XEN Crypto Safety: How to Protect Your Tokens from Hackers

XEN Crypto and XENFTs follow the first principles of the blockchain, which are self-custody, transparency, decentralization, and trust through consensus. In a decentralized world, you are a self-sovereign individual who holds the keys to your wallet and is solely responsible for its security. We are the pioneers of this space, and there are still moments when you can get burned by doing something that can expose your keys to a bad actor, so here we show you how to mint XEN securely and prevent being exploited.

First step: self - custody

The first step to self-custody your XEN is to download MetaMask, write down your private key (also called “12 words,” “seed phrase,” or “passphrase”) on paper, and store it somewhere safe because it’s the only thing that will restore your wallet on other devices in case you delete it from your browser. This step is twice as important if you’re using MetaMask on your phone because a phone is easily lost or stolen. It’s also not always a good idea to save your keys on the PC because a virus can wipe them out, a hacker can gain access to your computer, or a cat can spill water on it. Things happen.

N.B. You should never ever type in your seed phrase into a dapp, and you should always pay attention not to type it into shady wallets. If someone has installed a keylogger on your computer, typing in the seed phrase is always insecure. A keylogger can be easily installed through a PDF file arriving in an email, for example. It installs on your PC, and the hacker sees everything you type onto your keyboard and also your passwords. If your PC is slower than usual and your text editor is tripping when typing the text, then you may have been compromised. To prevent it, install a good antivirus program and don’t download files from untrusted parties. That’s the minimum you can do.

Read our guide on how to take your first steps with MetaMask and add a new network.

Buy ETH for the network fees

Once you have your MetaMask ready, you need to get some ETH to pay for the network fees because every transaction and every XEN mint requires a fee. You can buy it from exchanges like Kraken, Binance, MEXC, OKX, etc. or directly with a credit card from MetaMask mobile or ChangeNow, for example. You will always need to go through a verification process. Buying ETH from HodlHodl or from other people at crypto meetups and conferences will avoid this process.

Mint XEN

Now that you have ETH, you can connect to xen.network and mint free XEN tokens. One mint requires one new Ethereum address; that’s why you need to create new accounts and transfer ETH from one to another to be able to mint new XEN.

Read our step by step guide on how to mint XEN.

The Crypto environment today

When the XEN Crypto contract was launched, some batch minters appeared, allowing you to automate this process and mint XEN in bulk with one click and one transaction. There are also portfolio trackers that allow you to see when your mint terms expire and how much XEN has been minted. More apps and games will always be released. This is a forest growing very fast, and you need to watch out where you’re going, so here are things you should be aware of when heading there.

Things were far less secure some time ago, and they’re getting better now. There are far fewer scams and phishing attempts, and if you don’t go looking for some shadowy stuff or jump on every airdrop, giveaway, or new token, it’s really hard to get phished or hacked. Phishing and scams happen every day in the legacy world, and Web3 isn’t free of them either, but they’re not so common if you can keep your greed on hold. And remember once again: Never ever give your seed phrase to anyone.

Best security practices for every Xenian

One wallet vs. many wallets

The choice between using one wallet vs. many wallets is not straightforward because some will say that it’s better to have one basket full of eggs guarded well, while others will say that it’s better to have many baskets with fewer eggs for redundancy. We’ll leave this choice to you. Remember that a wallet is your MetaMask, and each wallet can have many addresses/accounts. You can have one MetaMask with ten addresses or two MetaMasks with five addresses each in different browsers. The most important thing is that you store the private keys to them safely, and if you do, then you can even delete your wallets completely, and when you go restore them from your seed phrase on another device, for example, all your addresses and funds will be there.

2. Always use a new wallet when testing a new dapp It’s not advisable to test new things with the wallet you have all your funds on because, when things go wrong, you’ll lose everything. If you’re unsure if a dapp is safe, then create a new wallet in a new browser and test it from there. For example, it may happen that you connected to some new network, and that network was malicious and stole your funds. By testing it with a new wallet, you limited the damage.

3. Watch out for permissions and the approve function When you connect your MetaMask to a dapp (usually through the Connect or Launch button), you give that dapp the permission to view your public address, token balances, and suggest approvals. This action is not dangerous, but the transactions that come next may be. By clicking on the three vertical dots in the upper right corner of your MetaMask, you can view all your connected sites and easily disconnect them. Token approval is another kind of action, and it’s where things can get out of hand. Token approval is a permission for a dapp to access and move a specific type of token from your wallet at any time in the future. This approval applies to just one type of token at a time, so if there’s an exploit on the dapp side, the hacker will take only that approved token limit. You need to give approval when interacting with smart contracts, but you need to know what you approve of. When you are asked to approve a transaction in a MetaMask window, you will see:

an URL, so make sure it’s the URL of the dapp you want to interact with and that it looks exactly as you expect it to; for example, xen.network is legitimate, but xen.nelwork is not. You see the difference?</>
contract address of the smart contract you’re interacting with. You can copy this address and check it on Etherscan. You can see its activity and potential flags.
a permission: you will see a message saying: “By granting permission, you are allowing the following contract to access your funds”. If you approve this, you will give this app permission to dispose of your tokens. This is something most DeFi apps do, and they usually ask for unlimited access to your token. If you press Edit permission and view the content, you’ll see that this kind of number, 1.157920892373162e+59 with e+59 at the end, means that the dapp is asking for unlimited approval. Uniswap and other DEXes and apps can do this, but that doesn’t mean they will rob you. It’s more for the convenience of not having to ask you repeatedly for approval. However, you can change this limit and enter your own maximum spending limit. Some dapps will ask you for both approval and a permit to transfer your tokens, limiting the number of transactions to just one and saving on your gas fee.
you need to pay gas fee for approval so if your wallet is empty you can’t approve of anything

So the best way to stay safe is to watch for these kinds of approvals and edit them whenever you don’t trust a dapp you want to interact with. In case it reveals itself to be a scam, you lost just one part of the tokens you approved, not all of them.

4. Attention to NFTs; someone may steal all of them

XEN is heading towards the release of XENFTs, which will rely on the ERC-721 token contract. This kind of contract has the setApprovalForAll function, which can set or unset other addresses that aren’t yours and has the ability to transfer all of your NFTs associated with a specific smart contract, in this case, XENFTs.

This function is typically invoked by NFT marketplaces such as OpenSea or Rarible in order for them to access your NFTs and transfer them to the new owner. You trust these marketplaces to not harm you, but you need to be aware that if a hacker exploits such a dapp and you already gave permission to all of your NFTs, then they will be lost. In this case, you should also be aware of the limits you allow and know that you can change them.

Particular attention should be paid to NFT airdrops. When someone will try to scam you through an airdrop, he will try to make you approve this setApprovalForAll function to claim an NFT drop, and you should never approve it to receive anything.

One of the most common ways for a hacker to steal your funds is through the approval function, so make a habit of setting clear limits and revoking approval for dapps you no longer use, even if they’re trustworthy.You can do this once a week or once a month. Keep in mind that disconnecting a dapp and removing approval are two different things. It’s not enough to disconnecting a dapp from reading your public address. What you need to do is revoke the permission to use your funds with revoke.cash everrise or unrekt for allowance checker on multiple networks.

Conclusion

Stay safe out there and never share your private keys with anyone now that you know the most common ways to get your funds.The important thing is to surf the internet while staying away from porn and shady sites because it’s where most viruses come from. Don’t download files and software you don’t trust. Install updates from official sources. Don’t type your seed phrase anywhere and get yourself a hardware wallet like Ledger so your keys are generated and stored on the hardware wallet and not on your PC. A hardware wallet is especially important when you consolidate your XEN mints into one stake, or XENFT.