Oct 9th, 2022 - 12:32 pm
We believe part of the key of success in Web3 is to minimize your risks when it comes to protecting yourself against your own carelessness, tiredness or… “inebriated-ness?”. In Web3 it is easy to make a mistake, but difficult, and usually impossible to undo them. As our contributor @KFX likes to say "In Security, we have to get it right every time, but the scammers only need to get it right once!
You'll see some beautiful flow charts and infographics that suggest 5 or even 7+ wallets. However, we think the risks mitigated with these models are too few to justify their cognitive expense. You're more likely to get confused and have “transaction anxiety” than feel any safer with 7 wallets! So let's keep it simple, where should we start? I should start off by saying that all of these wallet addresses can, and probably should, be from the same hardware wallet. Need help setting up a hardware wallet? Check out this article if you are on the fence about buying one, or need help getting over that anxiety of finally moving your assets over there!
This is a wallet address where you go to “untrusted sites” with. Got a new degen mint coming up? Use the Mint Wallet. A friend suggest you mint a new project? Use the Mint Wallet. So what is it? A wallet that you only use on untrusted sites that keeps a very low amount of money in it, and nothing valuable. The second the assets in the minting wallet become valuable, you then send it to one of the other two wallet types (described below) for selling or safe keeping!
The idea here is that you have low-trust operations being done from the wallet with the least amount of assets to lose. You can be a little bit more reckless with a wallet that only has 0.1ETH in it, than a wallet that has everything you own!
Untrusted Site: An untrusted site is merely just a site that isn't tried and true marketplaces or sites that have been around in web3 for a long time with millions or even billions of dollars worth of commerce transacted on their platform. In some wallet models (including the 5 wallet address model) folks have a “Degen Burner wallet”, which sometimes is used on a separate browser, or even a separate computer, for maximum isolation from potential threats, but we believe this to be largely unnecessary. These Degen wallets are to connect to the most dangerous of the dangerous websites, by totally unproven and untested founders. Our solution to this instead of to provide our community and readers with the tools to diligence their projects effectively (future article link here!)
Sites that are tried and true, like Opensea, Looksrare, x2y2, Foundation, or any other sites that have been around a long time that you trust, are usually where this wallet sticks to. I like to refer to this wallet as the “Bookmarks wallet”, as all the sites that you go to with this, should be bookmarked!
In This wallet you should:
And You should never:
Some trusted bookmarks I have here in the image below (yes I know there is Rarible, some Dexes, superrare, and a bunch of others I could put here, but let's look past that for now, eh?)
The Vault Wallet is a simple concept: Keep your high value assets that you don't plan on selling (but may still want to verify your ownership safely) here. Also, you should limit the transaction types that you do on this wallet. The idea is to make this wallet do only two things.
You should only:
You should not:
A lot of folks have anxiety over doing signatures on sites like Collab.Land, Premint, TokenProof, etc. However, with a setup like the one outlined below, you should be completely safe to sign (gasless) messages/signatures.
Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .