Follow some general guidelines to reduce the potential for your wallet to be compromised.
What is a Cryptocurrency Wallet?
To learn about cryptocurrency wallets and why you would want to set one up on your Sandbox account, view About Cryptocurrency Wallets on the Create a New Account page. You can also visit Web3 & The Sandbox to learn some of the basics of blockchain technology.
You can find information about supported wallets and how to connect one to a Sandbox account on the Wallet: Choose, Connect page.
Keeping Your Wallet Safe
View our other documentation under Manage Wallet for more wallet security topics.
Learn about a higher security method to protect your valuable digital property
Your cryptocurrency wallet, which will hold all of your utility tokens as well as NFTs such as LAND and Assets, may have a very high monetary value. For this reason, it is very important to keep your cryptocurrency wallets and any accounts associated with them safe and secure.
Always save your wallet's security key or passphrase in a safe place, including as a physical back-up off your computer. Keep this safe, and never, ever share it with anyone, even with those claiming to be staff.
Always keep your login information secret, safe and secure. Your cryptocurrency wallet in time could potentially be worth hundreds or thousands in your national currency!
In some support cases, you may be asked to share your wallet address. This is safe to hand out as it does not give anyone access to your account. However, you may still prefer to do so privately.
Use a unique Browser
Do not use your wallet's dashboard or browser extension on the internet browser that you use for regular internet browsing.
You should have at least two different browsers on your device. Use one as your default browser to browse the internet as you normally do. And a secondary browser for all activities related to using your wallet. The next header below makes it clearer why you should do this.
For example, many users at The Sandbox decide to use Chrome for regular browsing, and Brave for wallet-related activities.
Do not set the browser that your wallet is used or attached to as your "default" browser.
Avoid Clicking Random or Unknown Links
So, you've taken the time to learn about blockchains and cryptocurrency - in that case, you should also take the time to learn to stop impulsively clicking links while using the browser with your wallet dashboard or extension on.
Get into the habit of treating links as suspicious. Whether the link is on a webpage, a social page, in an email, in a direct message, and so on.
Links can be used to trick you into connecting your wallet to a compromised app or a fake third-party website, giving fraudsters access to your wallet.
If the link mentions a community or company, Google it first to see if it is legitimate. If it does seem legitimate, check the spelling of the link. Some scam websites use an alternate spelling of the real thing.
You can also scan the link for malicious code and so forth on virus scan websites, such ashttps://www.virustotal.com/.
Even if it still seems legitimate, open the link in a different browser that does not have your wallet connected to it.
SECURITY NOTE
One way scammers try to get you to click such dangerous links is to claim that you have won a prize. Or that you have been randomly selected to participate in something (ie, a game test). They could also pose as someone who is shilling another project, but is in fact trying to entice you to click a link to a scam.
Do Not Connect Your Wallet To Random Websites
Always do your own research (DYOR) about websites that ask you to connect your wallet to them. Do not just go ahead and connect it to everyone who asks.
If you're still unsure, ask in a cryptocurrency community that isn't operated or managed by the website that is asking you to connect your wallet to it.
Lock Your Wallet
When your wallet is not in use, it should be locked at all time.
Locking a wallet is achieved simply by logging out of it via the web dashboard or browser extension.
If you are not sure how to lock your specific wallet, search the help documents provided by your chosen wallet service, as the instructions differ depending on your chosen wallet.
SECURITY NOTE
Banking websites, PayPal, and similar money service websites will usually automatically log you out after a certain number of minutes. However, many cryptocurrency wallets do not currently have this feature, so you need to make sure you do so manually.
Do Not Share Your Wallet
Nobody else should be able to access your wallet. This includes family members, friends, and romantic partners - people argue and fall out all the time.
Protect Your Seed Phrase
A seed phrase (sometimes also referred to as a pass phrase or a key phrase) is a collection of random words that were generated when you registered the wallet. It could be between 12 and 24 words long, sometimes more - depending on the wallet provider.
Your seed phrase is your wallet's master key. It allows you to grant permission to access your wallet and its contents on a device. If your device is lost or stolen, your seed phrase will be needed to authorise use on a replacement device to access your wallet contents.
DO NOT SHARE YOUR SEED PHRASE WITH ANYONE
Your wallet's seed phrase must be kept secure and not shared with anyone, even staff. Treat it as you would your bank card PIN number.
Security Recommendations
It's possible to have digital content of extremely high value in a cryptocurrency wallet. Since your seed phrase is the key to accessing that content, some people must to use high security measures to protect it.
Review these very high security recommendations to decide what's best for you:
Creatively Backing Up Your Seed Phrase
When writing down your seed phrase for safekeeping, it is usually a good idea to hide the seed phrase within a custom poem, song, or riddle.
This way, if someone happens to stumble across your seed phrase, it will just look like a pretty (or sometimes weird) bit of creative writing, and they shouldn't catch on that it's a hidden seed phrase.
For example, let's say your first four seed phrase words are Purple, Lion, Bed, Floor.
Purple rain falls all around the plains,
The lion goes to check on the drains,
But his bed retains the water,
And the wood floor has stained.
Notice the first word of the poem is your first seed phrase word. The second word of the poem is your second seed phrase word. And so on.
This is just an example, there are many ways that seed phrases can be hidden within creative writing.
Digital Backups
If you really feel that you must back up your seed phrase digitally, then make sure that the seed phrase is encrypted. Or even better, hidden creatively (see above) and then encrypted.
Do not store your seed phrase as a standard electronic note or document, and especially do not store them online. This includes Notepad, Microsoft Word, Google Docs, note-taking software, emails, and so on.
Make sure any digitally backed-up seed phrases are protected by passwords and other security measures that may be available to you. This might include 2-factor authentication, PIN codes, and biometric fingerprint scanners.
SECURITY NOTE
There have been claims posted on the internet that facial recognition and retinal scanner biometric security has been fooled before by using a high-definition photograph of a person's face or eye close-up, which can easily be taken from social media.
Physical Backups
Should you decide to back up your seed phrase physically (hopefully creatively hidden in a poem, etc), then you should make sure that the physical back-up is kept in a secure place away from your computer - preferably not even in the same room as your computer.
It would be a good idea to seal your seed phrase in a plastic container or ziplock bag to protect it from water damage. For example, should there be a flood or burst pipe incident.
Writing the seed phrase in invisible ink may be a good idea as well.
Using a Safe
Safes are a good place to store a physical backup, as long as your safe is not highly visible. Bear in mind that during a home burglary, a safe is one of the first things a thief will keep an eye open for.
Make sure the safe is well hidden. There are many specialist hidden safes available on the market, such as safes that can be embedded into the floor, safes that look like an innocent power plug socket, and so on.
Alternatively to a hidden safe, make sure your safe is embedded into the building itself, such as inside a wall, so that it cannot be removed from the property by a thief to be cracked open later with power tools.
Your safe should ideally be fireproof. Beware of safes on the market claiming to be "fireproof" but have holes in the back or bottom of the safe for bolting onto something - obviously fire can get through holes.
It would be a good idea to seal your seed phrase in a plastic container or ziplock bag to protect it from water damage. For example, should there be a flood or burst pipe incident.
SECURITY NOTE
If your safe has a keypad where you'll need to enter a code to access it, then don't forget to wipe away your fingerprints after using your safe. This is to prevent the combination of a fine powder being dusted onto the keypad to see which numbers you've been pressing, followed by attempts at guessing the code using those numbers.
Safes with a "kill switch" which disables power to the keypad or blocks the unlocking mechanism after too many failed attempts may help to prevent this (except if the thief is very lucky at guessing), but then you'll have the hassle of finding, hiring, and proving that you're the owner of the safe to a trusted locksmith to open it for you.
Bank Safe Deposit Boxes
Those who have a large amount of cryptocurrency or a lot of high-value NFTs might want to consider something even stronger than having a safe on their property. That being a safe deposit box within a bank vault.
The bank will charge you to rent space for your safe deposit box in their vault, which is why it's usually a better solution for those with large amounts of crypto, as opposed to a "smaller" trader, unless you already have a safe deposit box for another purpose.
You could consider hiding your seed phrase creatively, as advised above, then store it in a safe deposit box at your bank branch. This way, even in the very unlikely one-in-a-billion-chance that the bank vault does end up being successfully robbed and they coincidentally go for your safe deposit box out of the hundreds or thousands of others in the vault, it will just look like a random piece of paper with a rambling poem on it to the thieves.
Bonus Tip: SmartWater
SmartWater Group is a pioneering British security company that offers security solutions to people, companies and law enforcement across the globe. One of their products, which as since been adopted by regular and specialist police forces across the world - including but not limited to Scotland Yard, NCA, FBI, and the Gendarme - is "SmartWater".
SmartWater is a forensically traceable liquid data system that is applied to items of value to trace, identity, and convict thieves who come into contact with the liquid that was applied to your valued items.
The Sandbox is not partnered with SmartWater, nor has any agreement or rewards scheme with SmartWater to mention their products in our knowledgebase. Their information is shared here purely for your security education and consideration.
