From the outside, the world of crypto can be… cryptic. Before you know it, you’re hearing about “transactions”, “public addresses”, “wallets”, “seed phrases”, and “gas” (not the one that powers cars!) — it’s easy to get lost in translation.

With that in mind, we decided it was about time to go back to the basics and cut through the noise with five simple rules to maximise the safety of your crypto assets, and minimize the risks.

Before we dive in, let’s take a minute to make sure you master the terminology. Feel free to skip this section if you feel confident with your current understanding of wallets, smart contracts and DeFi.

Rule #0 | Speak the language

A crypto wallet , just like a regular one, is used to store assets. As you will learn, there are different kinds of wallets.

, just like a regular one, is used to store assets. As you will learn, there are different kinds of wallets. Wallets are usually accessed using a key pair: the public key is the identifier, and the private key is required to send assets.

is the identifier, and the is required to send assets. Private keys are like really long passwords. To make it simpler to remember them, they are generated using your seed phrase .

are like really long passwords. To make it simpler to remember them, they are generated using your . Ethereum is a prominent cryptocurrency project. Its main contribution is the support for nuanced smart contracts .

is a prominent cryptocurrency project. Its main contribution is the support for nuanced . Smart contracts allow the creation, implementation and enforcement of self-executing contracts for which the terms are directly written into the code.

allow the creation, implementation and enforcement of self-executing contracts for which the terms are directly written into the code. Thanks to smart contracts, a new industry of financial services is emerging — we call it DeFi (Decentralised Finance).

(Decentralised Finance). DeFi projects provide financial services (lending, borrowing, exchanges, etc.) in a novel manner. Their users remain in control of their funds at all times and can see what happens under the hood. DeFi projects nurture a new type of relationship with their users, as they don’t have to trust the service to use it.

1️⃣ Rule #1 | Trust no one but yourself

The development of blockchain-based systems has brought with it exciting promises. With the growth of Bitcoin, Ethereum, and other blockchains, enthusiasts around the world are now seeing the early promises of crypto being translated into real products — from decentralised stablecoins as Maker’s DAI, to trustless lending, all the way to payment solutions (what we’re building at Monolith).

Here’s an overview of the main DeFi services, ranked by value locked in their contracts:

However, despite the development and growth of these decentralised finance services, sometimes known as “DeFi”, most of us are not reaping the benefits of decentralization: many still interact with crypto assets through a third party that holds their funds for them. This translates into countless hacks and loss of funds — so much so that by the end of 2018, the total value of the assets lost because of hacks has been estimated at $1.5B.

Ultimately, the safest way to protect yourself against such an attack is to never trust third parties with your assets.. Yes, managing your seed phrase (more on this below) requires a little bit of work, but it’s also the safest way to secure your cryptocurrencies. Using a custodial service — such as an exchange wallet — to store your assets creates counterparty risk.

Sounds good, but what is a Seed Phrase, exactly? Well…

2️⃣ Rule #2a | Understand your seed phrase. Learn your seed phrase.

Your seed phrase is what governs your wallet. If you use a standard wallet, anyone who has access to it can instantly transfer all your assets to another address outside your control — so your seed is a pretty big deal. This means that it’s more important than ever to keep it safe and secure.

Your seed is made of 12 to 24 words, the order of which is important. Here is a sample 12-word seed phrase:

agent coyote enter fit frozen height horse multiply pencil salt solar word

If you are using a mobile wallet, please ensure that the app you are using is storing your seed in the secure enclave — if not, it is at risk.

2️⃣ Rule #2b | ⚠️ Keep it secret. Keep it safe ⚠️

There are several options to secure your access to your cryptocurrencies, however, you still need to secure a seed phrase somewhere for most of them.

A piece of paper can’t be hacked

The best way to avoid an attack is to use a medium where such an attack is impossible. As far as we know, even Hollywood’s hackers can’t access a piece of paper remotely.

⇒ Write down your seed on a piece of paper. Avoid making any digital copy of it (picture, writing it down in text file, etc.)

Redundancy is security

Paper is safe from hacks, but not from a fire!

⇒ Have at least two copies of your seed phrase, written on paper, stored in different physical locations.

The Grim Reaper takes ETH too

Your wallet, if properly secured, is eternal; you’re not.

⇒ If you are storing a significant amount of money in your wallet, consider putting someone else you trust in the loop so they can recover the funds if anything was to happen to you.

Hardware wallets can also be an interesting option to streamline the process, particularly if you own many different crypto assets.

While you are backing up your seed phrase, don’t forget about the order of the 12 words, it matters!

Be smart about your assets, don’t expose yourself. It’s generally a bad idea to share specific pieces of information about your crypto holdings, especially online. Please, do take part in the discussions, but there is no need to risk painting a target on your back by sharing details about your holdings.

3️⃣ Rule #3 | Get to know the network

Understand the authentication mechanisms

There are two types of addresses on Ethereum. Both types of address can store ETH and ERC-20 tokens — the most widely used standard to built tokens that live on the Ethereum network.

The “basic” ones, called “externally owned accounts” (EOA), controlled by private keys. The contract accounts (contract wallet) which are smart contracts: they can store and execute code.

The address and public key

Your address is your public identifier, a bit like your email address: that’s all one needs to be able to send you ETH and other assets. It is derived from your public key.

People will use this to send you assets, for example. For Ethereum, the address looks like this:

0xEBA290cf248cB14442A071fbCb58a9Cc5dcdE28E

Just like for internet addresses (IP vs domain name), there is now a service to make addresses more memorable: Ethereum Name Service — ENS.

Example address on ENS.

Please keep in mind that all the information stored on the Ethereum blockchain lives publicly. If you send money to someone, they will be able to see your wallet status, such as the assets you own and your previous transactions. Anyone who has access to your wallet address can get this information. If privacy is a necessity to you, please look into dedicated solutions.

Finally, be mindful while sharing your public addresses online. If you need to post an address publicly — to accept donations, for instance — we recommend you to generate a new public address for that specific purpose.

Authentication keys

Depending on the type of wallet you use, you’ll usually have a second form of authentication, such as a PIN code or biometrics for a mobile wallet.

Such keys are not tied to your address, they are specific to the wallet you use to interact with it. Losing these keys will not result in a loss of funds, as long as you still have access to your precious seed phrase.

The Monolith app uses your device’s trusted execution environment to store the key used to encrypt your seed phrase. Your operating system’s authentication method (TouchID, FaceID, or PIN depending on your device) is required every time you need to access it — if you need to validate a transaction for instance.

If you use a hardware wallet like a Ledger, the device uses a PIN to authenticate you.

In both situations, losing your PIN does not result in a loss of funds because you can always reinitialize your wallet and set up a new PIN, using your seed.

4️⃣ Rule #4 | Make transactions talk!

Since all the information on the Ethereum blockchain is public, you can use a service to follow your or anyone’s address activity: an explorer. For Ethereum, the most common one is Etherscan.

With Etherscan, you can search for any public address to access the history of its transactions. You can also work the other way around, using the txid — the unique identifier attributed to each transaction:

Overview of an Ethereum EOA using Etherscan

Etherscan displays transactions in two main tabs:

Transactions: any inbound or outbound transaction involving Ether ERC20 Token Txns: transactions involving ERC-20 tokens, which are based on Ethereum and follow the same standard.

Not all transactions represent traditional money transfers. To interact with smart contracts such as ENS, for example, you must pay the network to make calls to one of its functions.

Transaction Status

There are three possible transaction status:

Pending: When you initiate a transaction, its default status is pending. You have to wait for the average block time (or several) for its status to be updated. On the Ethereum network, this usually takes ~30 seconds. Failure: a failure occurs anytime a transaction failed to meet the requirements. It could be because of a lack of gas, or lack of funds for instance. When a transaction fails, the Ether/tokens never leave your address, but you do still pay for gas. Success: at this point, the transaction is successful (tokens changed hands) and irreversible.

ℹ️ For the sake of simplicity, we focused on the Ethereum blockchain. However, the information presented above can apply to any public blockchain, such as Bitcoin.

Finally, since the whole network is public and open, you can also visualize the activity of the whole network thanks to service like EthStats or EthViewer. If you would like a more visually compelling representation, check out CryptoLights:

5️⃣ Rule #5 | Paying for the commons

Ethereum is more than a mere decentralized ledger able to record account balances. The network implements an execution environment on the blockchain called the Ethereum Virtual Machine (EVM). The network nodes go through the transactions listed in the block they are verifying and run the code as triggered by the transaction within the EVM.

When a contract is executed as a result of being triggered by a message or transaction, every instruction is executed by every node of the network. Each execution comes with a specified cost, expressed in a number of gas units.

Gas in that sense is a form a “fuel” to Ethereum: it represents a fee paid by senders of transactions to pay for the execution of their operations. It is purchased with ether from the miners that execute the code.

Two parameters govern the gas cost of transactions and are required to process and broadcast them to the network:

gasUsed: the total gas that is consumed by the transaction. gasPrice: the price (in ETH) of one unit of gas specified in the transaction

⇒ The total cost of the transaction is the product (multiplication) of the gasUsed and gasPrice.

You can determine the transaction cost yourself, depending on the urgency of it. A service like ETH Gas Station will help you figure out the best price for your needs. However, most wallet usually offers default options to handle that for you and that’s probably the best and safest route if you’re not sure about what you are doing.

Don’t worry too much about overspending gas though! You are only charged for the gas you consume: it’s both safe and useful to send transactions with a gas limit well above the estimates.

🎚️Master rule — Be smart, stay in control

Blockchains embody a fundamental paradigm shift. For the first time, we now have a system that allows people to send and receive unique assets across the world, instantly, without the need for trusted third-parties. It comes with many benefits, including the potential to disintermediate activities that are currently unnecessary costly because of middlemen, such as lending or raising money for a project.

However, such benefits can only materialize if the user is responsible and in full custody of its funds at all times. Without that, we’re just making yet another trade-off and importing some of the risks that exist in the financial world to the crypto world. It's easy:

Set up your contract wallet and get your Monolith 💳 :

➡️ Store & Spend your crypto safely, conveniently, and without compromises

— Team Monolith

- 🕸 Website | 🐦 Twitter | 🎮 Discord | 👽 Reddit |✈️Telegram -