Account and Wallet Security
Are your cryptocurrency wallets and associated accounts secure? Find out here. This page contains advice for keeping your digital assets safe.
Your cryptocurrency wallet, which will hold all of your utility tokens as well as NFTs such as LAND and ASSETs, will undoubtedly be very valuable and have a very high monetary value. For this reason, it is very important to keep your cryptocurrency wallets and any accounts associated with them safe and secure.
This page will offer tips in keeping your wallet and accounts secure.
Make sure your password is strong and unique
Use a strong password
It goes without saying that you should have a very strong password protecting your cryptocurrency wallet and any accounts that are associated with this wallet.
A strong password is one that is a minimum of 10 characters and includes a mixture of lowercase letters, uppercase letters and symbols.
Passwords should not contain any information which can be guessed or found easily on social media and so forth, such as dates of birth, anniversary dates, family names, children's names, favourite sports teams, pet names, favourite celebrities/films/books and so on.
Examples of good passwords are:
Cg5-hy71_BCpTh3puRpl3-p@rr0T_aT3-Mi_c0oki3s!K1nG+b0aT_L10N-M@ng0196-OpaL_148-JUicE_725-saLSaAh6?Ylo9@Pn7!T6dXq!(whEr3s)(mI)[cuPPA](T3a)G0N3?!
Please do not use the above examples. Come up with your own.
Keep your password a secret
The only person who should know your password is yourself. And that's it. Just you, nobody else - not even your cat or dog.
Never, ever give your password out to anyone under any circumstances whatsoever. This includes not giving it to close friends, family or romantic partners - as you'll never know when you might fall out.
You should also never give out your password to anyone who claims to be from official support teams. There is absolutely no legitimate reason why a genuine support team representative would ever need your password at all.
Unique passwords for each account
Do not use the same password on multiple accounts. Each account that you have anywhere on the Internet needs to have a unique password. For example - If you use your Facebook account password as your wallet password and then your Facebook account gets compromised - then your wallet will be compromised too.
Password managers
If you are particularly forgetful, you may benefit from using a password manager service. A password manager is a third-party piece of software which automatically generates and stores strong passwords for you. Your password to access this software needs to be particularly strong in order to protect the other ones stored inside.
However, bear in mind that password managers are not immune to hacks, data breaches or trojans. Whereas your brain is.
Use Two-Factor Authentication (2FA) where possible
Two-Factor Authentication, also known as 2FA, adds an extra layer of security to your accounts. To put it simply, when you log into an account that has 2FA enabled on it, a randomly-generated time-sensitive code will be sent to a different device (usually a smartphone or tablet through an authenticator app). This code will need to be entered into the login screen after your password in order to access the account.
This means that if your password does end up compromised, the deviant party still will not be able to access your account unless they also have hold of your secondary device.
If your account offers 2FA security, you most definitely should make use of it.
When you set up 2FA on your accounts, you will be given one or more back-up codes to use if you happen to lose access to your trusted secondary device. Keep these safe as you would a password.
Protect your Seed Phrases
Your cryptocurrency wallet may have given you a seed phrase (sometimes also referred to as a pass phrase or a key phrase), especially if you use MetaMask. This seed phrase needs to be kept secret from everyone who is not you, treat it as you would your password. Your seed phrase should be kept somewhere safe and secure in case you will need it in the future.
It might be a good idea to hide this seed phrase in a poem, short story, a puzzle or a pattern, for example. This way most people won't glance at it a second time and therefore won't realise you've hidden a seed phrase in there.
Digital storage
If you are storing the seed phrase digitally on an electronic device, then you should consider encrypting your device. Do not store your seed phrase in a standard electronic note or document. If your device ends up compromised then your seed phrase will also be compromised. If you feel that you need to store the seed phrase digitally, then do so on software that enables you to protect the seed phrase with a password and two-factor authentication.
Physical storage & safes
If you are storing your seed phrase physically then it is a good practice to make sure it is kept in a secure place away from your computer, preferably not even in the same room. Keeping your keyphrase in a waterproof plastic bag inside a strong safe would be a good idea - as long as the safe is very well hidden (and potentially impossible to remove due to being embedded into the building), because obvious safes are one of the first things a home intruder will look for.
It would probably be good practice to keep more than one physical copy of the seed phrase in different secure locations, in case one ends up getting lost.
Keep your safe well hidden. Maybe permanently embed it into a wall or the floor so that it is not possible to easily remove it from the property. While locked unhidden safes may keep out prying eyes, they are not immune to being taken from your property by a thief and cracked open with power tools.
If your safe has a digital keypad to unlock it then don't forget to wipe away your fingerprints after each time you open it to avoid the combination of fingerprinting dust (or simply talcum powder or fine flour) and guessing to access the safe.
An alternative to a safe is to use a safety deposit box in a bank. Even in the extremely unlikely, one-in-a-billion chance that the bank vault ends up getting successfully robbed, the seed phrase will likely just be a piece of paper with random words on it to the thieves and they probably won't realise it's a seed phrase - especially if you cleverly hide the seed phrase in a poem, short story or puzzle.
Lock your wallets
You should always make sure that your wallet is locked when you are not using it. You generally do this by logging out of it, whether your wallet is accessed through a website or a browser extension. Online banking websites, such as PayPal, have a timer running in the background which automatically logs you out of your account after a set time, however many wallet services currently do not provide this feature.
Some websites that you access with your wallet unlocked has the potential to see your wallet address. Malicious individuals could potentially see this wallet address and attempt to scam you with false wallet notifications via the website. Click this link to learn how malicious websites can be used to scam you of your wallet contents.
Do not click unknown links
If someone shares an unknown and potentially dodgy link in a public place, such as in an email, in a message, on Discord or Telegram - do not click it.
If the link mentions a community or company, Google it first to see if it is legitimate.
If it does seem legitimate, check the spelling of the link. Some scam websites use an alternate spelling of the real thing.
You can also scan the link for malicious code and so forth on virus scan websites, such as https://www.virustotal.com/.
If it still seems legitimate, open the link in a different browser that does not have your wallet connected to it.
Unsure? Ask! On our official Discord, The Sandbox staff have blue usernames. On our official Telegram, The Sandbox staff have the word "Admin" on the top-right of their messages. And remember - genuine staff will never DM you first.
Leave secret instructions for loved ones
Anything can happen in life. You might be healthy right now but, who knows what might happen tomorrow? You could get hit by a bus one day or have a heart attack from a sudden undiagnosed condition. This is a grim and dark paragraph, we know, but it needs to be brought up.
It would be a good practice to leave instructions to loved ones - for example a married partner, a non-married partner or a child - in your last will and testament explaining where to find the password and seed phrase to access your cryptocurrency funds (ie, where the safe or safety deposit box is) and how to invest or sell them for profit. These instructions can help your loved ones to carry on and support themselves should you suddenly and unexpectedly pass on from the world.
If you have no loved ones or relatives, you could ask a trusted friend or legal representative in your last will and testament to donate your crypto profits to a charitable cause.
Be on your guard
Stay alert
Malicious thieves are coming up with new scams to try and trick you almost daily. You need to always be on high alert for this sort of thing.
Also remember that genuine staff will never DM you first and will never ask for passwords, seed phrases or funds.
Be smart
Think before you react. Just because someone gave you a link it doesn't mean you have to click it. If something sounds too good to be true - it probably is.
Do your research
Do not jump blindly into events, offers, airdrops and so on. Make sure you read all of the official documentation to ensure the event is genuine.
Remember - if something isn't officially announced on The Sandbox's official social media, it is probably a fake scam.
Reporting scams and fake impersonators
On Discord
Please tag the @Moderators role on the Discord server in a support channel to report a potential scam being committed by someone within the community. Please avoid posting screenshots in public unless you have blanked out any web addresses. Otherwise, if a screenshot is needed, the responding moderator will ask you to DM it to them. You should also consider reporting the offender to Discord itself. Here's how: https://support.discord.com/hc/en-us/articles/360000291932-How-to-Properly-Report-Issues-to-Trust-Safety.
On Telegram
If the scammer is a member of the community channels on Telegram, please DM the details of the scammer and the scam to an admin.
Whether the scammer is on the official channels or not, please forward their profile and messages to Telegram's anti-scam team. Their username is: @NoToScam.
Links & resources
Last updated
