Here for the API?Start building with us today

Learn about DeCommas API
How to Keep Your Assets Safe in DeFi
December 02, 2022

How to Keep Your Assets Safe in DeFi

With the FTX collapse echoing throughout the industry and far beyond, users are more cautious than ever about their assets. This write-up highlights core DeFi safety principles you can use to protect your DeFi assets. Read on if you want to level up your DeFi security. 

DeFi Security Basics & Why It Matters?

DeFi comes packed with several types of risks: from the technical stack risks all the way up to counterparty and regulatory framework. The good news is you can influence your security to a more significant extent, making DeFi a safer investment Here’s how.

  • Protect your wallet, get physical
  • Manage your data, use separate devices
  • Avoid questionable protocols, understand the narratives
  • Do your own research, analyze protocols deeply
  • Master your DeFi interactions, limit the exposure

Protect Your Wallet, Get Physical

The first and foremost step toward impeccable security is self-custody. Google searches for self-custody skyrocketed right after the prominent FTX downfall, and people keep searching. More times than any month ever before. 

Alt: self custody search trends

Ledger had the highest sales week in its history, while Trezor sales rose 300% the week after FTX crumbled. That simply shows how people lose trust in institutions and get hardware courage in return. Hardware courage means more people want to be in charge of their crypto, especially DeFi. Here’s how.

Get a Hardware Wallet

It’s a physical device that holds your private keys. Unlike Metamask and other software wallets, hardware solutions require you to confirm physically. In other words, no transactions can happen unless you confirm in person. Hackers can’t get your funds remotely. 

Your assets aren’t stored on the hardware device, they are stored on the public ledger. Your hardware wallet provides access to the public ledger. Even if you lose your physical copy, you can still access your assets (as long as you keep your seed phrase safe).

Wallet Security Tips

  • Buy a wallet straight from the official website, like Ledger. Never buy from Amazon or resellers, as they can compromise the device before selling it to you.
  • Use extra security features if possible. Ledger comes with advanced 25th word security features to get additional protection for your assets. 
  • Secure your accounts with 2FA by Google’s Authenticator app. Avoid SMS authentication, as hackers can access a duplicate of your sim card from your phone company.

Manage Your Data, Use Separate Devices

Protecting your keys and seed phrases is one of the underestimated security precautions. Even the best hardware wallet in the world turns useless if you mismanage your data. 

Don’t let your seed phrases into the digital world. Never store them on web services (like DropBox), on USB drives, any sort of password management software, or apps (like Apple Notes, Notion, Evernote, Telegram, etc.) Ideally, you should keep all your wallet and account data offline. But you can also break your data into parts and distribute it across devices, apps, etc. To get data, you need access to 3 or more separate sources. 

If you interact with lots of protocols, you might want to dedicate a separate device for transactions only. In case your main laptop gets compromised, hackers can’t access anything related to your DeFi. Steer clear of using your mobile devices for DeFi purposes whatsoever.

Understand the Narratives, Avoid Questionable Protocols 

The narrative is the current market sentiment about a sector or protocol. The narrative around a specific field or protocol may change quite frequently — especially within DeFi. You should be careful betting against the narrative but also avoid riding the trend blindly. 

If you understand where we are in a market cycle, you are less likely to engage with questionable protocols in any way. 

  • Watch out for fakes. Common fakes include duplicates of protocols, exchanges, wallet providers, YouTube Live Streams, support queries, and more.
  • Secure your browsing. You might want to bookmark some protocol websites to lower the risks of running into fakes. 
  • Use safe links. Never follow any social media or other links other than those on the official website you’ve bookmarked. 
  • Be aware of email phishing attacks. Bad actors have email databases, and you can be a part of the list. Create a new email for crypto to distance from these risks. Proton is a good option to keep your data safe in a decentralized fashion.

Bear in mind that even official pages get hacked. That’s why you should always make thorough research before connecting your wallet or moving DeFi assets.

Do Your Research, Analyze Protocols Deeply

You don’t have alpha. Adjust your risk. Don’t take any statements for granted, always check whether the statement is true. Even if it’s a protocol you’ve been using for a while. “Trust but verify” best describes an attitude to keep your DeFi assets safe. 

One of the best features decentralization can offer is complete transparency. At least when it comes to on-chain transactions and community proposals. You can check almost anything.

Find out more about deep DeFI research.

Master Your DeFi Interactions, Limit the Exposure

DeFi is a wild west of crypto, and it naturally requires a healthy degree of caution. Especially when it comes to on-chain transactions. Here’s what you should keep in mind to secure your DeFi assets.

Test Transactions

Send a small amount as a test before sending the full amount. Double-check the address. If the address doesn’t match, stop immediately. Malicious software can hijack your clipboard to replace the addresses. 

Limit Your Transactions 

Some smart contracts allow a protocol to spend any amount of money. With the custom spending limit feature, you can set limits to limit potential exposure.

Dust Transactions

If you ever get tokens of unknown origin, it could be a dust transaction. It’s a type of attack designed to alter your data and siphon your assets off the wallet. Never interact with unknown tokens — be it an airdrop, node rewards, ambassador remuneration, or anything else. Don’t move unknown tokens.

Revoke Contracts

Each time you connect your wallet, you provide the protocol with access to your wallet. Imagine your wallet is a bulb in the dark room. Each time you connect it, malicious actors get a signal to action. Don’t connect unless you have a specific reason to. Once you’re done with the protocol, consider disconnecting to keep the bulb off. You can revoke using Zapper or Rabby or via scanners like Etherscan. Protocols get exploited. You don’t have to carry their risks all along.

How Protocols Secure User Experience?

DeFi protocols may secure users from events that already happened and events that may happen in the future. Events that already happened are easier to handle — protocols educate the communities about what happened, why, and how it may affect the future. Most protocols are doing a great job of explaining hacks.


When it comes to events that may happen, DeFi protocols heavily rely on external audits and insurance to protect their users against potential threats. Hacken and Trail of Bits are among the most prominent audit firms. They carry out a thorough code check and put some strain to see how the protocol works under specific conditions. Audits shed light on potential exploits and vulnerabilities. Developers can work around weak spots (if any) and better protect users over the long run.


Protocols may also use external insurance services like Nexus Mutual or treasuries for various reasons (for example, closing the liquidity breach to stop an attack or limit exposure if it already happened). In case anything bad happens, insurance can partially or fully cover losses. Sometimes protocols compensate for losses, sometimes they don’t. It’s optional and depends on multiple factors. 


DeFi protocols are rarely self-sufficient by design — most of them require the participation of external actors for proper functioning. Regardless of the entity, more actors potentially imply higher risks. Any third party can be incapacitated, eventually leading to either systematic failures or the protocol’s collapse. 

The way DeFi protocols pick partners may directly affect end-users and their safety. Some protocols perform a background check to find suitable partners, others only partner up with the inner circle — the rest pick anybody. Either way, it’s an important background job that requires careful attention. 

Find out more about the DeFi protocols, their partners, and the trust pyramid.

How DeCommas Secures User Experience?

DeCommas simplifies the DeFi experience as much as possible while keeping it secure for the end-user. Here’s what DeCommas already implemented to become a smart, secure, and intuitive way to interact with DeFi. 

  • Audited smart contracts
  • On-going security updates
  • Transparent communication
  • Smooth learning curve

We encourage cautious DeFi experience in every possible way. From plain communication and #report-scam channel on Discord to our business partners — we support safe DeFI.