$AIRDROP HUNTERFarm airdrops, safely
简体中文 English
Safety

Wallet Security: Seed Phrases, Private Keys, Hardware Wallets & Approval Management

Lin Yue · Airdrop Hunter Editorial Team · ·About 14 min
A pixel-art safe with a string of seed-phrase keys, split into a small hot-wallet slot and a hardware-wallet cold-storage slot
Wallet security isn't a single switch — it's a wall built from a handful of habits stacked together.

What sets farming apart from trading coins is that it forces you to use an on-chain wallet long-term and often: connecting to apps, signing transactions, running across different chains. The more you use it, the larger your exposure. So you'll quickly find that the real barrier to farming isn't "can you operate the tools," it's "can you survive the security part." I've watched too many people get the technical side down nicely, only to fall on a painfully basic security slip: a seed phrase screenshotted into the photo library, an unlimited approval signed and then forgotten, farming and net worth kept in the same wallet. This piece builds that wall of wallet security for you, one brick at a time.

Seed phrase and private key: this is your master key

Let's nail the core concept first — every rule that follows is derived from it.

When you create an on-chain wallet, you're essentially generating a pair of keys. The private key is a long string nobody could guess, and it directly controls an account — whoever holds that string can move every asset in it. The seed phrase (also called the recovery phrase or seed words) is the "plain-English version" of the private key: usually 12 or 24 words in a fixed order. They aren't just any random words — they're a seed that, by the rules, can derive the entire set of private keys under your wallet. In other words, a seed phrase usually carries even more power than a single private key — it's the master switch for every account and every chain in that wallet.

Here's the biggest beginner misconception to clear up: that string starting with 0x — your wallet address — is a completely different thing from your seed phrase or private key. The address is a "receiving account number," perfectly fine to hand out to people so they can pay you and perfectly safe to post publicly. The seed phrase and private key are "the password plus the seal" — leak them and you've handed over the entire vault. (For how addresses, checksums and the rest work, see the separate piece on what wallet addresses and ENS names are.)

✖ The line with no exceptions

Your seed phrase and private key: never put them online, never tell anyone, never type them into any webpage or chat box. No airdrop, no support agent, no official campaign, no wallet "upgrade / sync / verification" ever needs them from you. The only legitimate place a seed phrase is ever used is "restoring a wallet inside a wallet app you trust." Anyone else asking for it is there to steal everything you own.

Once you've thought this through, you'll understand why all the practices below look the way they do — every one of them exists to guard this master key.

How to store a seed phrase offline so it stays safe

Since the seed phrase equals the master key, how you store it directly decides whether your money is safe. One principle: get it completely off any connected device.

First, a few things you must never do:

  • Screenshot it into your photo library — the number-one way to die. Phone photo libraries mostly auto-sync to the cloud, so the moment your cloud account is breached or your phone is infected, your seed phrase is out in the open. Some apps even request photo access, which is like leaving the key sitting out on the table.
  • Saving it in a notes / memo app — these also sync to the cloud, same problem as a screenshot.
  • Sending it to your own chat / email / cloud drive — these all live inside connected accounts, and the moment any one of them is breached, the seed phrase walks out.
  • Leaving it copied on the clipboard — some malware specifically watches the clipboard. If you copy it temporarily, clear it once you're done.

Now, how you should store it:

  • Write it on paper. The plainest method and also the most effective. After writing, double-check the order and spelling (one word out of place ruins the whole set), then put it somewhere physical that you control and others won't stumble onto.
  • For something sturdier, use a metal plate. Paper fears water and fire; there are metal plates made specifically for engraving seed words — fire-, water- and damp-proof — ideal for people doing long-term cold storage of larger amounts.
  • Consider splitting it and keeping a backup. If you're worried about losing it, copy it twice and keep them in different places; the meticulous split the 12 words into halves stored separately, so one half alone isn't enough. But don't turn "security" into "even you can't get it back" — balance it.
⚠ Heads up

When you write down your seed phrase, be absolutely sure you're creating the wallet inside the official, genuine app (for how to install and create a wallet through official channels, see the Binance Web3 Wallet guide). If the wallet app itself is fake — downloaded from some sketchy source — then no matter how carefully you copy, it's useless; the seed phrase gets captured right under your nose. The first step of security is making sure the tool that generates the seed phrase is clean.

Hot wallet vs hardware wallet: what each is for

Wallets split into two big categories by "whether the private key is online." Understand the difference and you'll know what money belongs where.

A hot wallet (a phone app, a browser extension, things like the Binance Web3 Wallet) is defined by the fact that the private key lives on a connected device. The upside is convenience — connect to apps and sign anytime — and farming and everyday small interactions all run on it. The cost is large exposure: a device infected with a trojan, a malicious extension installed, a malicious approval signed, any of these can put your private key or assets at risk. It's suited to holding money you can afford, that wouldn't hurt badly if lost.

A hardware wallet (a standalone physical device) is defined by the fact that the private key stays inside that device forever and never touches the internet. To sign a transaction, the transaction data goes into the device, signing happens inside it, and the signed result comes back out — the private key never leaves the device the entire time. That means even if the computer or phone you connect it to is infected, a hacker can't get the private key; at most they can trick you into confirming some transaction on the device (so you still have to read what you're signing on the screen). It's suited to cold storage: long-term holdings, larger amounts, things you don't move often.

▶ The one-line distinction

A hot wallet = the change purse you carry, convenient but don't load it up; a hardware wallet = the safe at home, a hassle but where the important stuff goes. Farming almost always runs fine on a hot wallet; once you've built up an amount you'd hate to lose, put it behind a hardware wallet.

People ask: I don't have much, should I buy a hardware wallet right now? My view is do it as needed. If you're purely farming and your wallet only holds small amounts, getting the "splitting funds" and "regular revoke" we cover below solid is more practical than rushing to buy hardware. Once your long-term assets reach a certain size, then put them in cold storage on a hardware wallet — that's when its value really pays off.

Splitting funds: don't keep real money in your farming wallet

If you remember only one thing from this piece, I want it to be this: use a dedicated wallet for farming — don't farm with your net worth.

The reasoning is plain. Farming means you'll constantly connect to unfamiliar, time-untested on-chain apps, sign all sorts of approvals, and run all sorts of new protocols. Every one of those operations is an exposure point, and your odds of stepping on a landmine are far higher than if you just held coins and sat still. If you keep farming and long-term assets in the same wallet, that's like taking your whole nest egg into a minefield — one wrong approval, one phishing site, and what you lose is everything.

The right way to split it, in a clear hierarchy:

  • Dedicated farming wallet (a small hot-wallet pouch). Used solely for connecting to apps, doing interactions, and claiming airdrops. Keep only the gas and small principal you need for this stretch of farming in it — load what you'll use. It has the largest exposure, so push the balance to the minimum — even if it gets phished, you only lose this small change.
  • A funding hub / exchange. Keep the bulk of your funds on an exchange like Binance (deposits, withdrawals and trading all happen there — see the Binance Web3 Wallet guide). When it's time to farm, withdraw a small amount from there into your farming wallet, then send your gains back to cash out (for how to send them back and sell, see how to cash out your airdrop tokens).
  • A long-term cold vault (a clean wallet / hardware wallet). Assets you genuinely want to hold long-term go in a clean wallet that rarely connects to anything unfamiliar, or in a hardware wallet. This wallet isn't used for farming, so its exposure is close to zero — the safest spot.

The essence of this split is using isolation to lock risk into a small room: physically separate the high-risk activity (farming) from the high-value assets (your net worth), so the maximum loss from any single accident is contained in that small pouch. This is also why this site keeps arguing for single-wallet genuine participation rather than running dozens of accounts — one wallet you can manage and protect, while dozens of accounts mean you can't even keep all the seed phrases straight, and holes open up everywhere (for why multi-accounts are a dead end in 2026, see what a Sybil attack is).

To put this fund-splitting into practice, you first need your on/off-ramp and your farming wallet set up. Start from a legitimate channel and the later steps — splitting, transferring, cashing out — all flow smoothly.
Binance referral code BNB3469
▶ Sign up for Binance ⚒ Open a Web3 WalletSame code BNB3469

* Sign up through our referral code for 20% off trading fees.* The actual discount rate is whatever Binance's page shows and may change with policy. Crypto prices are highly volatile — take part responsibly.

Revoke regularly: clear out the approvals that fell asleep

Even with a cleanly split wallet, there's a class of risk that builds up slowly — approvals. As covered earlier (spotting fake airdrops and phishing goes deep on approval phishing), every time you use a DeFi app you often have to approve it "to move one of your tokens," and many approvals are for an unlimited amount. These approvals don't expire on their own: long after you've stopped using that app, the approval is still sleeping there. If one day that contract gets hacked, or it was an ambush from the start, that sleeping door can be pushed open at any time and that token swept away.

So you have to clean them out periodically — the circle calls this revoking (canceling approvals). The tool is revoke.cash, and it's simple:

  • Connect your wallet (it only reads your approval history — you don't hand it anything).
  • It lists which contracts this address has approved, for which token, and how big the allowance is.
  • For anything you no longer use, can't place, or that has an unlimited allowance you don't need that big, revoke them one by one. Revoking itself sends an on-chain transaction and costs a little gas, so keep some gas in the wallet.
▶ Make it a habit

No need to check daily, but build a rhythm: every so often, or after each batch of farming interactions, run through revoke.cash and revoke the approvals you don't use. Be especially diligent with your dedicated farming wallet, since it connects to the most unfamiliar apps. This takes only a few minutes, but it seals off the path that lets "dormant approvals get exploited later."

▶ A field note

We connected a wallet that had been around a while and farmed quite a few protocols, and the moment we checked it on revoke.cash, it listed over a dozen approvals — fewer than half still in use. Most of the rest were unlimited allowances we'd clicked through to use some app once; the app was long abandoned, but the door had stayed open. We revoked the ones we couldn't place or didn't need unlimited for, one by one, keeping only what was still in use; the cost was just a bit of loose time plus a little gas, and afterward we felt a lot more at ease. Those sleeping "unlimited approvals" are a timed liability — find a free moment and run your everyday wallet through the same check; odds are you'll dig up a few you'd forgotten about entirely.

How to cancel a wallet approval (how to use revoke.cash)

A lot of people search "how to cancel a wallet approval," which really just means pulling back the sleeping approvals from the last section, one at a time. Here's the step-by-step on revoke.cash. Step one, open revoke.cash, paste in the wallet address you want to check and just read it first — this step needs no wallet connection, and it can already list which contracts the address has approved, for which token, and how large the allowance is. Look without connecting first, get a sense of the picture.

Step two, when you actually want to revoke, connect the wallet and switch to the correct chain in the top-left (Ethereum and BNB Chain approvals are handled separately — don't clear one chain and assume you're clean). Step three, pick out the approvals that are unplaceable, long unused, or set to unlimited and click Revoke next to them. Each revoke sends an on-chain transaction, asks you to confirm in your wallet, and costs a little gas, so keep enough of that chain's native coin to pay for it (for what to do if you have no gas, see the section below and what a gas fee is). After revoking, refresh and that approval should drop off the list. One reminder: revoking only closes the "can still move your token later" door — it can't recover coins that were already swept away. So this is a preventive move, the earlier the better; don't wait until something goes wrong to remember it.

What to do if your wallet is hacked, and can you recover the funds

Let's start with the harshest but most important truth: an on-chain transfer is irreversible once confirmed, and the vast majority of stolen coins can't be recovered. No one can "reverse the transaction" for you, and anyone claiming "pay a fee / deposit and I'll recover your stolen assets" is almost certainly there to scam you a second time — never fall for it. Accept that, and what we're really talking about isn't "recovery" but how to stop the bleeding and keep the loss as small as possible.

If you discover your wallet is hacked, handle it in this order. One, immediately move whatever assets haven't been swept yet. If other coins remain in the wallet, send them at once to a brand-new, never-leaked safe wallet — but note: if what the attacker got was your seed phrase, then every address under this wallet is already exposed, and the instant you move funds out, a script may snipe them (this is called being "watched in the pool"). In that case, either race to move the valuable assets with a fresh wallet, or simply abandon this wallet. Two, disconnect all approvals and connections — if you can, use the revoke above to pull all approvals on this address (assuming it's still usable). Three, retire this address for good — never send money into a leaked seed phrase / private key again. Four, if the stolen funds flowed to an exchange, take the transaction hash and contact the relevant exchange (such as Binance) and your local police as soon as possible — whether a freeze is possible depends on whether the other side has withdrawn and whether the platform cooperates; success is unlikely but leaving a record beats doing nothing. Through all of this, don't panic-sign things — many people, in a panic, click a second phishing link and make it worse.

What to do if you forget or lose your seed phrase

This splits into two situations with completely different outcomes. First: you lost the seed phrase, but the wallet app is still installed and working normally. This doesn't count as losing your coins — do one thing right away: in the app, move your assets to a new wallet whose seed phrase you've properly backed up, then retire this unbacked-up wallet. Because the day you switch phones, the app glitches, or the device breaks, without the seed phrase you can never restore it again, so move house while you still can.

Second: the seed phrase is completely gone and you can't even log into the wallet anymore. Here the blunt truth: the seed phrase is the only credential that restores a wallet, and without it no one — including the wallet's makers, including any "recovery service" — can help you restore it. That's exactly how decentralized wallets are designed: there's no support backend that can reset your password. So this situation essentially equals permanently locked assets, unrecoverable. That's also precisely why the second section above keeps hammering on storing the seed phrase offline, double-checking it, and keeping a backup — it isn't a hassle, it's your only insurance. If your wallet is still fine right now but you haven't properly backed up the seed phrase, don't just read on — go back to the Binance Web3 Wallet guide and shore up the backup step. And one last anti-scam reminder: any page or "support agent" that asks you to "enter your seed phrase to help recover / restore / upgrade" is a scammer; legitimate recovery never requires anyone else to touch your seed phrase.

The most common ways wallets get drained

Ground the principles above in concrete scenarios and you'll feel them better. These are the ones beginners step on most:

  • The seed phrase reached a connected device. Screenshotted to photos, saved to notes, sent to yourself — the moment the device or cloud account is breached, the whole wallet is emptied. Fix: keep the seed phrase offline the entire time, see section two above.
  • Signed an unlimited approval, swept a few days later. On some (possibly phishing) page you signed an approve / permit for unlimited, nothing happened at the time, and later the scammer picked a moment to sweep it all in one go. Fix: read the pop-up before signing, lower the allowance, revoke regularly.
  • Installed a fake wallet / fake extension. A wallet downloaded from an unofficial source is just a shell, and the seed phrase is captured at creation or import. Fix: install wallets only through official channels.
  • Tricked into handing over the seed phrase by fake support. Your wallet has a minor issue, "support" proactively DMs you and helpfully walks you through entering your seed phrase "to recover it." Fix: real support never wants your seed phrase, and anyone who approaches you unprompted is a scammer.
  • Not splitting farming from your net worth. Farming with your main wallet, one accident costs you everything. Fix: a dedicated small farming pouch, with the big money stored elsewhere.
  • One seed phrase managing dozens of accounts. Running multi-accounts is both easy to disqualify as a sybil and a security nightmare — you can't keep up, and one getting phished can expose the others. Fix: single-wallet genuine participation.

You'll notice the same handful of principles keep doing the work behind these scenarios: keep the master key offline, understand what you sign, isolate risk, clean up regularly. Security isn't some advanced technique — it's these few habits, stacked and done every day. Turn them into muscle memory and you've cleared the most dangerous part of farming.

Next, read spotting fake airdrops and phishing too — this piece covers how to guard your wallet, that one covers what the monsters look like and how to save yourself when phished; read together they're complete. If you don't have the big picture yet, go back to the Binance Web3 Wallet guide to gear up your first piece of equipment, then run a checklist against the 10 mistakes beginner farmers make most. Protect the wallet, and farming can last.

Frequently asked questions

Are a seed phrase and a private key the same thing?

Pretty much, just in a different form. A private key is a long string of characters that directly controls one account; a seed phrase is a set of words (usually 12 or 24) that can derive the entire set of private keys under your wallet, so a seed phrase usually carries even more power than a single private key. For you, both are the master key — whoever holds it owns the wallet — and they get the exact same level of protection: never put them online, never tell anyone, never type them into any webpage or chat box.

Is it safe to store my seed phrase in a phone note or as a screenshot in my photos?

Very unsafe, and it's one of the most common ways beginners lose everything. Notes and photo libraries usually sync to the cloud automatically, so the moment your phone is compromised or your cloud account is breached, the seed phrase leaks with it; and some apps can read your photos too. The right way is to keep it offline: write it on paper, engrave it on a metal plate, and keep it somewhere physical that you control, never on any connected device.

I don't have much money. Do I really need a hardware wallet?

It depends on how much you plan to park long-term and for how long. If you're purely farming and your wallet only holds small amounts, using a clean hot wallet as a "dedicated farming pouch" and keeping larger sums on an exchange or a hardware wallet is enough. Once your long-term holdings grow to an amount you'd "hate to lose," putting them in cold storage on a hardware wallet is well worth it. The whole point of a hardware wallet is that the private key never touches the internet — signing happens inside the device — which sharply cuts the risk of remote theft.

Why should I use a dedicated wallet for farming instead of my main wallet?

Because farming means constantly connecting to unfamiliar on-chain apps and signing all sorts of approvals, so your exposure is large and your odds of stepping on a landmine are high. Do that in a small dedicated wallet, and even if you get an approval phished or run into something malicious one day, the loss is capped to that small pouch — your main holdings and long-term assets sit untouched in a separate, clean wallet that rarely connects to anything new. That's using "isolation" to lock risk into a small room.

How often should I clear out approvals (revoke)?

There's no hard rule, but build it into a habit: every so often, or after each batch of on-chain interactions, connect your wallet to revoke.cash and look it over, then revoke approvals you no longer use, can't place, or that are set to unlimited. Revoking costs a little gas, but it cuts off the channel that lets dormant approvals get exploited later — cheap, high-value everyday protection.

For clearing approvals, use revoke.cash; for a wallet's official security and backup guidance see the MetaMask Help Center; for plain-language explanations of seed phrases, private keys, and hot vs cold wallets, see Binance Academy; and to check the on-chain history of your own address, use the block explorer Etherscan.

▶ NEXT

Farm these quests next

Spotting fake airdrops and phishing scams illustration
Safety

The Complete Guide to Spotting Fake Airdrops & Phishing

Approval phishing, fake claim pages, drainers, seed-phrase scams — recognize them and save yourself.

Enter quest ▶
 Binance Web3 Wallet creation, backup and withdrawal illustration
Intermediate

The Complete Binance Web3 Wallet Guide

Create, back up the seed phrase, withdraw, connect to DeFi — gear up your first piece of equipment.

Enter quest ▶
 Wallet address and ENS name safe-receiving illustration
Beginner

What Are Wallet Addresses and ENS Names?

One wrong character in a 0x address and the coins are gone — checksums and how to verify.

Enter quest ▶
 Common beginner farming mistakes checklist illustration
Beginner

The 10 Mistakes Beginner Farmers Make Most

Wrong network, careless approvals, sloppy key storage — one checklist to defuse them.

Enter quest ▶