β TON Safety: Avoid Using Web Wallets π
[EN] - [RU]
What is a Web Wallet?
A web wallet is basically a wallet (for TON) which is in your web browser, such as a browser extension, or a web site which you visit and is just like a wallet.
While web wallets may seem convenient, they are truly "hot" hot wallets and not worth the risk of using because there are many security risks involved.
Many TON holders have already lost large amounts of TON via various tricks using web wallets. It is very difficult for the average user to know if a web wallet is truly authentic.
Not only that but there are many security issues involved, such as:
β the operating system which could be infected with malware.
Scams and Security
There are many scams and tricks involving web wallets and there truly is no need to use a web wallet ever. Especially now when new ones are popping up almost daily.
Web wallets additionally do not have the scrutiny of App Stores, which includes not only some technical review processes but also legal liabilities and protections, nor do they have the scrutiny offered by user reviews where you can see others' feedback.
Aside from a cold wallet (which is not yet easy for TON) which should be used for storing huge amounts of TON for the long term, a good mobile wallet app, on a reliable operating system on a phone protected by biometric or alphanumeric password, is the best way to protect your TON account from hacking or other tricks gaining access.
Apple's iOS is highly secure and cannot be messed with by the user. Android can be secure depending on the configuration.
Choosing a Mobile TON Wallet
In choosing a TON mobile non-custodial wallet, check the history of the wallet: have people reported losing funds (even via a misunderstanding of the user interface)? How much attention does the wallet provider pay to safety and security, or fancy features?
With all new technologies there are risks as bugs crop up, which eventually can be quashed. The more cutting-edge features there are, the greater the risk of bugs.
At the current time there are four TON mobile wallets which could be trusted, the safest among them from our extensive testing are the TonSafe and the Toncoin wallet. TonSafe however has more features and includes more additional safety features.
Be Careful With Custodial Wallets
You should only use custodial wallets such as those on Telegram for limited time periods and amounts, as with any custodial wallet, you are not the only one with access. You could even lose access, if you lose access to your Telegram account.
If you need a custodial wallet for convenience or features not available in a non-custodial wallet (such as market or exchange services) only keep as much TON in such accounts as needed, and for no longer than needed. This also goes for Centralized Exchange wallets such as OKX, FTX, MEXC, Huobi etc.
Mobile Wallet Safety
For additional safety, you should probably not use the same account with multiple wallets and devices (unless you are confident of their security), instead, have a different account on each wallet. There is nothing stopping you having multiple wallets on one device either on the same account (not recommended) or different accounts.
Never disclose your 24 Secret Words to anyone or you are giving them full irrevocable access to your account for as long as you have funds in it.
Never store your 24 Secret Words in text files or screen shots: these can easily be deleted, lost, forgotten, or sent by mistake. It may seem like a pain, but actually writing down your 24 Secret Words with a pen on a paper or in a book and storing it in a safe location as you would with any important documents, is by far the best security policy.
Make sure only you have access to your mobile phone, otherwise enable any additional access security on your mobile wallet. TonSafe has an option to enable or disable biometric access whenever you start the TonSafe wallet.
If your phone does not have strong protection from unauthorized access, you should not leave your TonSafe logged in. Also remember that your phone may become lost or stolen or break down.
When traveling always logout of your TonSafe before you travel and take a copy of your 24 Secret Words with you and don't let them out of your sight.
Or split them up. For the extra paranoid: take a copy of your 24 secret words with you, separate from the phone. For example, you could number them back wards (but don't forget you have done so) on your "temporary" travel sheet, or you could split them into 2, 3 of 4 different papers in different places in your luggage, for additional security.