Protect Your Wallet

One of the best parts of having a self-custodial wallet like Rainbow is that you are in total control of your money. Unlike a bank account from Wells Fargo or a crypto exchange like Coinbase, Rainbow does not hold your assets on your behalf. Instead, your money is completely in your own control thanks to the power of cryptography.

Self custodial crypto is a lot like real world cash — the money is fully in your possession and nobody can prevent you from spending it how you like. And like cash, it’s very easy to part ways with your digital assets accidentally.

Because of this, it's important for you to be on guard and keep your information secure and your wallet properly backed up. Thankfully, it’s relatively easy to stay safe as long as you understand the ways in which crypto is different from traditional finance.

So, let’s talk about your crypto wallet and how to be safe as you're exploring the world of Ethereum!

An overview:

To get started, the world of crypto and Web3 is a bit different than how we're used to surfing the traditional internet. A crypto wallet doesn’t typically have a username or password associated with it. Instead, it has 2 things — neither of which are chosen by the owner:

  1. Public wallet address:
    1. Looks like 0x7a3d05c70581bD345fe117c06e45f9669205384f or rainbowwallet.eth

    2. Anyone who knows your public address can see your transaction history and what assets you have inside of your wallet. They can also send things to your wallet without your permission. You can safely share your public wallet address with anybody as long as you are comfortable with them seeing the contents of your wallet.
  2. Secret phrase (or private key)
  3. image

    Looks like a long sentence of 12 or 24 random words monkey book lawn chair banana donkey ...

    A private key or secret phrase on the other hand grants complete control over everything inside of a wallet. Never share your secret phrase with literally anybody and never ever enter your secret phrase into a website. If you ever share your secret phrase, you are at risk of losing all your funds.

How to never lose access to your wallet:

If you lose your wallet's private key and secret phrase, there's no way of recovering access to the wallet. You can't just click a "forgot password" button, and there's no 2-factor authentication. Rainbow does not know your private key, so we can't retrieve it for you either.

Instead, you need to personally backup your private key and/or secret phrase. There are many ways of doing this, and each method gives you a different level of protection. Here are a few examples:

  • Rainbow's iCloud Backup feature for iOS ⭐ Recommended
  • Rainbow’s Google Drive Backup feature for Android ⭐ Recommended
  • Written on a piece of paper and stored somewhere safe ⭐ Recommended
  • Password Manager like 1Password
  • Stamped onto a piece of metal, like Cryptosteel or a https://bitcoinseedbackup.com/
  • Memorization

Rainbow makes it incredibly easy to securely backup your wallet via our secure iCloud/Google Drive Backup feature, but we also encourage all users to also backup their wallet by writing down their secret phrase on a piece of paper and keeping it somewhere safe.

It is recommended that you make sure your wallet is backed up regularly. If you opt to not backup your wallet on your device, you’ll want to ensure your secret phrase is separately properly secured. Remember, if you lose your wallet's private key and secret phrase, there's no way of recovering access to the wallet.

The Staying Safe Checklist:

Now that you have a better understanding of how the new world of Ethereum and crypto works, lets talk about specific steps you can take to be safe:

1. Only share a wallet address if you’re comfortable tying your identity to it and exposing everything inside of it.

  • Because the blockchain is public and decentralized, anyone with your address can see your entire transaction history. Is that something you’re okay with?

2. Consider having more than one wallet.

  • Many people choose to have multiple wallets that serve different purposes. The most common example is having a “social wallet” that is tied to their public identity while also having a “hardware wallet” that is anonymous. Rainbow lets you create as many wallets as you need.

3. Backup your secret phrase or private key somewhere safe.

  • As we mentioned earlier, these two things are what give control over a wallet. You must back them up someplace safe because they are the only thing that could let you back into your wallet if you lose access.

4. Never share your secret phrase or private key with anyone.

  • There may be some rare exceptions to this rule, but for the most part you should be the only person who can control your wallet. Accidentally leaking or sharing your private key and secret phrase means your wallet is permanently compromised. It’s not like the traditional internet where you can simply reset your password. Private keys and secret phrases are unchangeable. Your only course of action would be to start a new wallet.

5. Consider investing in a hardware wallet.

  • If you have money or collectibles you want to protect further, getting a "cold" hardware wallet like a Ledger and following its security practices can give you greater protection. These kinds of wallets are meant for longer term holding of assets that you don’t use on a regular basis. A software wallet like Rainbow is still very secure and best for being your “daily driver” or “social wallet”.

6. Follow the tips outlined in our “Avoiding Crypto Scams” guide.

  • Just like in the traditional finance world, there are some bad actors looking to steal your assets. It’s not hard to avoid these scams though if you know what to look for. We have a helpful guide to avoiding crypto scams that you can read following the link below.