degensyntaxdegensyntax
$blog / wallet-safety-basics : [wallet, security]
FIELD_NOTE

Wallet Safety Basics

Foundations for custody, hygiene, and threat modeling

4 months ago

This is the minimum system I recommend before you touch Solana memecoins, new mints, or unknown dApps.

Why this matters

Most people don’t lose funds because some elite hacker targeted them personally. They lose funds because they were rushed, distracted, or didn’t have basic safety rails in place. Wallet safety is less about paranoia and more about having a system that limits how much damage a single mistake can do.

If you follow nothing else in this guide, follow the separation rules. Everything else is defense-in-depth.

The threat model (in plain terms)

Most losses are not traditional “hacks.” They usually come from:

  • Signing a malicious approval or delegate transaction
  • Connecting a hot wallet to a sketchy or spoofed website
  • Reusing the same wallet for everything (funds + experimentation)
  • Getting socially engineered into “verify / claim / upgrade” flows
  • Clicking phishing links that look official but aren’t

Assume this: any site, mint, or airdrop can be hostile by default until proven otherwise.

The 2-wallet setup (non-negotiable)

This is the single most important rule.

1. Vault wallet (cold / hardware)

  • Used for long-term holdings
  • Preferably a hardware wallet
  • Never connects to random sites
  • Never signs experimental transactions

This wallet’s job is to sit quietly and do almost nothing.

2. Burner wallet (hot)

  • Used for experimentation
  • Memecoins, mints, airdrops, new dApps
  • Actively connects to sites

Rule: the burner wallet should never hold more value than you can afford to lose completely.

If it gets drained, you shrug, rotate, and move on.

Hot wallets vs hardware wallets

  • Hot wallets (browser wallets) are convenient but exposed to:

    • Malicious extensions
    • Phishing sites
    • Malware or clipboard attacks

  • Hardware wallets keep private keys offline and:

    • Prevent silent signing
    • Force physical confirmation
    • Greatly reduce catastrophic failure

If you can afford one, use a hardware wallet for your vault. Long term, this is not optional.

Seed phrases & private keys (absolute rules)

  • Never share your private key or seed phrase with anyone
  • No legitimate support will ever ask for it
  • Do not store seed phrases in:
    • Screenshots
    • Cloud notes
    • Email drafts
    • Internet-connected password managers

Best practice:

  • Write it down physically
  • Store it offline
  • Keep backups in secure, separate locations

If someone has your seed phrase, they own your wallet. Period.

Signing discipline

Every signature is potentially dangerous.

Before approving anything:

  • Read the domain, not the logo
  • Double-check URLs (spoofs are common)
  • Be extremely cautious with approvals like:
    • setApprovalForAll
    • Unlimited delegate permissions
  • Treat every signature as a possible transfer of control

If you don’t understand what you’re signing, don’t sign it.

Social engineering is the real boss fight

Common traps:

  • “Verify your wallet to fix an issue”
  • “Claim before deadline” urgency
  • Fake Discord or Telegram support DMs
  • Emails pretending to be wallet providers

Rules:

  • Don’t click links from emails or DMs
  • Navigate to official sites manually
  • Verify support accounts through multiple sources
  • Slow down — urgency is a red flag

When in doubt, assume it’s a scam.

Browser & device hygiene

  • Use a dedicated browser profile for crypto
  • Install as few extensions as possible
  • Keep your OS and browser updated
  • Avoid public or shared computers
  • Never enter seed phrases on a machine you don’t fully control

Your wallet security is only as strong as the device you’re using.

Routine safety checklist

Make this boring and habitual:

  • Rotate burner wallets regularly
  • Revoke wallet permissions periodically
  • Review connected dApps
  • Keep vault and burner completely separated
  • Re-evaluate risk before every new mint or dApp

Final mindset

You don’t need to be perfect.
You need blast-radius control.

Assume mistakes will happen — design your setup so they’re survivable.

If you can’t afford to lose it, it doesn’t belong in a hot wallet.

Stay slow. Stay skeptical. Stay solvent.