People have been reporting that their wallets were hacked. Such reports are even more common recently. Once the password or secret seed phrases of your Metamask wallet is exposed, the next thing you know is all your assets are gone. It is possible to improve the level of privacy protection through some simple techniques. This article recommends some basic methods to protect your wallet.

We will use Metamask Extension as an example. This is because using the browser version of Metamask generally involves higher risk compared to using the mobile version.

Recommended Precautions:

  1. Always locked your wallet if you are not using it.
    When you are leaving your wallet logged in, it basically allows any "approved" connection to perform an action.

  2. DO NOT click on any suspicious pop-up "Metamask" alert.
    Please evaluate the pop-up information carefully before you click on a pop-up alert such as one saying "..... transaction FAILED...". The message might not be coming from the genuine Metamask.

  3. DO NOT grant permission to suspicious websites for Metamask connection.
    Unless you are 100% sure, never authorize any website to connect to your wallet. If you suspect this has been compromised, see item 8 and 9 below.

  4. DO NOT attempt to install suspicious software in your computer.
    While you might be tempted to installing "free" cracked commercial software, remember that trojan codes can be easily inserted by hackers.



  5. Beware of phishing websites.
    A phishing website (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate website. You could even land on a phishing site by mistyping a URL. For example, the official website of Metamask is "metamask.io" and not "metamask.com".



    There are many free browser extensions which automatically block phishing websites according to the URLs you specified in the blacklist. You may also block URLs using an antivirus software such as Avast Antivirus.



  6. Install antivirus and malware-protection software such as Avast Antivirus and Malwarebytes.
    Even the free versions of these popular antivirus/malware apps are usually good enough for protections. Besides the normal "Full Virus Scan", you should occasionally run a "Boot-Time Scan" to check for any exploit before Windows starts up. A boot-time scan is not something you would carry out daily as it usually takes a long time to perform.

  7. Set the Auto-Lock Timer in Metamask to a shorter duration.
    This timer can be found under SETTINGS > ADVANCED.



  8. Check for suspicious "connected sites" permitted in Metamask.
    Click on the 3-dot icon and go to "Connected sites". Delete any website which is suspicious.



  9. Check and revoke unlimited allowances which are not legit.
    Go to  Revoke Cash and revoke suspicious unlimited allowances.

    When you authorize contracts, you are giving them access to do whatever they want with your coins. You should always check for those which are not legit and revoke them. There are 3 things you need to know before you perform an action:

    Firstly, you do not need to connect your wallet if you simply want to do a normal check. You only need to enter your wallet address into the search field.

    Secondly, if you wish to revoke an allowance, you need to connect your wallet. Revoking an allowance will involve a gas fee.

    Thirdly, please be careful when revoking an allowance. You might cause a malfunction to the genuine operation such as if you are providing liquidity or staking.

  10. DO NOT keep a copy of your original seed phrases at somewhere "safe" such as a physical safe box.
    There is a Chinese saying that the safest place is the most dangerous place and vice versa. You should always mingle your secret seed phrases in a way that only you can understand. See How to save your wallet's seed phrase key more securely?

Copyrights UPOINT dotINFO