Worried about crypto security? Read this!

Please, I beg you all, you must properly secure your tokens! DO IT NOW! It's heartbreaking every morning to wake up and see 2-3 posts here about OP losing all their tokens. This could be life changing money, and hackers are coming after it. Here is a simple guide, please follow it!

Rule #1: Just keep your tokens on a trusted exchange until you have a proper security protocol in place

For some, this could be forever. If you don't want to purchase and manage a hardware wallet (see below) or use a smart wallet like Argent (see below), then this could be a good alternative. Yes, you have centralization risk, so you need to be careful which exchange you use. I use Coinbase as my on/off ramp, and overall I think it's a solid choice. Kraken is probably fine. You need to do your research and choose what is right for you. But if you have no security system for proper self-custody, better to keep your tokens on an exchange until you do.

Rule # 2: Get a hardware wallet

When you move your tokens off your exchange, they should almost certainly go to your hardware wallet. However, it's important you really understand how your HW wallet works. You need to invest 1-2 hours minimum into reading and watching videos on how to manage your HW wallet!

This includes how to create and manage your seed phrase. Never, ever store it on-line, for example. And no, 1Password is not necessarily safe, just ask many LastPass users who are losing their tokens because of a hack of LastPass (not 100% confirmed, but highly likely).

Which HW wallet? There are many good options. I use both Trezor and Ledger. There are other good options. Take the time and do your research.

Rule #3: Consider a smart wallet (Ethereum)

Ethereum users have great options in smart contract wallets like Argent. Argent, as a smart wallet, does not use a seed phrase. They have a system of "guardians" that is more user friendly for most. Guardians are a type of "multi-sig" security that require multiple approvals before transactions are processed. There are also safe ways to "DeFi" within the Argent wallet: purchase and stake ETH, swap on Uniswap, etc.

The beauty of smart contract wallets like Argent is you get simplified wallet management without the need of managing seed phrases, and you retain full custody of your tokens. I recommend Argent to all my friends and family, when I know they won't invest the time in learning how to properly manage a HW wallet.

Note: of course as software, you have smart contract risk with Argent. But the solution is battle tested, software is fully open source, etc. I think it's solid, it's why I recommend it to family and friends. But do your own research.

Rule #4:: Use Safe by Gnosis (Ethereum)

This is how I secure 90% of my tokens in crypto. Safe is a Godsend. It's a multi-sig solution that requires multiple wallets to approve a transaction, based on a threshold level you set up. So, for example, if you have a 2/3 multi-sig threshold, you will define which 3 wallets can use your multi-sig. And for each transaction, 2 of those 3 wallets are required to approve. You need to make sure each wallet uses a different seed phrase, obviously. But when set up correctly, Safe is incredibly valuable. This is how most protocols in DeFi secure their treasuries, btw. Billions of dollars are secured by Safe!

Safe gives you many advantages:

1. With a 2/3 threshold, a hacker would need to hack 2 of your wallets simultaneously before you realized what was happening. This is almost impossible! If one wallet is compromised, you can use your other 2 "good" wallets to remove it from your Safe multi-sig, and replace it with a new wallet.
   
2. You can add a partner, close friend, family member, lawyer, etc. to the multi-sig. This way, if anything happens to you, your family has a way to access your crypto. For example, a 2/4 multi-sig, where you control 2 wallets, your wife has a 3rd, your lawyer has the 4th. If you die, your wife and lawyer can approve transactions. But only when they both approve.
3. Because each transaction requires multiple approvals, it's safer! For example, if you want to send money to Alice, you must first initiate the transaction in one wallet. But the tokens won't be sent to Alice until the 2nd wallet also approves. So you can review the transaction closely with the 2nd wallet before sending. Yes, it's slower, it requires 2 steps. But this is a feature, not a bug!
4. You can choose which wallet pays gas fees. So in a 2/3 multi-sig, only 1 of those wallets would need to hold any tokens to pay gas.
5. Safe is available on most EVM chains. I use it on Ethereum mainnet and Gnosis Chain. Note that each Safe has a completely different address! So if you set up Safe on Ethereum mainnet, that Safe wallet address will not work on Arbitrum. You need to create another Safe on Arbitrum, etc. Again, educate yourself on how it works, it's not difficult, but invest a bit of time!

Safe is a great tool that is criminally underutilized within Ethereum crypto. There are similar solutions on Solana, e.g. Squads.

You do have smart contract risk with Gnosis. But again, it's battle tested, open source. And tbh, if Safe is hacked, Ethereum is done. Almost every DeFi protocol has their treasury in Safe, most whales, too (Vitalik uses Safe, for example).

Rule #5: If you DeFi, you must practice good wallet management (Ethereum)

Diversification is key! Never keep too much money in any one wallet account! Even with great security, if you click on a bad link, or use a hacked protocol, you can lose all your money within that account. How to avoid this? You can't, but you can minimize the risk:

1. I always set up a new wallet account when interacting in a new DeFi protocol. If you have a HW wallet, you can have multiple wallet accounts linked to that same wallet. Use them! Use a fresh, new account for the new protocol. And when you finish farming, providing liquidity, whatever, you can stop using that account, transfer all tokens out.
2. Use proven DeFi protocols like Aave, Uniswap, CowSwap, Curve, etc. Of course, this isn't a guarantee! We saw that with the Curve hack (the hacker actually went after Vyper, not Curve, but that's a long story). Still, you are much, much safer when you stick to proven protocols. If you want to use a new, unproven DeFi application, definitely set up a new wallet and isolate your money there.
   
3. Save links you use in DeFi, avoid going to Google to search for a protocol. If you do, be very careful you are not clicking on an Ad that takes you to a corrupted site. When I go to a new site for the first time, I triple check I have the right address. I find the protocol on Twitter, I check DeFi Llama (a great resource), etc. Only when I'm 100% sure do I bookmark the link in my browser.
4. Use smart wallets like Argent (above). They limit the protocols you can use in DeFi to some degree (the ones baked into their app), but the risk is greatly minimized.
5. Use "Revoke Cash" to revoke permissions you previously set up within DeFi. Bookmark this site, and check it occasionally. If you learn you need to revoke a permission, do it from Revoke Cash, and never click on a link to get to Revoke Cash! Always use the link you saved in your browser that you know is 100% correct. One common hacker technique is to claim on Twitter a protocol is hacked and say you must revoke permissions quickly, while including a corrupted link in their tweet. If you have Revoke Cash saved, you should never have to click on any other links.
6. There are many more rules here, I can't write everything... Bottom line is to educate yourself and go slow, never jump into anything in DeFi without doing proper research. When in doubt, don't....

What other tips did I miss? Best practices you use with your crypto? Curious what else I'm missing.

Good luck everyone. Stay safe!