Wallets
Crypto wallets: Best practices, security protocols, and operational discipline for self-custody.
The Gateway to Web3
A crypto wallet is more than just a digital bank account; it is your fundamental interface for interacting with blockchain networks. Whether you are validating transactions, managing a staking node, or simply holding assets, your wallet serves as your digital identity and authorization tool.
Unlike traditional banking, blockchain interactions are self-custodial and irreversible. This grants you absolute control over your assets but places the entire burden of security on your operational practices.
The Immutability Principle
In decentralized networks, there is no "Forgot Password" link and no customer support line that can reverse a transaction.
If your private keys are lost or stolen, your assets are unrecoverable.
Operational Security (OpSec)
To maintain high-grade security, we recommend strictly adhering to the following protocols.
❌ The "Don'ts" (Common Pitfalls)
NEVER share your Seed Phrase: No legitimate support agent, admin, or "SyncNode bot" will ever ask for your 12-24 word recovery phrase.
NEVER store keys digitally: Do not save seed phrases in Google Drive, Evernote, email drafts, or as screenshots on your phone. Cloud accounts are frequent targets for hacks.
NEVER blindly sign transactions: Do not approve interactions unless you have verified the domain URL and understand the specific permissions being requested.
NEVER use your main wallet for testing: Avoid interacting with unverified dApps or minting new tokens using the wallet that holds your primary stake.
✅ The "Dos" (Best Practices)
DO use Hardware Wallets: For significant holdings, always use a hardware device (Ledger, Trezor, etc.) to keep private keys offline (Cold Storage).
DO backup physically: Write your recovery phrase on paper or a metal backup plate. Store multiple copies in geographically separate, fireproof locations.
DO verify RPC endpoints: Ensure your wallet is connected to a trusted RPC endpoint (like SyncNode's) to prevent data spoofing or front-running attacks.
DO use "Burner" wallets: When testing new protocols, generate a fresh hot wallet with minimal funds.
1. Transaction & Interaction Protocols
Operational discipline is the first line of defense against loss. Adhere to these standards when interacting with the blockchain.
❌ Prohibited Actions (Risk)
✅ Standard Operating Procedure (Do)
Blind Signing: Approving transactions without verifying the contract interactions or data.
Parameter Verification: Triple-check the destination address, chain ID, and asset amount before broadcasting.
Manual Input: Typing complex wallet addresses manually, increasing the risk of "fat-finger" errors.
Input Validation: Use QR scanners or strict Copy/Paste workflows. Verify the first and last 6 characters of the address.
Unattended Sessions: Leaving a wallet unlocked or a device unattended while logged in.
Session Termination: Enforce strict auto-lock timers and manually lock devices immediately after use.
Exchange Custody: Leaving long-term holdings on centralized exchanges (CEX) or software wallets.
Cold Storage: Move significant capital to air-gapped hardware solutions (Cold Storage) immediately.
Weak Authentication: Using simple or reused passwords.
Entropy Management: Utilize a password manager to generate high-entropy, unique passwords for every service.
2. Private Key & Seed Phrase Management
The seed phrase allows for the total reconstitution of your assets. Its compromise is irreversible.
❌ Prohibited Actions (Risk)
✅ Standard Operating Procedure (Do)
Digital Storage: Storing seed phrases in cloud notes, screenshots, email drafts, or on any internet-connected device.
Air-Gapped Storage: Keys must exist strictly in the physical realm (Paper or Metal). They must never touch a keyboard or clipboard.
Single Point of Failure: Relying on a single paper copy that is susceptible to fire, flood, or loss.
Physical Redundancy: Maintain multiple backups stored in geographically separated, secure locations.
Third-Party Exposure: Sharing keys with "support staff" or entering them into unverified dApps.
Zero-Trust Policy: Treat the seed phrase as "For Your Eyes Only." SyncNode will never request your keys.
🛡️ Hardware Recommendation: Metal Backups
Paper degrades over time. For institutional-grade longevity, we recommend etching seed phrases onto marine-grade stainless steel or titanium plates (e.g., Cryptosteel) to withstand fire and flood damage.
3. Environment & Device Hardening
Your wallet is only as secure as the device it runs on. A compromised operating system renders a secure wallet useless.
❌ Prohibited Actions (Risk)
✅ Standard Operating Procedure (Do)
Insecure Networks: Broadcasting transactions via Public WiFi (airports, cafes) without encryption.
Tunneling: Operate strictly on private, secured networks or utilize a trusted VPN service.
Commingled Operations: Using a primary personal device (full of games/random apps) for high-value crypto ops.
Isolation: Utilize a dedicated, clean device (or separate browser profile) strictly for blockchain interactions.
Weak 2FA: Reliance on SMS-based 2FA (vulnerable to SIM Swapping).
Hardware/App 2FA: Enforce TOTP (Authy/Google Auth) or Hardware Keys (YubiKey) for all account access.
Phishing Vectors: Clicking promotional links in emails or Discord DMs.
Source Verification: Navigate strictly via bookmarked, verified URLs. Check for valid HTTPS certificates.
🔧 Contribution
These protocols are living documents. If you identify a new security vector or have an improvement for these standards, please open a Pull Request or contact our security team.
Last updated