TLDR:

• Wallet hygiene relates to keeping your wallet secure and therefore your assets too.

• Revoking removes old permissions you’ve given for protocols to move your assets for you. This means if the protocol is ever hacked your assets are still safe.

• Delegating links a hot wallet to another wallet holding valuable assets, so that you can use the hot wallet in its place and never risk signing your valuable assets away.

These have been some busy weeks and once again I haven’t had the opportunity to write a new post so I’m sharing one I wrote back in 2023 that most of my readers will not have seen on Revoking and Delegating wallets.

Privacy and security are still the biggest focus in the space (other than AI and the recent price tumble), so sharing these concepts feels are relevant today as ever. Read on to learn how to use these incredibly helpful DeFi primitives to keep yourself secure in the space.

You can find the original post from Oct 2023 here.

If this post resonates with you and you enjoy the content then please share it with a friend and get rewarded for doing so!

Refer a friend

This blog goes out weekly to over 20,000 subscribers. Please message me if you’re interested in sponsorships or partnerships.

Wallet Hygiene

Please remember that this post was originally written in October 2023 so some of UI may have changed slightly since that period of time.

Wallet hygiene is a generic term that encompasses a lot of things in Web3 related to keeping your wallet and therefore assets secure. Everything from how you store your private keys to how up to date the wallet software you use plays into wallet hygiene.

As a wallet interacts with a lot of different things onchain we end up leaving a trail and history of unclosed loops.

Many of these interactions can leave you open to attack vectors you may not even be aware of and so it’s important to go back and “clean up” your wallet from time to time.

For example, when you swap USDT for ETH on Uniswap, before even doing the swap the protocol will need permission to transfer your USDT for you. In most cases people give unlimited permissions to a protocol like Uniswap to move their USDT even if they are not swapping all of it.

While Uniswap has never been hacked, there’s no guarantee it won’t be in the future, and if it was the hacker could then move all your USDT from your account since you already gave Uniswap those permissions ages ago!

Similarly that random new NFT you were entitled to mint because you have another NFT that gives you token gated access could in fact be a way to drain your wallet. Instead of transacting from a wallet with high value assets you can delegate another one in its place and massively reduce risk.

These “permissions” as such are important to understand and take control of. Both revoking and delegating are therefore important concepts in keeping yourself secure in crypto.

Revoking

Revoke.Cash is the go to service for revoking, and in their own words:

When using dapps like Uniswap or OpenSea you have to grant them permission to spend your tokens and NFTs. This is called a token approval. If you don’t revoke these approvals, the dapp can spend your tokens forever. Take back control by revoking your approvals.

To do this the interface is super simple, you just: Connect; Inspect; Revoke.

First you must connect to your wallet, then on connecting Revoke.Cash allows you to inspect a list of every token you’ve given approvals to spend, therefore showing how much of your assets are at risk.

For example, with afox.eth you can see here I have 21 approvals and $27 + NFTs at risk.

This isn’t a significant amount because I’ve already revoked before, but if you were to open Revoke.Cash with your own account you may find a lot more money at risk.

In my long list of approvals I have the 24 DAI in my wallet able to be spent by Uniswap. This means if Uniswap was hacked they could drain my wallet’s DAI.

Revoking is simple and inexpensive so whenever you see something like this its worth revoking.

In this case when I selected “revoke” you can see that a transaction came up for $0.28 worth of ETH that will revoke my spending cap. Once approved I end up with the certainty that even if Uniswap were hacked the scammers wouldn’t access my DAI.

This same logic applies to my NFTs on Opensea or Blur and to any other tokens I may have given permission for a protocol to move.

Make sure to revoke permissions regularly to keep yourself safe!

Delegating

Delegate.Cash is a commonly used service for this.

Delegation is the other side of the coin. By using a delegate wallet you avoid the account holding valuable assets from ever giving permissions to any smart contracts in the first place!

As Delegate.Cash explains:

Keep your vaulted NFTs and ERC20s safe by linking wallets together. Claim airdrops, prove token ownership, and more from your hot wallet.

With delegation you link a wallet that doesn’t hold valuable assets with another that does, and use it to interact with smart contracts instead.

Delegating does require smart contracts to take delegation into account, but more and more smart contracts have began to do this. You can see a list of contracts on the Delegate.Cash site and they claim over $418m assets are secure through it.

It’s real easy too!

Just “Tap to start using Delegate”, then type in another account or contract you want your wallet to act as a delegate for. In this case I created a brand new account.

When you select “Delegate” you can now either “add to batch” to do multiple delegations in a single go or just “submit delegation” to transact.

What’s cool is you can even get very granular with the “asset” option, getting an account to act as a delegate for one specific asset!

There’s a small gas fee and Delegate.Cash asks for an approximately $1 tip. Then once delegated you’ll see it appear in the registry.

Now the new account I’ve just registered can act on behalf of afox.eth to claim airdrops and mints that I may be entitled to from the NFTs I have in afox.eth.

This new wallet was a totally blank wallet that I created meaning it has nothing valuable in it itself so there’s no risk from using it. When you combine this with Pocket Universe that we looked at before, you’ll be pretty secure that you’ll never sign away your valuable fungible tokens and NFTs!

Keep Safe

Wallet hygiene and security in Web3 is a topic that honestly there’s just so much to write about.

I feel happy that throughout my posts in this blog I’ve covered plenty of ways to keep secure, and in future posts we’ll undoubtedly continue to cover more and more ways to keep secure, especially as the technology improves making security even easier.

I hope you’ve learned something new today and are already on your way to cleaning up and revoking onchain approvals that you’ve had for years and didn’t even know about, along with delegating a hot wallet for your most valuable NFTs.

Stay safe out there!

Whenever you’re ready, these are the main ways I can help you:

1. Want high crypto returns? Earn up to 14% APY with your own Yieldseeker agent!

2. Love Web3 & AI? Follow @afoxinweb3 on X for insights!

3. Entrepreneur using AI? Join our AI community to accelerate your results!