Protect your assets with battle-tested security practices.
Self-custody means self-responsibility. This guide covers wallet safety, scam prevention, and what to do if things go wrong.
Choose the right wallet for your needs. Use a hot wallet for active trading and a cold wallet for long-term storage.
Software (Hot Wallet)
Best for: Beginners and everyday DeFi use
Software (Hot Wallet)
Best for: Active DeFi traders who want transaction previews
Hardware (Cold Wallet)
Best for: Long-term storage of significant holdings
Hardware (Cold Wallet)
Best for: Security-conscious users who value open source
Software (Hot Wallet)
Best for: Multi-chain users who want a built-in DEX
Self-custody means you control the private keys to your wallet. Unlike a bank or centralized exchange, no one can freeze your account or reverse your transactions. This gives you full sovereignty over your assets, but it also means you are solely responsible for their security. If you lose your keys or seed phrase, no one can recover your funds.
Your seed phrase (recovery phrase) is the master key to your wallet. Treat it as the most sensitive piece of information you own.
Use a reputable password manager (Bitwarden, 1Password) to generate and store unique, strong passwords for every crypto-related account. Enable two-factor authentication (2FA) everywhere possible.
Prefer authenticator apps (Google Authenticator, Authy) over SMS-based 2FA. SIM-swap attacks can compromise SMS codes. For maximum security, use a hardware security key (YubiKey).
Separate your crypto across different wallets based on purpose. This limits exposure if one wallet is compromised.
Small amounts for active DeFi trading and daily transactions. Accept some risk for convenience.
Majority of holdings stored on a hardware wallet. Rarely connected, maximum security.
Disposable wallet for minting NFTs, testing new protocols, or interacting with unverified contracts.
Knowing the attack vectors is your first line of defense. Here are the most common scams targeting crypto users.
Fake clones of popular DEXes, exchanges, or wallet interfaces designed to steal your credentials or prompt malicious transactions.
Scam tokens that mimic real projects with similar names or tickers, designed to drain your wallet when you interact with them.
Impersonators on Discord, Telegram, and Twitter who pretend to be support staff, moderators, or project founders to trick you.
Malicious contracts that request unlimited token approvals, allowing them to drain your wallet at any time in the future.
Projects that build hype, attract investment, then disappear with user funds by removing liquidity or exploiting contract backdoors.
Before interacting with any token or contract, verify it using a block explorer. This is one of the most important habits you can develop.
Get the contract address from the project's official website, official documentation, or verified social media accounts. Never trust addresses shared in DMs, Telegram groups, or random forums.
Search the contract address on Etherscan (Ethereum), Arbiscan (Arbitrum), or the relevant chain explorer. Look for the verified contract badge, transaction count, and holder distribution.
Use tools like Token Sniffer to check for honeypot patterns, hidden mint functions, or suspicious contract code. Also check GoPlus Security for automated security analysis.
Warning: If a token appears in your wallet that you did not buy, do not interact with it. Scammers airdrop malicious tokens that can drain your wallet when you try to swap or transfer them.
Create a separate browser profile used only for DeFi and crypto. This isolates your wallet extension from other browsing activity, reducing the risk of malicious extensions or cross-site attacks.
Bookmark the official URLs for every DeFi protocol you use (Hyperliquid, Uniswap, Aave, etc.). Always navigate to sites via bookmarks rather than searching or clicking links. This prevents phishing via fake search results.
Only install your wallet extension and essential security tools in your DeFi browser profile. Remove ad blockers that inject scripts, social media extensions, and any other non-essential extensions that could interfere with or compromise transactions.
Use a reputable VPN when trading on public or shared networks. Enable your browser's built-in security features (HTTPS-only mode, safe browsing). Avoid doing crypto transactions on public WiFi without a VPN.
Time is critical. If you suspect your wallet has been compromised, act immediately. Every second counts as attackers may be draining your assets.
Send all remaining tokens and assets to a brand-new wallet address that has never been connected to any DApp. Use a different device if possible. Prioritize the highest-value assets first.
Go to revoke.cash and revoke all token approvals on the compromised wallet. This prevents attackers from using existing approvals to drain tokens you may have missed.
Generate a completely new seed phrase on a clean device. If you suspect malware, do not use the same computer. Consider using a hardware wallet for the new setup.
Save all transaction hashes related to the compromise. Report to local authorities if significant funds were stolen. Report the attacker's address on block explorers and to the relevant protocol teams. File a report with the FBI's IC3 (for US residents) or your country's cybercrime unit.
whatishyperliquid.com is not affiliated with, endorsed by, or sponsored by Hyperliquid, HYPE or Hyper Foundation, or any other centralized or decentralized exchange, protocol, or company. Hyperliquid is an independent decentralized exchange protocol.
All content on this website is for educational and entertainment purposes only. Nothing here constitutes financial, investment, trading, accounting, tax, or legal advice.
Perpetual futures are highly speculative and may result in substantial or total loss of capital. Leverage amplifies gains and losses. Trade only with money you can afford to lose. Always do your own research and consider seeking advice from a qualified professional.
whatishyperliquid.com may earn a commission if you click a referral link and open or use an account on a third-party platform. This does not change your price and does not influence our educational content or recommendations.
By using this website and any linked platforms, you acknowledge these risks and agree that you trade at your own discretion and responsibility.