Curio Cards
Search…
Protecting Your Cards
Protecting your valuable cards are your responsibility. Mistakes are permanent in crypto.

Minimizing Risk

Protecting your cards and other digital assets can be thought of as taking many different steps to minimize your risk. For example, simply using a hardware wallet removes a lot of potential attacks, but does not solve all of them. Even though it, alone, does not solve everything, it is still worth doing because it minimizes risks. You can then take steps on top of it to further reduce that risk, and then steps after that, etc. You get the idea. Below are some best practices you can follow.

Airdrop Scams

We are witnessing more sophisticated scams and attacks emerging in the NFT space, so it is imperative you use an abundance of caution to ensure your valuable NFTs and other assets stay safe. You should never interact with an unknown NFT that was airdropped into your wallet. That means you don’t sell, accept an offer on, or otherwise interact with it. The safest way to proceed is to hide it from your account in OpenSea. Think of these NFTs as spam email, and following links or interacting them being like following a link in a spam email. If you think an airdropped NFT is a legitimate asset from a legitimate project, hop into their Discord to double check.

Hardware Wallets

Given the cost of even a single Curio Card, it is advised you at the very least purchase a hardware wallet. Using a hardware wallet is crucial, as it can still protect your crypto even if your PC is compromised, as your private keys never leave the hardware wallet. This is a major risk, as even with up-to-date antivirus software, zero-day exploits are still a threat. You should never trust your PC alone.
First step is acquire a hardware wallet. The most popular and widely used hardware wallets are made by Ledger and Trezor. You should purchase it brand new directly from the manufacturer's website to reduce the risk of tampering in the supply chain.
In the process of setting up your new hardware wallet, you will be creating a new seed phrase. You must keep your seed phrase secure, don't share it with anyone! That means not "support"/"tech support", a dev, Curio Cards official admin team, NO ONE for ANY reason. Never enter it into a computer or electronic device other than your hardware wallet. The hardware wallet software running on your computer will never ask for the seed phrase to be typed on the computer. You also need to keep a secure copy of your seed phrase offsite, so if your house or apartment burns down, you can still recover. You may also want to give a copy to a loved one, for backup and estate planning reasons, but remember once you give the seed to someone they have the ability to access all of your funds.

Setting Up your Hardware Wallet

In order to setup your hardware wallet accounts to facilitate the lowest risk, we are going to utilize multiple account addresses. The purpose is to isolate and limit the risk per account, aka compartmentalize.
Concept: Compartmentalize This long word just means "don't put all your eggs in one basket". Instead keep different assets in different places with different levels of risk. Here is a basic example as an introduction:
We will setup your MetaMask with three accounts from your hardware wallet.
    The first account can be used for normal day-to-day transactions and smaller amounts. If the first account gets compromised, the amount of assets lost will be minimal. Also, if the first account is compromised, you can stop using it and just add another account as a replacement.
    A second account will only be used to buy and sell assets that you are buying or selling from a legitimate source, such as a verified OpenSea listing. An example would be selling a Curio Card or Art Blocks piece that you transferred from your vault account. After the buy or sell is completed, the assets should be transferred to your vault account for safekeeping.
    A third account on your hardware wallet we will designate as your vault account. You will not be making transactions from the vault account, it is strictly for holding your long-term and high-value assets. Keeping this account separate helps to minimize the risk of making a mistake, accident, or compromise. For example, there are scams that trick you into signing a transaction that lets someone drain your assets from your wallet. If you aren’t performing transactions directly from your vault account, you are minimizing that risk. Instead, you will only transfer assets into your vault account, and then out of it when you are going to sell or use that asset. The only other function that will be allowed in the account is periodically hiding airdropped NFTs from within OpenSea. Let’s keep our NFTs and funds safe.
Below are specific instructions to setup one of the popular hardware wallets:
Last modified 23d ago