In this post I will describe how to protect Metamask wallet on the right way. Metamask is a very popular crypto wallet primary made for Ether and tokens on the Ethereum blockchain but today you can use Metamask for interaction on other blockchains too such as Polygon, Harmony, Fantom etc. You can use it just as wallet but today Defi (decentralized finance) are almost impossible to exists without Metamask. Smart contracts are very important in Defi but you should know about risks too. If you meet smart contract scam your crypto assets are on the risk and there is possibility to lose it even if only you have access to private keys or seed. I will give you all important tips how to stay safe from smart contract scams. The most important tip is to make a several accounts and never use the same account for store and Defi.
As you can see I created several accounts inside Metamask. To be safe from viruses I recommend to use Metamask protected with hardware wallet.
How to protect Metamask with hardware wallet?
Hardware wallet is the best way to protect your crypto assets. Most of crypto wallets have option to connect with hardware wallet. You can use an official Ledger Live wallet but if you want to use wallet for Defi there is option to use Metamask protected with hardware wallet. If you dont have a hardware wallet I suggest to buy it. Where to buy and how to use it I described inside my post How to use a hardware wallet.
You can use combined accounts protected with hardware wallet and Metamask only accounts (just for test – without hardware wallet protection). If you want to use only accounts protected with hardware wallet there are 2 possibilities: to buy several hardware wallets or to make different accounts inside the same hardware wallet. To be able to create several accounts inside one hardware wallet you need to use 25 word seed, adding one more word to your seed. Every additional word will give you a new set of accounts. More information you can find inside my post The best protection for crypto assets where I described how to add one more word to your seed and what is difference between 24 and 25 word seed.
I use several different accounts protected with a hardware wallet but also some accounts without hardware wallet protection (just for testing). Remember: never use the same account for store and for Defi. For Defi I use only accounts with smaller amounts. Account allocation is a very important in crypto.
All these accounts represented on the image above are protected with my hardware wallet – screenshot is from Ledger Live wallet. Accounts with big amount I never use for Defi! The first step is to protect your crypto assets with hardware wallet (to be safe from viruses or fake Metamask extension) but big danger are token approvals requested by smart contracts.
Token approval options
When you want to interact with smart contract you need to get some access. There are several different access types such as sign in, connect with website and most important is token approval. You are not able to make a transaction before you give this access. Mostly website visitors just allow access without reading more details.
As you can see you will be asked for permission to access your funds. By default it is an unlimited access to your funds. There is no fear if you are interact with legit Defi projects but you never can be sure. Scam Defi project can empty your crypto wallet associated with account connected via smart contract. This is reason why is good to separate accounts inside Metamask. But you can edit spending limit if you click on the Edit permission link.
If you are properly connected Metamask accounts with hardware wallet(s) and edited spending limit (enable custom spend limit) you are pretty safe form potential smart contract scam. Always is good to make you own research about some project and to try use it first with smaller amounts.
Problem could be if you already connected your wallet with Defi projects with unlimited spending token approvals. After you give access inside Metamask there is no option to edit later. But you can check it on Etherscan and similar websites.
How to check token approval status?
In case that you already allowed unlimited spending your crypto funds could be on risk. But you can fix it. I use Defi mostly on the Polygon blockchain but I will show you how to check spending limit and contract interaction on the Ethereum blockchain too.
Ethereum token approval checker!
Polygon token approval checker!
When you enter your crypto address you will should see results if you had interaction with details or if you use crypto address just for store you should have no results as presented on the screenshots below. There is also option to revoke (change token approval access).
You can review and revoke your token approvals for any DApp. You can give an unlimited access if you sure that DApp is legit as you can see in my case. I recommend to use different account from that one that you use for store to sleep well.
Final words
Crypto is on fire these days and Defi is important part. First time I met smart contract when I joined in program called Forsage. This is revolution because big change is that is everything automated and without central control, there is no admin, everything is on the blockchain. There is no possibility that someone will ban you what is very often in different programs. Also I use some lending platforms where I can borrow crypto and have passive income what I described inside my post How to get flash loan in crypto from scratch.
Very important is that you know there is always some risk and you always need to make your own research. If you have connected hardware wallet with Metamask and made crypto account allocation as I described in this post risk is minimal. If you have any doubts, question or suggestion feel free to place a comment. I hope this post is useful for you.