Getting Back to the Basics: 10 Tips for Beginners
Last updated: 2019-03-30
- Never hand type your address. If you copy and paste your address, do it in incognito mode and still take the time to double-check the address. This attack has not been seen yet, but a lot of Chrome extensions have access to the information that you copy and paste. Most extensions do not have access to incognito tabs by default, but you can change this in your settings. (Contributed by @RaymondDurk - Thank You!)
- Use the version of your address that has uppercase letters. Ethereum addresses have lower and uppercase letters.
- Never hand type your private key, Keystore file, or mnemonic phrase. Triple-check the words for mnemonic keys if hand typing (there are still mistakes you can make).
- Always send a small amount of ETH to ensure everything goes well and it arrives at the intended destination before sending a large sum.
- For new wallets, especially cold storage, send small amount in and send small amount out before sending full amount in.
- Save and back up your private key in a separate location BEFORE sending ETH/tokens to it.
- Never email your private key.
- Never post your private key on Reddit, Twitter, or Slack.
- Never store your private key on Dropbox or another cloud storage service.
- Triple-check your work. Look at what you are sending. Look at how much you are sending. Look at what address you are sending too.
One of the safest and easiest ways to store your ETH, tokens, ETC, BTC, and many other coins is via a Ledger Nano S or a TREZOR. The device itself holds the keys and signs transactions for you. This ensures your keys aren't ever on any internet-connected device. Phishers can't get them. Malware can't get them. Keyloggers can't get them.
(Seriously, even if it's sold out, pre-order it now. It's worth it.)