New Year is a time when we all try to become a better version of ourselves. Eating more healthily, skipping the booze and starting diets. In my case, I’ve decided I should also clean up some decidedly sloppy crypto habits.

Last week, while staking some SOL using Ledger Live software, I selected a validator with 0% commission and signed the transaction on Ledger Nano. Did I review the transaction details on the tiny screen of the Nano? Erm, no.

I certainly glanced at it, and in quick succession clicked “accept, accept, accept”.  

Well, it turns out that transaction defaulted back to the ledger’s own validator that charges a 7% commission. Not a huge problem, but still.

I was looking for some sympathy and complained about this to my colleague who is a senior blockchain developer. No sympathy was to be had from him. He reminded me that the voter account would have been displayed on Ledger Nano and I failed to read it and verify it against the validator name. “This is disappointing behaviour from an advanced crypto user like yourself” - I believe were his words. It's so annoying when people you know are right in that way.

This experience helped me articulate my first 2023 New Year crypto resolution:

I will understand every detail of the transaction I’m signing. 

An extension of this resolution is checking EVERY character of the address one is sending funds to. Yes, it’s boring. Yes, most of the time it’s going to be overkill. Yes, I used to do it when I first got into crypto but, guess what? There is a scam relying on just that. Are you in the habit of checking just the last few characters of the address? Don’t. You would not do it with a bank account, don’t do it with the crypto address.

My second crypto New Year resolution is to revoke smart contract allowances I granted in the past. 

When staking, swapping, or using a decentralised crypto exchange, the smart contract may default to the maximum crypto value allowed on your wallet. Uniswap does this. A maximum allowance means that there is a possibility that the smart contract may withdraw ALL of the funds in your wallet. It’s like signing a direct debit to pay for your gym membership, but with no ceiling, and finding out that the gym can withdraw all of your funds.  

Checking the allowances is tedious but there are tools to help you do that.  Etherscan offers a tool at https://etherscan.io/tokenapprovalchecker.

Once you’ve checked the allowances, you might find some you want to revoke. Revoking an allowance requires you to sign a transaction which incurs a cost, but it’s worth it. If you are not convinced, here is additional inspiration from Cointelegraph.

My final crypto security resolution for 2023 is to send a small amount of crypto first. 

Wallets that have been in use for a while, might have been compromised. It pays to send a small amount first. I have seen a situation where a user sent a small amount of crypto to a wallet with zero balance, and immediately a bot swooped in and withdrew that amount.  Bots are programmed to take even the smallest amounts from compromised wallets as soon as any deposit hits the wallet. That user was certainly glad he did not send the entire amount he planned on sending. 

If your wallet’s seed phrase has been stolen by an individual, that individual might wait until you have a large enough amount of crypto worth stealing. And there are no safeguards against that, aside from not letting your seed phrase get stolen in the first place. 

However, if your seed phrase has been leaked online, the “send a small amount first” might save the day. 

In the escalating arms race between crypto users and scammers, complacency can be punishable by a complete and total loss of your wallet’s crypto. Being careful, aware and precise pays off.  

And the New Year seems the perfect time to become more of that.

b