The uncomfortable truth about wallet security: the technology almost never fails. The cryptography protecting a random seed phrase will outlive everyone reading this page. What fails is the layer around it, the human with a browser, a clipboard and a deadline. So this guide spends little time on cryptography and a lot on the four decisions that decide outcomes.

Decision one: where the seed phrase lives

Your seed phrase is not a password to your wallet. It is the wallet; everything else is an interface to it. Anyone holding those words holds your funds from any device on earth, instantly, and no support desk can undo it.

The rules follow from that. The phrase never gets typed into anything except a wallet during initial setup or recovery, on a device you trust. It is never photographed, never emailed to yourself, never in cloud notes, never in a chat with yourself "just temporarily". It lives on paper, or better on stamped metal for fire and water resistance, in two separate physical places. If any website, app, form or human ever asks for it, the interaction is hostile, with a certainty no other rule in crypto can match.

Decision two: what signs your transactions

A software wallet keeps keys on an internet-connected computer, inside the blast radius of every malicious download and browser exploit. A hardware wallet moves signing into a sealed device with its own screen and button. Malware can corrupt what your browser shows you, but it cannot press the physical button, and the device screen shows what you are actually signing.

The threshold is simpler than the marketing suggests: once a wallet holds more than pocket money, the hardware device costs less than one percent of what it protects. Pair it with the layered structure from our farming setup guide: a hardware vault that touches almost nothing, an operations wallet for regular use, and an expendable hot wallet for the risky frontier.

Decision three: what your signatures permit

Modern wallet theft rarely steals keys. It requests permissions, politely, through the same interface as every legitimate action. Token approvals grant a contract standing rights to move your tokens; off-chain signatures can authorize marketplace-style transfers without a visible transaction. Drainer kits industrialized this years ago and their operators A/B test their phishing like a startup.

Countermeasures are unglamorous and effective. Read the wallet's description before signing, especially the difference between a transaction and a signature request, and decline anything you cannot explain. Cap approval amounts instead of granting unlimited where the interface allows. And put a monthly slot in your calendar to open an approval checker and revoke everything stale. The class of theft that arrives weeks after the mistake dies right there.

Decision four: which wallet faces the internet

Every risky surface, new dApps, claim pages, mint sites, "checkers", should meet a dedicated wallet holding only what the day's activity needs, ideally in its own browser profile with its own bookmarks. This is not paranoia theater. It converts the worst realistic outcome from "everything, gone" to "an annoying Tuesday". People who follow this rule get phished too; the difference is they get to talk about it at dinner instead of at a lawyer's office.

The attacks worth knowing by name

  • Approval phishing: a fake or compromised site requests approvals or signatures that hand over token control. Beaten by reading requests and by wallet separation.
  • Address poisoning: lookalike addresses seeded into your history, harvested by your own copy-paste weeks later. Beaten by address books and character-by-character checks on large sends.
  • The fake support desk: helpful strangers in DMs after you complain publicly, guiding you to a "sync" page that requests your phrase. Real teams do not DM first; nobody legitimate needs your phrase.
  • The malicious update: fake wallet apps and extensions, delivered by search ads or app-store clones. Install from documented official sources only, and be slowest to update the software holding the keys.
  • The clipboard swapper: malware replacing copied addresses at paste time. Beaten by the hardware wallet's screen, the one display malware cannot touch.

Notice the shape of the whole list: not one attack breaks mathematics, and every one preys on process. Build the four decisions once, keep the two habits (approval review, address verification), and you will have quietly stepped outside the population every drainer kit is engineered to farm. In this game, boring is the winning aesthetic.