Menu
Policies for crypto asset management
HOME Contact Robert Zaremba blog Twitter / X

Programming stuff

emacs cheatsheet vim cheatsheet Scala programming manual Go programming patterns

Contract Bridge

Intro & conventions Precision system Precision - Meckwell Lite Precision - Meckwell Lite (epub)

Workflows

Agile rules Agile Workflow Dev Workflow The Workflow

Leadership

Personal Development Solution Architect Highly Effective Human

Security

Policies for crypto asset management

Policies and best practices for crypto asset management

Many wallets (including smart accounts, multisig ...) have been compromised in the last years. The big capital is at the biggest risk. Most of those attacks could be prevented if the right policies were set in place. Here is a list

Dedicated Signing Device

Perform transaction signing on a dedicated, single-purpose device, potential in an air-gapped environment. UI can be compromised.

Make sure you know what you sign

Reduce Blind Signing. One of the major risks in crypto security is blind signing, where users and platforms approve transactions without clearly seeing what they’re authorizing

Decentralize wherever you can

Try to use different tools, do double checks, login from different locations. It's much harder to deceive people that have many decentralized options and prevention tools.

Phishing Simulation Campaigns

Conduct routine phishing simulations, especially for high-risk roles like crypto operators and multi-sig signers.

Red Team Exercises

Simulate adversary tactics to assess and strengthen security controls against targeted attacks.

Transaction Simulation

Before signing, simulate the transaction to observe its outcome and verify its correctness. Require proof of balance from the system before signing transactions.
A layered approach to let more isolated and independent systems to perform BEFORE and AFTER checks to ensure that the signing requests, signed messages and transactions meet the compliance and internal security policies.

Use simple tools that don't share any dependencies

Opt for command-line tools (CLI) instead of relying on third-party UI interfaces. CLI tools reduce the risk of UI manipulation and provide a more transparent view of the transaction data.

Stop when anything looks suspicious

If any part of the transaction appears unusual or incorrect, immediately halt the process and refrain from signing. Conduct a thorough investigation to identify and resolve any discrepancies.

Strict wallet Policies

Credits