Wallet Safety Basics — NLCB Guides

A practical, no-nonsense checklist for keeping your crypto safe—from first wallet setup to everyday use.

Quick Take: Use a hardware wallet for long-term funds, protect your seed phrase offline, verify every signature, and treat unknown links like power tools—don’t touch them unless you know exactly what they do.

1) Wallet types (custodial, self-custody, hot vs. cold)

Custodial: A company holds your keys (e.g., an exchange). Easy but you trust the custodian.
Self-custody: You hold the keys via a seed phrase. Maximum control, maximum responsibility.
Hot wallet: Connected to the internet (browser/mobile). Convenient for daily use; higher risk.
Cold wallet (hardware): Keys stay offline (e.g., Ledger, Trezor). Best for savings/long-term.

Recommended baseline: One hot wallet for day-to-day + one hardware wallet for storage. Keep them separate.

2) Seed phrase & private key safety

Write it down offline. Never screenshot, email, text, or cloud-sync your seed phrase.
Store in two places (e.g., fireproof safe + locked drawer). Consider a metal backup.
Never share it. No support agent, dev, or mod will ever need your seed.
Recovery test: Practice restoring a fresh empty wallet so you know the process.

Advanced

Use a passphrase (25th word) only if you can remember/store it safely—lose it and funds are gone.
Avoid splitting seeds unless you fully understand the tradeoffs; improper splitting can lock you out.

3) Device hygiene & login security

Update OS & browser before installing wallet extensions or signing transactions.
Unique, long passwords with a reputable password manager.
2FA: Prefer app-based (TOTP) over SMS. Hardware keys (FIDO2) for exchanges and email if supported.
Lock your devices with PIN/biometric. Don’t install random extensions/apps.
Separate profiles: Use a dedicated browser profile just for crypto.

4) Connecting your wallet safely

Bookmark official sites. Type the URL or use your bookmark—avoid search ads.
Check the connect prompt for the site origin and requested permissions.
Read-only first: Many wallets let you connect without granting spend permissions.
Mobile: When deep-linking to a wallet app, confirm the chain/network shown in the app before approving.

5) Transactions & token approvals

On EVM chains, approvals let a contract spend your tokens. They are often required for swaps and mints.

Prefer limited approvals: Approve only what you need, not “unlimited,” when the wallet allows it.
Review the contract: Verify you’re interacting with the intended contract on the correct chain.
Revoke regularly: Periodically remove old approvals—especially after testing new apps.
Test first: Send a tiny amount before sending size.

6) Phishing & common scams

Fake support DMs: No legit support will DM first or ask for your seed.
Airdrop bait: Random tokens/NFTs in your wallet can be traps—don’t interact.
Fake mints & look-alike URLs: Double-check spelling and the project’s official links.
“Emergency” pop-ups: “Your wallet is compromised—click here!” is a classic scam. Close it.
QR code caution: Only scan codes from verified sources; confirm the action in your wallet.

7) Safe minting workflow

Find the official link from the project’s website or verified social accounts.
Verify the contract address on the chain’s official explorer.
Use a fresh hot wallet funded just for the mint; keep your hardware wallet out of the blast radius.
Confirm chain/network in your wallet and the gas token required.
Mint one first, review, then proceed.

8) Recovery & incident response

If you signed something suspicious: Revoke approvals immediately, then move remaining funds.
If your seed is exposed: Create a new wallet and migrate funds; consider the old wallet burned.
Compromised device: Stop using it for crypto. Wipe/reinstall or replace, then restore wallets.
Keep records: Tx hashes, timestamps, and addresses help with forensics and reporting.

Inheritance planning

Document where the seed/backup is stored and who can access it, plus simple step-by-step recovery notes.
Avoid over-complication—clarity beats cleverness when it matters most.

9) Cronos-specific notes

Two Cronos networks: Cronos (EVM) vs. Cronos POS Chain. Same “0x…” address style, different networks.
Chain check: Cronos (EVM) uses CRO as gas; confirm the network name and chain ID before signing.
Explorer verify: Confirm contract & token addresses on the official Cronos explorer for the network you’re using.
Bridges: Bridge only via reputable routes; always test with a small amount first.

Before you connect elsewhere: double-check the contract or address on the official explorer: Cronos (EVM) · Cronos POS Chain. Cronos (EVM) addresses look like 0x…; POS Chain uses cro1…. Chain ID for Cronos (EVM) is 25.

10) Quick glossary

Seed phrase: Human-readable backup that generates your private keys.
Private key: Secret string that controls a single address. Never share it.
Approval: Permission you grant a contract to move your tokens.
Hardware wallet: Offline device that stores keys and signs transactions securely.
Phishing: Trick to steal your info/keys by impersonating a trusted source.

11) Printable checklist

Hardware wallet set up; seed phrase written offline (2 copies)
Hot wallet for daily use; separate browser profile
OS & browser updated; password manager + TOTP 2FA
Bookmarked official sites; verified project links
Limited token approvals; old approvals revoked
Test transactions for new apps/bridges
Recovery plan documented; incident steps understood

Education only—this is not financial advice. Always do your own research.