase on paper, and most wallets come with a paper template to allow you to do so. But is it really worth the risk? No, not its not.

Order a safer recovery phrase backup tool now, like crypto steel or the Billfodle multi-shard tool. Here’s a list of a few wallet backup recovery tool options to choose from.

Once your hardware wallet and crypto steel have arrived, continue on to the next step.

Set up and connect a software wallet (Meta mask) to your hardware wallet

You have a hardware wallet and some type of crypto steel in your hands.

Download and install Metamask.io and install it onto your crypto only browser we set earlier. Triple check that you’re installing the correct Metamask software otherwise you might fall victim to a rotten software wallet scam.

Follow this tutorial to set up Metamask:

Now connect your hardware wallet. Follow this tutorial if you’re using Ledger:

Or this tutorial if you’re using Trezor:

You’ll be given your secret recovery key when setting up these wallets. Follow the next step carefully.

Record and store your secret recovery phrase properly

Your wallet’s secret recovery key phrase is generated when setting up your hardware wallet. You have two important decisions to make here: how and where you store your recovery phrase.

We already covered the how earlier when we urged you to order your crypto wallet recover seed phrase backup tool. If you haven’t already done that, go back and do it now.

Lets talk about where to store your recovery keys. Or rather, lets not talk about it because this should be your little secret. Ultimately only you can answer the question of where to store your recover phrase backup. Many crypto fortunes have been lost due to terrible planning here, so let me offer you a few simple tips:

  • Make multiple copies, and store them in different locations.
  • Don’t store your secret phrase on your computer, in your phone, or on the cloud. You’re one virus or hack away from disaster.
  • Consider storing your recovery phrase in multiple locations, and splitting up your secret phrase if possible using a multi-shard backup tool.

You are your biggest enemy when it comes to keeping your recovery keys safe, so take some time to backup and store them properly. You’re only limited by your imagination. 

Final thoughts

If you followed the steps above, you’ve just set up a safe and secure environment for DeFi, and are ready to put your crypto to work.

While most of your DeFi work should run through your a cold wallet, you’ll still need other wallets for your crypto journey, so make sure you read or guide on how to set up a tiered crypto wallet system.

And finally; don’t let your guard down just yet; the risk of loss loss in crypto is omnipresent so make sure you’re aware of these ongoing DeFi security best practices, and keep an eye out for these common crypto wallet scams.