Secure your MetaMask

by | Dec 29, 2021 | Cryptocurrency, Cryptocurrency, Security

By Kurt Corthout

MetaMask is a HOT wallet which means that your password is encrypted but it is ON YOUR computer. Keep this in mind.

Also, if your MetaMask password gets compromised, it will give access to ALL your accounts you created on MetaMask.

Therefore, never copy and paste your password into the MetaMask wallet, but, type it in manually. This rule also applies when importing an existing wallet using your seed words, always type them, never copy + paste them.

Check the connected sites to your MetaMask wallet. Go to Connected Sites and click ‘disconnect’. Active connections allow the connected site to read your balances and look at your past transactions.

 

Turn off unlimited spends. By linking up with some websites while signing contracts, you may have given a contract access to unlimited spends.

This allows the connected contract to do whatever they want with your coins.

To check, go to https://revoke.cash/

Fill out your public account address from MetaMask and uncheck the filters ‘Filter out unregistered Tokens’ and ‘Filter out zero balances’. Then let the query run.

Make sure you know and trust the contract, like Uniswap, but revoke the unlimited spends on strange looking contracts. But remember, if you need to revoke a lot of connected contracts, it may become costly. In that case you may find it more efficient to just create a whole new wallet and send the funds there.

So in the query above, I have Unlimited allowance given to MetaMask for DEGEN  and DERC, which I consider legit.

But if I would have something like in below screenshot, I would be more careful (contract addresses) and revoke unlimited spends for those contract addresses (but I would not revoke for Uniswap)

Make sure you are using the right MetaMask website https://MetaMask.io to prevent the ‘Rotten seed phrase’ attack, which is basically fake and malicious websites that attempt to trick users into installing the wallet using a compromised seed phrase that the attacker has access to. More about this attack here

Apply these safety rules as can be found on the MetaMask community website

Copy and past these rules and place them within your computer or mobile device, and/or write these down and place them next to you.

Rule #1: Never share your 12 words Secret Recovery Phrase (seed phrase) or private keys

Rule #2: Beware Impersonators! Make sure to see their trust level 4.

Rule #3: Never DM (direct message) with someone offering to help.

Rule #4: Never enter your secret seed phrase or private keys into any website online.

Rule #5: Never trust someone asking you to “authenticate your wallet”

Rule #6: Never import to your wallet a private key or a seed phrase someone gave you

Rule #7: MetaMask Support will never DM to help you.

Rule #8: DO NOT join discord servers, WhatsApps groups, WeChat groups, Telegram channels or Twitter DMs. These are all scams. MetaMask does not support these.

Rule #9: Report scammers. You can help the community safe.

Rule #10: Beware fake websites → Official Website: https://metamask.io/

Rule #11: Official Help → Support.MetaMask.io

 

Recommended Metamask Security Settings

The following are the recommended settings for using the Metamask browser extension and mobile app securely. Hopefully you will have many of these turned on by default, but it is worth checking and making any changes.

Metamask wallet browser extension:

Settings → Advanced → set Auto-Lock Timer to < 5 minutes

Settings → Advanced → turn off any experimental features

Settings → Advanced → set Auto-Lock Timer to < 5 minutes

Settings → Security & Privacy → turn on Use Phishing Detection

Settings → Alerts → turn on all

Mobile app:

Mobile app → Settings → Security & Privacy → set Auto-Lock Timer to < 30 sec

Mobile app → Settings → Security & Privacy →clear privacy data, cookies, and browser history at regular intervals

Mobile app → Settings → Security & Privacy → turn on Privacy mode

Mobile app → Settings → Security & Privacy →Mobile app → change password specific to mobile

Lock your wallet every time you are not using your wallet. (you unlock it by filling out your password). Below is the login screen when your wallet is locked.

Use a different browser to browse the web and trading. If you forget to lock your wallet while browsing, all the other sites get access to your wallet address and all transactions, you did previously (using Etherscan for example)

Avoid clicking on pop-ups claiming your last transaction failed when you have your wallet only on another browser.

Do not fill out your password on sudden pop-ups (with similar looking login screens for your Metamask wallet) asking you to fill out your password.

When you use, for example, PancakeSwap to make a swap in your trading browser, make sure only PancakeSwap is open, no other tabs on your browser should be open. Since maybe one of these websites then ask you for a confirmation of your Swap, only it will swap your coins to another malicious wallet. So close all the other tabs in your trading browser.

For example, use the Brave browser to trade, and Firefox or Chrome for non trading browsing. Brave automatically locks you out when you are not using your Metamask wallet.

Is Taxation Theft?

Theft; noun ‘(the act of) dishonestly taking something that belongs to someone else and keeping it;’ Tax; noun ‘(an amount of) money paid to the government that is based on your income or the cost of goods or services you have bought’ A Long Time Ago…... While much of...

The Truth About Anarchism

Evil exists, but rarely is it inherent. Rather, it is born from the compounding of events and actions of many people over time. When you consider most of the acts we would consider being evil, they are little more than acts of a desperate and tormented mind. A mother...

The Most Valuable Currency

We often fail to see what is most important, even when it's right there in front of us. This currency I speak of is unlike any other currency on earth. It is universal, a global currency if you like. Its value is retained regardless of what state borders you find...

Want to Change Your Destiny?

We all likely have something about ourselves or our lives that we would like to change. Whether it’s our weight, our confidence, our poor choice of relationships, or maybe our job.

Bitcoin Private Keys and Grains of Sand…..

First, let me quickly go over what a Private Key is. A private key is a secure code that enables the holder to make cryptocurrency transactions and prove ownership of their holdings. Bitcoin keys specifically feature a 256-bit string displayed as a combination of...

How to Breath Properly

Breathing is the first thing we do once we leave the womb and enter the wider World, we should be masters at this basic natural instinct - and yet the vast majority of us are getting it so wrong. Breathing correctly is a vital part of healthy living. In this post we...

Living Off-Grid – Getting Started

Living off-grid is an exciting desire for many, particularly once you decide to take the plunge. But careful planning is key.

Dummies Guide to Bittorrent

BitTorrent is a communication protocol which allows peer-to-peer file sharing. It was created in 2001 by Bram Cohen. It wasn't long before the protocol was implemented into easy-to-use clients across all major platforms. BitTorrent allows for anyone to share large...

This Common Weed is a Super-Medicine!

This commonly found plant is classified as a pest in just about every land in the western hemisphere, it grows in abundance through the sunny periods of the year. A weed to many yet they offer a variety of health benefits to mankind. If you haven’t guessed already,...

A Bull Case For Bitcoin

While much of the cryptocurrency space now believes Bitcoin is an old and decrepit crypto that is doomed to lose its dominance in the space, I disagree. This sentiment is generally driven by a desire for their own preferred cryptocurrency of choice to prevail, it’s a...

Latest Crypto Fear & Greed Index

bitcoinBitcoin
$ 21,173.677.17%
ethereumEthereum
$ 1,632.0210.39%
moneroMonero
$ 145.227.64%
litecoinLitecoin
$ 55.146.02%
solanaSolana
$ 36.803.83%
polkadotPolkadot
$ 7.434.6%
matic-networkPolygon
$ 0.7997214.2%
pirate-chainPirate Chain
$ 0.4447496.7%
deroDero
$ 3.623.74%
Loading...

Thank you for Subscribing, keep an eye on your mailbox!