Protecting your privacy and assets; Metamask wallet safety and best practices in DeFi
MetaMask is a web extension that manages and encrypts your private keys in your web browser and serves as a crypto wallet for Ethereum and ERC20 tokens, and Web 3.0. It allows you to interact with dApps (Decentralized Apps) right from your browser.
What is a seed phrase?
The use of a seed phrase is standard with crypto wallets. When you create a MetaMask wallet, you will be given your 12-word seed phrase. You can think of this like a password to your wallet backup. You will use it to restore your wallet in the event something happens to your device.
Related: Setup Ledger Hardware Wallet
Protect your seed phrase and store it on paper, engrave it on some tin, or use a specialty product like CRYPTOTAG – an almost indestructible device made just for storing your seed phrases. It is your responsibility to secure this, and there is no bank to call if you lose access. So, keep that in mind as you decide.
Privacy is the key to safety
Ideally, we would all use a separate laptop or device to use just for crypto and nothing else. Obviously not everyone can do this, so we will cover some best practices whether you use a different device or not.
Just like traditional banking, a common risk for MetaMask users is phishing attacks. It is probably not a good idea to be browsing some shady website in one tab while doing your banking in another.
Always use a VPN when doing anything crypto related. Not doing so exposes your IP address to every website you visit and potentially your physical location. This is also why you should never talk about trade size or amounts on social media. Don’t make yourself a target.
Many people in crypto have switched from Chrome to the Brave browser because they don’t want Google tracking their online activity. As an added perk, it is also faster and uses less battery than other browsers.
You can also Sandbox your MetaMask by creating a separate browser profile that is only used for crypto and has no other browser extensions installed. Simply switch back and forth between your crypto profile and your web browsing profile.
Using (and not using) MetaMask
Throughout your DeFi journey you will grant access to your wallet for many dApps. This is normal but you should only do so with websites you trust.
While granting dApps permissions is normal activity, it can be a source of vulnerability in our DeFi opsec. When you are not using MetaMask – Lock it. This is a simple operation that will greatly improve security. Go to the main account menu (the round circle) and click the LOCK button.
Revoke access at least daily. Go to the account options menu (the 3 dots) and click on CONNECTED SITES where you can see all the sites you have granted access. Revoke access for all of them. Even the ones you trust. They can get hacked too.
Related: What is DeFi
The unlimited approval problem is another issue. To improve user experience, many DeFi apps will default your spend limit to an unlimited amount so you only have to do it once. Maybe you trust them, but what if they get hacked or you fall for a phishing attack?
Another common practice is creating separate wallets for different assets. If one of your wallets is breached, they only have access to that one asset.
This guide has been geared towards the retail trader/investor and does not cover every possible attack vector. Never put more in your MetaMask wallet than you are actively using and leave the rest in cold storage. If you are moving large amounts, you might be better off exploring institutional grade solutions.
It takes a lot of time and effort to become comfortable and confident interacting directly with the blockchain. Anyone can learn if you really want to; however, if you still feel this is all too much you can use an app like Blockfolio (now FTX) that does all the DeFi behind the scenes. The gains aren’t as high, but all you have to do is make your deposit and let it happen. That’s DeFi made easy!