Jan 18•8 min read
Bitcoin was invented with inherent security qualities to provide financial freedom to individuals. The blockchain’s principles of cryptography, decentralization and consensus provide trustless transactions and a financial system that’s almost impossible to hack. However, true financial independence ultimately requires self-custody of your own assets, and the responsibility of taking the steps necessary to keep your crypto safe.
Recent events remind us of how important it is for crypto users to stay vigilant. Through the first quarter of this year, the Federal Trade Commission reported over $329 million in crypto stolen through fraud. Even just this month, we’ve seen headlines of various attacks including Slope wallet on the Solana blockchain, and most recently Nomad Bridge losing a devastating $190 million due to security exploits.
The good news is that it’s surprisingly easy to take a few simple steps to keep your assets secure. In this article, we take a look at the best ways to take charge of your crypto and keep it safe.
Blockchains can vary in their level of security based on their consensus mechanism. According to a recent report by Kraken Intelligence, “Blockchains should generally adhere to a PoW mechanism if they want to retain the ethos of crypto: decentralization and security.” Since Bitcoin’s Proof-of-Work “PoW” consensus is the most secure, certain categories of attacks are not economically feasible on the blockchain.
Currently there are very few protocols existing directly on Bitcoin. However, there is an entire economy of platforms secured by Bitcoin via Stacks, the largest and fastest-growing Web3 project on Bitcoin. Stacks uses a unique consensus mechanism called proof of transfer (PoX), which anchors blocks to the Bitcoin chain and recycles the hash power of Bitcoin. Therefore a wallet like Xverse which is built for Bitcoin and Stacks offers higher security by using a more secure foundation.
Custodial wallets like centralized exchanges and CeFi platforms (Coinbase, Binance, BlockFi, Celcius, etc.i) are more susceptible to login attacks, data leaks and social engineering attacks. While these platforms require the least technical effort, you do not control your private keys and must entirely entrust that entity with your crypto. Furthermore, assets held in a custodial wallet can be locked if the company becomes insolvent or bankrupt, leading to a complete loss of your assets. Hence the mantra, “Not your keys, not your coins.”
For these reasons, a majority of crypto holders use self-custodial wallets in order to have 100% control of their assets. With Xverse, you are essentially your own bank, meaning no confirmation is needed from a third party for transactions and withdrawals.Your private keys are encrypted by default, never leave your device and are never shared with anyone, including the Xverse team.
While you may have already heard this recommendation many times, we can’t emphasize enough how important it is to backup your secret recovery phrase. Self-custodial wallets like Xverse do not ever have access to your secret recovery phrase. Therefore, it is your responsibility to keep this backed up: keys lost equals money lost. If you ever need to move your wallet between devices like a phone and desktop, or change to a new device if your phone breaks or gets lost or stolen, you will need to use this phrase to restore your wallet.
Keeping your secret phrase off your devices prevents someone from stealing them if they can get into your phone or computer. For this reason, we strongly recommend you write down your phrase offline (ideally engraved on metal), make a copy, test them to ensure you’ve written them down correctly, and keep them locked in a safe place like a safety deposit box (or two!).
Software wallets (Xverse, Metamask, Phantom) are free, easy to download, offer quick access to your crypto without repetitive withdrawal fees and the ability to interact with a blockchain ecosystem. For example with Xverse, you can seamlessly access Bitcoin Web3 dApps, mint Bitcoin NFT’s and even earn a BTC yield in a stacking pool. However, it’s best practice not to put all your eggs in one wallet.
Hardware wallets (Ryder, Ledger, Trezor) are good for an extra step of security for your most treasured assets. This is because the device is not connected to the internet, and therefore impossible to hack remotely. It’s important to purchase hardware wallets directly from the manufacturer — not Amazon, not second-hand — in order to avoid owning a “poisoned” wallet which has been opened and tampered with.
With the lightning-speed development of Web3 technology comes the opportunity for exploits. Regular security audits from an outside firm help wallets assess which system components could be compromised and ensure they are configured correctly.
Xverse partners with Least Authority, a top software auditing firm trusted by technology companies worldwide to verify the controls in place and check for any vulnerabilities. Through constantly working with experts and withstanding emulated attacks, users can rest assured that Xverse is protected from any vulnerabilities.
A multi-signature “MultiSig” wallet enables users to co-own their assets. Rather than one person being in control, security can be spread across multiple users by requiring two or more signatures to initiate any transaction. The more keys needed to execute a withdrawal, the more difficult it will be for a hacker to compromise the wallet or treasury.
Furthermore, you’ll need to have a MultiSig wallet if you want to share assets with family members, create a DAO or issue payroll for a Web3 enterprise. To this end, Xverse is partnering with MultiSafe, to offer MultiSig accounts. Soon with a few taps, users can create a MultiSig vault to keep assets safe and assure mutual accountability.
It’s essential to use a strong password combining upper and lower case, symbols and numbers. Since this is tedious to manually type when accessing your wallet, Xverse supports native biometric logins on all devices for convenient access. Setting up biometric authentication allows users to open their wallets and sign transactions with the convenience of one tap. However, for best security, we recommend using a strong password.
Another way Xverse can help keep your crypto safe is through “post conditions”. These are safety conditions that can be added to transactions and are unique to the Stacks chain. When the execution of the transaction breaks one or more conditions, the entire transaction will be rolled back. For example, in an NFT mint transaction, post conditions can be added to ensure that you spend less than X STX and will end up owning a specific NFT asset. This prevents loss due to errors in the smart contract or simply a malicious contract. Xverse makes post conditions clear and readable on all transactions that have them, so you can make sure the transaction is safe before confirming.
Phishing scams have become sophisticated in recent years, particularly on popular Web3 community platforms like Discord and Twitter. These can often occur in the form of identity compromise and even fake ads, websites or lookalike apps. For this reason, it’s critical to adhere to the mantra, “don’t trust, verify,” and ensure you are not clicking on a malicious webhook. Double-check URL’s. If you receive a text, email or message through a social media platform requesting your secret recovery phrase, this is a phishing scam.
As much as wallet software can protect you from theft and loss of funds in the metaverse, people are often still vulnerable in the physical world. Letting people you don’t trust know you own crypto is a bad idea. There’s nothing software can do when you’re faced with the threat of violence. Only share your crypto ownership with those you fully trust.
That’s it! You’ve empowered yourself with the knowledge to keep your crypto safe, avoid scams and navigate self-custodial finance with confidence. And you now know the finer points of why Xverse is the safest hot wallet around, designed to withstand software attacks and offer the highest level of security possible.
As your gateway to the Bitcoin Web3 ecosystem, Xverse is the most advanced, user-friendly wallet to explore DeFi applications, the NFT economy, and other Web3 utilities built on Stacks and secured by Bitcoin. Download the app today on the Apple App Store or Google Play store, and get started with the next generation of personal finance.