8 minsPublished on 1/27/2023

How to keep your crypto safe in DeFi

The DeFi space has its share of bad actors. Learn the essential steps to keep your crypto safe and secure here.

By Sankrit K

DeFi is still in its early stages. While it has created a wide array of new services, such as decentralized finance protocols, lending services, decentralized exchanges, and derivatives markets, there have also been some bad actors seeking to exploit the nascent industry. 

For perspective, the 2022 Crypto Crime Report by Chainalysis revealed that more than $3 billion worth of cryptocurrency was stolen in 2021 (a 6x increase from the previous year), much of it through DeFi projects. Since the onus of keeping crypto safe in DeFi is entirely on the users, most people who lost their funds never got them back.

As new opportunities arise, so do the risks of scams and fraud. Being aware of these risks is essential to having a safe experience with decentralized finance.

In this article, we walk you through how you can keep your digital assets safe in the budding world of decentralized finance. 

How safe are hot wallets for storing your assets?

Hot wallets are connected to the internet, making them vulnerable to hackers who can steal your coins. While they're great for transactions and day-to-day usage, hot wallets are not recommended for long-term storage.

If you must use a  hot wallet, you should therefore choose one that is known to be reliable, and should make sure to always keep your private key safe.

A graphic saying "Not your keys, not your coins"

Keep in mind that most hot wallets also rely on central entities for transaction verification. They use APIs from companies like Alchemy and Infura. The information fetched from these APIs is deemed to be trusted, and the wallets execute the transaction without actually confirming with the mainnet.

There are two types of hot wallets:

  1. Custodial

  2. Non-custodial

Custodial hot wallet

A custodial hot wallet is a hot wallet in which your private keys are stored by a third-party provider. For instance, when you buy cryptocurrency through centralized exchanges like Binance or Coinbase, the assets are still technically under the control of the exchange.

An illustration differentiating custodial and non-custodial wallets.
While custodial wallets allow a third party like a crypto exchange to manage your private keys, non-custodial wallets give you full control over your private keys and digital assets.

The exchange acts as a custodian of your assets by retaining the private key of the wallet where the assets are stored. While you have the freedom to perform actions like trading or transferring, the custodian could still access your funds if need be.

The FTX debacle is a prime example of this, where users lost over $10 billion because the exchange's developers were able to utilize user funds for other means without them knowing about it.

Non-custodial hot wallet

A non-custodial hot wallet is a hot wallet in which you hold your private keys. The provider does not have access to your funds, and you can transact freely without any hindrance or interference from a third party.

These types of hot wallets are great if you want to engage in day-to-day crypto activities like trading, sending, and receiving. Some of the most popular non-custodial hot wallets are MetaMask, Trust Wallet, Exodus, and Phantom.

An illustration of the differences between custodial and non-custodial wallets

When creating a new wallet, the software generates a "secret recovery phrase" (also known as a “seed phrase” or “mnemonic phrase”). This is a 12- or 24-word list, derived randomly from a  pool of 2048 words, that gives access to your digital assets.

Even though they’re technically safer than custodial hot wallets, non-custodial  hot wallets are not the best option if you are holding large funds and do not transact very frequently. Since they live on your mobile or browser extensions, hackers could theoretically get backdoor access to your funds.

How safe are cold wallets for storing your assets?

Cold storage involves storing your crypto offline in either physical or digital form. It is the way to go if you're looking for a secure way to store your crypto for the long term.

Storing in a physical form means your private keys are written on paper (also called a "paper wallet"). This method of storage makes it impossible for hackers to get to your private keys.

In most cases, however, a hardware wallet is stored on an external device similar to a USB drive and does not connect to the internet. This is the most secure way to store cryptocurrencies, but there is some compromise in terms of ease of use.

Another layer of security that almost all cold storage wallets offer is something called “mechanical keys.”

Digital hardware wallets need to be plugged into a device like a computer and connected to the web in order to execute transactions. If the computer is compromised, assets could be hacked. With mechanical keys, however, this is not possible, as the transaction would only get approved if the user physically clicks the keys (a button on the hardware device).

To learn more about wallets, read our guide How to choose a crypto wallet

How to evaluate the security of a wallet

Hardware wallets are an excellent option for storing large chunks of your holdings. But since they, too, rely on code and electronics, how do you gauge their security and reliability?

Certifications are one way to evaluate a wallet's security. The most popular security certification for hardware wallets is the Evaluation Assurance Level (EAL).

EAL is a process in which independent third-party agencies assess the security of wallets by testing and certifying them against various attack vectors. There are seven levels of EAL certification. A higher level of EAL, such as EAL 5+, means that the wallet has been tested against a variety of different attack types on multiple levels.

A table showing seven EAL levels and what they mean.
There are seven levels of EAL certification

Below is a list of popular hardware wallets and their corresponding EALs:

A table of hardware wallets and their EAL certification levels.

How to move your cryptocurrency into cold storage

The most important thing to keep in mind is that the cryptocurrencies you hold may reside on different blockchains. What this means is that you will have to use a different public address. Sending your cryptocurrency to the wrong public address may result in you losing your funds forever.

For example, if you try to send BTC to a public address on the Ethereum blockchain, then your Bitcoin can no longer be retrieved.

You can move your cryptocurrency from anywhere into cold storage in just three simple steps:

  1. Configure your hardware wallet 

  2. Obtain the public address

  3. Use the public address to withdraw

Configure your hardware wallet

To begin moving your cryptocurrency from exchanges or hot wallets to cold storage, you must begin by first configuring your hardware wallet to receive the particular cryptocurrency.

An illustration showing the movement of cryptocurrency coins
Moving your cryptocurrency to a hardware wallet improves security

Most popular hardware wallets also have a user-friendly app that can be downloaded for free. For example, Ledger Live is the app used to interact with Ledger hardware wallets.

You will have to go to these apps and configure them to support the crypto you wish to store. We recommend that you refer to the instructions provided by your wallet manufacturer to configure them, as the process differs for each wallet.

Obtain the public address

After configuring your wallet for the desired network (blockchain), you will get the corresponding public address. Note down this public address or copy it to your computer's clipboard.

Use the public address to withdraw

Next, head over to the exchange from where you want to withdraw your funds, go to your wallet, choose the “Withdraw” option (or other similar alternative) and paste the public address. Exchanges may send a One Time Password (OTP) to your registered email address and phone number to verify that you are the one executing the withdrawal. 

Once confirmed, your funds will be deposited in your hardware wallet.

Other important security options

Keeping your cryptocurrency in cold storage is the safest way to store it.

But what if you need an even better solution? You may have lots of assets, for example, or you and a group of people need to share control over a single wallet.

In these cases, Hardware Security Modules (HSMs), Multi-Signature (Multi-Sig) wallets, and Multi-Party Computation (MPC) wallets are the way to go.

Hardware Security Modules (HSMs)

Hardware Security Modules (HSMs) are specialized hardware designed to securely store cryptographic keys, and are used in servers that host the wallet. They are a preferred enterprise option used by organizations, financial institutions, and governments worldwide.

Multi-Signature (Multi-Sig) Wallets

Multi-Signature (Multi-Sig) wallets are wallets that require multiple signatures from different key holders in order to execute transactions. Multi-Sigs are ideal for large organizations and companies.

Multi-Party Computation (MPC) Wallets

Multi-Party Computation (MPC) wallets require multiple users to authorize transactions. These wallets use a distributed computing protocol to generate private keys and create digital signatures for multiple parties.

Concluding thoughts

Navigating DeFi safely is a learning curve. With the right guidance and research, you will be able to keep your blockchain assets safe from the hands of bad actors.

By using a hardware wallet, enabling two-factor authentication, and regularly monitoring your transactions, you can greatly reduce the risk of your crypto being compromised. Additionally, it is important to only use reputable and well-vetted DeFi protocols or exchanges.

Keeping your seed phrase safe is the most important step that should not be overlooked. It is a good practice to write it down on a piece of paper and store it in a safe place, or use a seed phrase backup device.

Begin your DeFi journey with MoonPay

You can safely begin your cryptocurrency and DeFi journey with MoonPay. To get started, simply buy cryptocurrency via MoonPay using your credit card or any other preferred payment method.

Sankrit K
Written bySankrit K