Security is of paramount importance when using DeFi or Web3 applications, especially in non-custodial platforms like Eve Exchange, where you are solely responsible for the safety of your funds. Although our smart contracts are audited, Eve Exchange provides no guarantee as to the safety of trading on the protocol, and cannot be held responsible if an attacker gains access to your wallet(s).
To ensure the security of your assets, we encourage all users to employ diligent security practices.
MetaMask is a valuable tool for interacting with decentralised applications, but it's essential to understand that it's a hot wallet and susceptible to attack. If your MetaMask wallet holds significant funds, take these precautions:
- Stay informed about potential risks and be vigilant against malware, phishing attempts, and accidental exposure of private keys.
- Regularly backup your wallet and remember to sign out when not using it or when away from your device.
Below we provide some of our top security tips that are based on years of experience and could help you bolster your personal security practices - for more basic security practices please seek out reputable educational materials/courses (there are plenty available online).
- Create a dedicated trading-only user account on your computer and install premium antivirus protection, a firewall, and, if possible, an anti-keylogger. Avoid using this account for activities like email, social media, games, or chat applications.
- Consider using a brand new cold storage wallet, such as a Ledger, exclusively for trading activities. Keep the recovery key/phrase in a physical fireproof safe, written down on paper (do not take photos or screenshots).
- Use a separate cold storage wallet solely for long-term savings, never for trading. Transfer assets to your trading wallet only when needed, and securely store the recovery key/phrase for this wallet too.
By following this approach, you can connect your trading cold storage wallet to MetaMask while keeping your savings wallet disconnected from the internet most of the time. This minimises exposure risks associated with trading activities.
Be cautious with password management software, as some providers have experienced data breaches. Never store recovery keys/phrases or private keys in password managers. If using a password manager, ensure it's based on zero-knowledge and zero-trust technology.
In conclusion, most cryptocurrency hacks stem from inadequate user practices, lack of knowledge, or negligence. By implementing the tips we've provided, you can significantly reduce the risk of losses at a relatively low cost of time and resources.
Remember, security is an ongoing process, and it's essential to stay informed about the latest security practices and continue learning from reputable sources to protect your assets effectively. Prioritise your security and stay safe.