We believe part of the key of success in Web3 is to minimize your risks when it comes to protecting yourself against your own carelessness, tiredness or… “inebriated-ness?”. In Web3 it is easy to make a mistake, but difficult, and usually impossible to undo them. As our contributor @KFX likes to say "In Security, we have to get it right every time, but the scammers only need to get it right once!

Three Wallets For Success & Safety

You'll see some beautiful flow charts and infographics that suggest 5 or even 7+ wallets. However, we think the risks mitigated with these models are too few to justify their cognitive expense. You're more likely to get confused and have “transaction anxiety” than feel any safer with 7 wallets! So let's keep it simple, where should we start? I should start off by saying that all of these wallet addresses can, and probably should, be from the same hardware wallet. Need help setting up a hardware wallet? Check out this article if you are on the fence about buying one, or need help getting over that anxiety of finally moving your assets over there!

The Mint Wallet Address

This is a wallet address where you go to “untrusted sites” with. Got a new degen mint coming up? Use the Mint Wallet. A friend suggest you mint a new project? Use the Mint Wallet. So what is it? A wallet that you only use on untrusted sites that keeps a very low amount of money in it, and nothing valuable. The second the assets in the minting wallet become valuable, you then send it to one of the other two wallet types (described below) for selling or safe keeping!

The idea here is that you have low-trust operations being done from the wallet with the least amount of assets to lose. You can be a little bit more reckless with a wallet that only has 0.1ETH in it, than a wallet that has everything you own!

Untrusted Site: An untrusted site is merely just a site that isn't tried and true marketplaces or sites that have been around in web3 for a long time with millions or even billions of dollars worth of commerce transacted on their platform. In some wallet models (including the 5 wallet address model) folks have a “Degen Burner wallet”, which sometimes is used on a separate browser, or even a separate computer, for maximum isolation from potential threats, but we believe this to be largely unnecessary. These Degen wallets are to connect to the most dangerous of the dangerous websites, by totally unproven and untested founders. Our solution to this instead of to provide our community and readers with the tools to diligence their projects effectively (future article link here!)

The Marketplace/Sell Wallet Address

Sites that are tried and true, like Opensea, Looksrare, x2y2, Foundation, or any other sites that have been around a long time that you trust, are usually where this wallet sticks to. I like to refer to this wallet as the “Bookmarks wallet”, as all the sites that you go to with this, should be bookmarked!

In This wallet you should:

• Only make Approvals to trusted platforms
• Only make Signatures on trusted platforms (unless they are simply identity signatures as described here).

And You should never:

• Make any transactions on non-bookmarked and trusted sites.

Some trusted bookmarks I have here in the image below (yes I know there is Rarible, some Dexes, superrare, and a bunch of others I could put here, but let's look past that for now, eh?)

The Vault Wallet Address

The Vault Wallet is a simple concept: Keep your high value assets that you don't plan on selling (but may still want to verify your ownership safely) here. Also, you should limit the transaction types that you do on this wallet. The idea is to make this wallet do only two things.

You should only:

• Do Plain-text Gasless signatures 
• Transfer/Send/Receive ETH/Tokens 

You should not:

• Make Approvals of any kind
• Sign Permit Signatures or ETH_SIGN
• Do Any Smart Contract Interactions (especially on untrusted sites!)

A lot of folks have anxiety over doing signatures on sites like Collab.Land, Premint, TokenProof, etc. However, with a setup like the one outlined below, you should minimize the risk of losing your assets by running around web3 signing everything with a wallet address that contains highest value assets. Additionally, most highly trusted websites leverage something called Wallet Delegation, which allows you “delegate” a wallet that ISN'T your Vault wallet, to attest ownership of assets in the vault wallet address without having to connect it to these sites. Learn more about Wallet Delegation here.
 

Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .