Your Monero (XMR) wallet is your vault that contains your XMR and keeps it safe. If you want to make sure it stays that way, there are a few best practices you’ll want to follow in order to keep your wallet/s secure as possible.

‘Hot’ Wallets are wallets that are connected to the internet, while ‘cold’ wallets are not. Cold wallets are generally more secure, but they come at a sacrifice to convenience.

A ‘hard’ wallet, like the popular Ledger or Trezor, might be viewed as the middle ground between hot and cold wallets because you can connect them to an internet connected device in order to send/receive, but when disconnected they are not accessible via the internet.

Here are a few general best practices to beaware of when it comes to wallet security:

1. To avoid scams that might steal your XMR, only use wallets approved by the Monero community. Do your research before setting up any wallets. A good place to start is the information section of r/monero which is located here: https://www.reddit.com/r/Monero/

2. If setting up a cold wallet (one example is a “paper” wallet) for long term storage, be sure to do your research and follow one of the tutorials online that have the strongest and most positive reviews/comments. Like these Reddit links:

a. Sending to Paper Wallet Tutorialr/Monero/comments/7t5tyx/tutorial_sending_xmr_to_a_paper_wallet_generated

b. Guide for Securely Generating an Cold Paper Walletr/Monero/comments/48cgmd/an_extensive_guide_for_securely_generating_an

3. Consider keeping a cold wallet for XMR you plan on holding for a while, and a hot wallet for XMR you plan on spending or trading. Think: Cold wallet=savings account, hot wallet=checking account. 4. Visit online forums and ask around to learn the variety of ways people keep their private keys or mnemonic seeds safe and secure, then chose the option that works best for you. Start here: https://getmonero.org/community/hangouts/ Having any strategy is much better than none at all. Are you seeing yet that research is a big theme? 5. Follow other best practices here like never share your private keys, only use reputable exchanges, update your wallet/s after every network upgrade/hard fork, don’t talk about how much XMR you have, and alwaysseek to learn more!

A Secure Wallet is a Happy Wallet

Exchanges can be a convenient way to sell or buy more Monero, but not all exchanges are created equal.

Here are a few things to keep in mind when it comes to keeping your XMR safe while using exchanges.

1. Do your own research before using any exchange. Attempt to answer these questions:

a. Are there positive reviews available through third-party sources? Are they reliable?

b. Has it ever been attacked? Was the response to the attack appropriate?

c. How long has the exchange been in operation?

d. Are the creators/managers known or reputable individuals or entities?

e. Are you able to maintain your privacy by not sharing any personal information?

f. Does the website use security precautions like captcha and Two-Factor Authentication (2FA)? Does it have legitimate security certificates and start with https://?

g. If you plan on reporting taxes, does the exchange allow you to download reports for easy proof of buy/sell transactions?

2. Exchanges create their own wallets for you. You are not likely to have access to the exchange wallet’s mnemonic seed. If the exchange gets attacked or proves to be a scam, you may lose whatever XMR you have on the exchange’s wallet. A good rule of thumb is to only keep XMR on an exchange if you plan to use it soon. Otherwise, move it to a wallet that you control. 3. If you want to trade a significant amount of XMR over an exchange, consider testing the transaction by trading a smaller amount first. This test amount should be no higher than you would be comfortable losing. 4. With any XMR transaction, always double-check the send/receive wallet addresses to make sure they are correct. Even if you copy/paste the address, confirm it was pasted correctly, as there are known attacks that will change a cryptocurrency address when it is copy/pasted. If your device was somehow infected by that malware, a simple double-check to confirm it pasted properly is all you would need to protect your XMR. 5. As time goes on, decentralized exchanges will become more common. With Monero being a decentralized cryptocurrency, these exchanges are aligned with the ethos of Monero. Consider using them, but as always, do your research first!

Know Your Exchange Safety

As of the time of this writing, common assumptions say a vast majority of the Monero community consists of early adopters who are more technologically savvy than an average layperson. Monero code has been worked on by a few hundred developers, which is many more than most crypto projects can claim. Some speculate one reason Monero price has not grown closer to Bitcoin is because the technology behind Monero is hard for laypeople to understand and appreciate. But we early-adopters continue to march forward in hopes of Monero becoming more widely recognized and adopted. Monero 100 years from now will still depend upon people, people like you, working to safeguard its ecosystem and advancing the code even further. These are all reasons why we recommend people should always seek to learn more, especially if you’re not a developer. You can strengthen your ‘Monero literacy’ by consuming as much information as you can.

Seek To Learn MoreBy learning more about Monero’s features, the code, the open-source cypherpunk ethos that started it, and ways to improve security and privacy while using it, together we can make the Monero ecosystem even stronger. By having a strong grasp on all the aspects of Monero, you will also be able to speak to others about it and help drive greater adoption. You will feel more comfortable and confident while storing, using, and transacting XMR. Knowledge is power and it can change the world. Always seek to learn more… and do your own research!

The future starts with you, here’s some reading material to help you learn more about Monero:

getmonero.org (Official Website) monero.howreddit.com/r/moneroGuide to Monero (post) Monero In-Depth Technical IntroZero to MoneroScams to AvoidMonero FAQConnect w/ Monero CommunityMastering Monero

Don’t Talk About How Much Monero You HaveSayings like “Loose lips sink ships” and “Out of sight, out of mind”, exist for a reason. When you talk about how much Monero you have, you may inadvertently be making yourself a target. This is especially true in cases of online forums and social media. Attackers prowl the internet looking for people to reveal information about themselves that they might be able to take advantage of. Let’s just look at an example:

Adam comments to Eve in a public comment on social media that he just bought 30 XMR. Badguy sees Adam’s comment and decides he wants those 30 XMR. Badguy proceeds to use a variety of nefarious tactics to hack Adam and steal his XMR, maybe even doing more damage along the way. If Adam hadn’t of said anything, he wouldn’t have been targeted at all and his XMR would remain safe.

This is a simplified example, but in reality there are dozens of scenarios in which information you share can make you a target, and even more examples of how attackers can use that to their advantage and make you their next victim. Advocating for Monero and teaching new users about its many uses is one thing, boasting about how much XMR you own is another. It is advised to stick to the former and avoid the latter at all costs.

Keeping your Monero to yourself is also important if you live in a country with a corrupt government that abuses power. If a government in the future were to apply capital controls to cryptocurrency holdings, it would be best they did not know about your Monero. Even though Monero code is resistant to capital controls, if an abusive government knows you own Monero then they might still come knocking on your door.

Capital controls would technically give them the legal authority to freeze or take possession of your Monero. As Monero continues to improve, it will become increasingly harder for abusive governments to know you own any….unless you talk about it online. If they don’t know you own it, their ability to abuse their power and steal your hard earned wealth diminishes. Don’t talk about how much Monero you have.

Community ParticipationMonero is a completely decentralized, open-source project. Anyone with a good idea and some initiative can create and lead a project in support of Monero. If you are not a developer and interested in supporting Monero in other ways, there are many options. Monero projects organize themselves into various workgroups. There is a Localization workgroup focused on translating all Monero content to help spur adoption throughout the world, an Outreach workgroup focused on creating tools to facilitate better public relations and greater adoption of Monero, and even a workgroup focused on developing a hardware wallet for Monero. There are many other workgroups that need your help.

If you are a developer, you can join a few hundred other developers to date who have contributed to Monero’s code, via GitHub.

The first stop when it comes to community workgroup participation is the Monero Community Workgroup, which focuses on organizing all of the other workgroups. They will be able to tell you if your idea has already happened and which people to work with to take it even further. Or if your idea is brand new, they will connect you with some resources to help facilitate your idea coming to reality.

Monero’s Core developers have provided us with a handful of tools to help enable successful workgroups, including Mattermost for communications and Taiga for project planning and task flow management. Individuals can also participate through lively discussions that happen on several different Slack and IRC channels, through many different Telegram group chats, on Reddit via r/Monero or the many subreddits dedicated to niche areas of Monero (like mining or speculating), and by asking or answering questions about Monero on Stack Exchange. The only barrier to you participatingin the community is you.

We invite you to join the cause and make this decentralized, open-source community even stronger!

Your Monero is safe, as long as your private keys and private mnemonic seed is safe. Your private keys and your private mnemonic seed are the only way you can access your wallet and spend/send your XMR. If you share them, then whoever you share them with (or whoever has the technical expertise to steal them from who you share them with) has just as much access to your wallet as you do.

You may think you are doing a good thing by keeping your private keys separate from your physical location, but what if grandma forgets your instructions and leaves them on the windowsill and a stranger walks by and reads (records) them? Then you wake up one morning and all of your XMR was sent to an unfamiliar address. Since Monero is so private, you will have no way of finding out who owns the unfamiliar wallet and you will not be able to recover your missing/stolen XMR.

Sometimes other cryptocurrency projects will hard fork the Monero code then claim you will receive 10x coins, and “all you have to do to claim your 10x coins is share your private keys”. If you come across this, don’t touch it with a 100 foot pole. Not only are they probably trying to scam you, but they also may be trying to compromise the integrity of Monero as a whole. Scammers depend on your greed to do many nefarious things.

Don’t become a victim. The only thing you might ever share is your view key—and even then only to prove incoming transactions to your wallet. If that is of no use to you, then don’t share any keys. If someone is claiming they need anything besides your public wallet address (or in some cases your public view key), they are probably attempting to scam you and steal your coins. Long story short, never share your private keys.

Never Share Your Private Keys

Unless you are a developer, the term ‘hard fork’ may carry a lot of confusing and potentially negative connotations for you. After all, you may have read an article or two about hard forks and how it created contention or drama among certain crypto projects. Monero’s hard forks manifest in interesting ways and fall into three main categories: 1) Network Upgrade/Regularly Scheduled Hard Fork Monero developers aim to schedule two regular hard forks per year. These hard forks are always done by community consensus and led by Monero core developers. They typically include several improvements to the core Monero code. It is imperative as a Monero user that you upgrade your Monero wallet/s every time this occurs, and it is no one’s responsibility to do so but your own. No one said being an early adopter was easy, but if you are paying attention, it’s not hard either. Other projects have used Monero’s regularly scheduled hard forks to their own advantage and created their own projects on Monero’s old chains. These projects often fail in short time, and feed upon the greedy nature of individuals. If you fail to update your Monero wallet after one of these hard forks and send your XMR, you may end up losing them on a different chain or having to spend a significant amount of time trying to recover them. Safety level: Best practice is to upgrade your Monerowallet(s) as soon as updates are released.

Know Your Hard Forks2) Hard Fork of New and Legitimate ProjectsSome legitimate projects will fork away from Monero, utilizing its underlying code to pursue their own goals. There are a few factors to look for when determining whether the project is legitimate.

• No pre-mine or insta-mine of coins for the developers • No requirement to share your Monero private keys • No controversy or excessive negative or alarming reviews by the Monero community about the project • The project is open-sourced to ‘give back’ to Monero

Safety level: If it’s legitimate, you will not be required to do anything with your Monero wallet(s) and you can join the new project following your best judgement. 3) Scam or Attack Hard ForksThese projects will look like the opposite of what was mentioned in the legitimate project section. These projects are motivated by greed, both on the side of the developers and on the side of the users (read victims). In some cases, particularly in the case of projects asking individuals to share their private keys, they may be a deceptive attempt to attack the Monero network itself and weaken the privacy/anonymity of its users. Safety level: Strongly recommended to avoid these coins. Proceed at your own risk and be aware that participation may also inadvertently weaken the Monero network.