Web3 & Crypto
Security Best Practices
In crypto, you are your own bank. This gives you total control, but also total responsibility. This guide walks you through practical habits to keep your assets as safe as possible.
Quick Start: Don’t Get Drained
This guide is for Rodeyo players and creators who already use a self-custodial wallet (like MetaMask or Phantom). If you’re brand new to wallets, start with tiny test transactions until you’re comfortable.
- Never share or type your Secret Recovery Phrase (seed phrase) anywhere.
- Use a 3-tier wallet setup: Cold Vault, Trader, and Burner.
- Read every signature request and use a transaction simulator before confirming risky actions.
- Regularly revoke old token and NFT approvals.
- Enable non-SMS 2FA and lock down your communication channels (email, Discord, etc.).
Protect your seed phrase
If it’s ever exposed, funds can be stolen in minutes. There is no password reset or support line—Rodeyo cannot reverse these transactions.
- Never take a screenshot or photo.
- Never save it in email, cloud storage, chat apps, or password managers.
- Never type it into a website, app, or popup.
- Never share it with anyone, including “support”, “admins”, or friends.
- Write it on paper or stamp it into metal.
- Store it in a waterproof/fireproof physical safe or similar secure place.
- Verify the words are correct using your wallet’s verification step before depositing funds.
No Rodeyo admin, moderator, or support agent will ever ask for your Secret Recovery Phrase or private key. If someone does, it’s a scam.
Use a multi-tier wallet strategy
Don’t keep all your eggs in one basket. Separate your assets into three buckets based on how often you use them and how much risk they take on.
Use a Cold Vault for long-term savings, a Trader wallet for everyday use on trusted platforms, and a Burner wallet for risky or experimental activity.
Highest Security
1. The Cold Vault
A hardware wallet (Ledger/Trezor). It never connects directly to dApps. It only sends funds to your Trader wallet.
Medium Risk
2. The Trader
A software wallet (e.g., MetaMask) used for trusted platforms like Uniswap, Rodeyo, or OpenSea.
High Risk
3. The Burner
A temporary wallet with very little funds. Used for minting new, unverified projects or clicking risky links.
Move funds in one direction: Cold Vault → Trader → Burner. Avoid sending funds directly from your Cold Vault into new, unverified contracts or random websites.
Sign transactions safely
Crypto wallets usually show code and numbers, not plain English. Before you click “Confirm”, you should know exactly what will leave your wallet.
On Rodeyo and other dApps, you should only be signing login messages or actions you started yourself, like listings or purchases. If a signature request appears out of nowhere, cancel it and double-check the site URL.
Use a Transaction Simulator
Install a browser extension like Pocket Universe or Wallet Guard. They simulate the transaction and show a clear summary of which tokens and NFTs are moving.
Revoke Allowances
If you approve “Unlimited Spending” for a token, that dApp can take those tokens anytime in the future. Revoke old permissions regularly, especially after using risky sites.
Red Flags when Signing
If any of these appear in a transaction, slow down and double-check what you are approving.
Be extremely suspicious if a “free mint” transaction shows you sending more than just a small gas fee. Double-check official links before proceeding.
If you see “SetApprovalForAll”, you’re allowing that contract to move all NFTs from a collection without asking again. Only approve this for marketplaces and contracts you fully trust.
Spot common scams
Address Poisoning
Scammers send you $0 transactions from an address that looks like yours (same first 4 and last 4 characters).
Always check the middle characters, or use an Address Book. Never copy addresses from your recent transactions list.
Fake Airdrops / Websites
If a random NFT appears in your wallet telling you to claim a reward at a specific URL, it is a scam. Do not interact with it.
- Bookmark official URLs (like rodeyo.com).
- Don’t click the first Google result if it’s an ad — these are often scams.
- Verify new mints or campaigns in Rodeyo’s official announcements before connecting your wallet.
If You Think You’ve Been Compromised
Act fast to limit the damage
- 1Stop signing and disconnect
Immediately stop interacting with the suspicious site. Close the tab and reject any pending wallet requests.
- 2Move remaining funds to a fresh wallet
From a clean device and wallet, move any remaining assets to a brand new wallet with a new seed phrase. Treat the exposed wallet as permanently unsafe.
- 3Revoke dangerous approvals
Use a tool like revoke.cash or your wallet’s built-in tools to revoke token and NFT approvals, especially for the suspicious dApp.
- 4Check your devices & accounts
Run security scans, remove shady browser extensions, and rotate important passwords and 2FA where needed.
- 5Warn others & contact support
If Rodeyo items were involved, contact Rodeyo support via official channels. Warn friends and communities so others don’t fall for the same attack.
Operational Security Checklist
- Use Non-SMS 2FAUse an Authenticator app (Authy/Google) or YubiKey. SMS can be SIM-swapped.
- Lock Discord DMsTurn off DMs from server members to avoid impersonators.
- Official Channels OnlyRodeyo support will never DM you first or ask for your seed phrase.
- Keep Your Devices CleanKeep your OS and browser updated. Avoid installing random extensions or software, especially crypto-related ones.
- Avoid Risky NetworksWhenever possible, don’t sign transactions on public Wi‑Fi or shared computers.
- Beware of Urgency & FOMOScammers create fake urgency and guaranteed returns. If you feel rushed, step back and verify in official channels.
