With all the rugs and scams that have been happening recently, it is time to step up security and due diligence awareness. Remember that you are always responsible for your investments and need to do your research.

But keeping these security measures in mind should hopefully help you avoid many exploits and rugs.

We offer a highlight list of options that you can take to secure your investment.

1. Hardware Wallets

Most of your long-term funds should be in a hardware cold wallet with seeds stored in at least two different physical locations.

Besides, hardware wallets make sure that your seed phrase never leaves the device and can protect you from certain (but not all) hacks.

2. Seed Phrases

Store your seed phrases physically on paper/metal. This is the definite best practice, and even consider splitting them. If, however, you consider digitally storing them, make sure you do some encryption.

Besides, you could write one word in another language, swap the first and last word sequence, or something similar. This would help protect against automated bots but not a sophisticated theft of seeds.

3. Use Multiple Wallets

Do not keep all your funds in one wallet. Split into a minimum of two wallets but preferably more;

• Cold wallet

• Hot wallet

• Mobile wallet

• Degen wallet (NFT mints or other risky activities).

4. Protocol Max Allocation

If you are a defi user, you should limit how much % of your portfolio you would deposit in a protocol at any given time.

I recommend no more than 10 % or 20 % in the same protocol, so you would not be wiped out if it were to be exploited.

5. Audits

One or more audits are almost mandatory for a serious project. However, an audit does not mean a protocol is 100% safe.

Be aware that some audit firms have an appalling track record, and many audited protocols have been exploited.

6. Bug Bounty Programs

Bug bounty programs like code4rena or immunefi invite developers, testers, and white hat hackers to test protocols and report bugs for a reward.

When there is no audit, a public bug bounty could be an alternative (crowd-sourced audit).

7. Proxy Contracts

Proxy contracts are a contract that forwards the request to an underlying contract that can be upgraded/replaced.

But having proxy contracts does not automatically mean that a project is a rug/scam. Having upgradeability could help fix a critical bug post-go-live and lets the project upgrade to new functionality without performing a migration. This is one of the things I think is hardest to evaluate when investigating a project. The team will have good reasons for why they need it, whether a serious project or a rug.

8. MultiSig

MultiSigs means more than one person must sign a transaction before it is confirmed. Typically, a multisig can be 4/6, which means four of the six signers must sign before a transaction is committed.

There should always be well-known and trustworthy people in the multisig, and team members should not have enough signers to reach a quorum alone.

Final Thoughts

There are still many things one can investigate that can help with the security of the platform. However, nothing beats the decision to research before embarking on a project.

Always embark on a safe endeavor into crypto.