Security and lack thereof

Hallo everyone,
I will try to make this brief but will apologise in advance if I am coming at this from a “lack of knowledge” perspective.

I am new to this so obviously I am putting in as much research as I possible can.

I have a came across what I can only describe as a “surprising” lack of security. As I wish to stake TIME using Metamask I did research into how best protect my assets from being hacked and I did manage to find some (good) tips.

Here they are for anyone who might not know them. Please feel to add and / or correct me:

  1. Create a good strong password with Meta Mask

  2. Write your 12 word Seedphrase down on paper and hide it somewhere, never share it with anyone.

  3. Always make sure the pc you are checking your staked time is secure and no one else has access to it.

  4. Make sure your wallet is disconnected and that your Meta Mask is no longer signed in.

  5. Any suspicious emails that offer you “updates / free crypto advice / sponsorships” etc, however professional they might seem, avoid opening them just incase a virus is ready to pop on to your device which gives them control.

  6. Always go to the “connected sites” option on Metamaks and delete Wonderland.

  7. Best to use a cable rather then open un protected WiFi when connecting your PC.

  8. Don’t use public WiFi.

  9. Always book mark “original” and “authentic” pages. So here you can go to trusted Youtubers and maybe to Daniele’s Twitter, check first they haven’t been hacked and there is the danger the hacker could be posting a similar looking but fake URL. If everything looks good go to the real Wonderland /Binance / Traderjoe pages aso and then bookmark those pages to ensure you always go back to the original. Still double check though!

10.Refrain from taking screen shoots and videos to post, complain about loses or to show gains off to your friends due to sensitive information that you might not notice, but a hacker would.

  1. Always double check windows updates when your PC (or mac) requests them before verifying.

  2. Be aware that some trusted youtubers have importers that will pose as them on their YT channels offering updates via whats app for free.

So that is a basic collection of tips I was able to scrap together as a beginner I hope it helps.

I also contacted both Hardware wallet companies to ask them if their devices currently support Time Tokens. Sara from Ledger got back to me after two days and told me that Ledger does not, although it is compatible with meta mask it is not possible to stake Wonderland 100% effectively atm.

Trezor still has not answered my request.

I have seen people claiming they used ledger for Time and forwarded a YT video to Sara from Ledger to see what she thinks of it. I will share her answer in the comments.

This was slightly disheartening as I have no problem buying a hard wallet to protect my assets but I guess it will take time until they become more “Avalance” friendly? (Sara mentioned that was the issue)

So I will be sure to keep my eyes open.

I personally would welcome a “wonderland two step verification method” f.e. email and password. Or sms / email. I heard SMS is not a good idea for our friends in the states so maybe they could think of something additional?

Also having a community like this we could also build a team of “anti hackers”? Just suggesting as I believe in the long run we will run into each other more often and grow as a community… we will also be making money thanks to each other so it would be nice if we protect and support each other.

Anyways, hope this helps and look forward to learning from you guys!

Stake well, Karim


Following the steps outlined above, there are no security issues. Tying your wallet to a burner email or your public identity is not something everyone would be okay with.

1 Like

That’s a really nice list. It might help if my proposal will go further. Some of this tips can be applied to #1 and #3 (Some basic USER SECURITY features). Thanks for your summary!

1 Like

Thank you for taking the time to read through it.

May I ask, have you been able to use a wallet yet when staking Time? Trezor are taking ages to get back!

Have a good one!

Thank you so much, I will try and open the list later, happy staking for now!

Trezor works fine w/ metamask. If everybody had a hardware wallet, we would see very little theft. We need to push hardware wallets very strongly for newbies.

1 Like

Thank you for this information. Although it is a little sad that a fellow frog has to share this information with is just because Trezor has not answered my request going on two weeks which leads me to put very little faith in their customer service.

Dear Cascadian, could I kindly ask you to share your experience with them? Which model are you currently using? How long did the delivery take? Do you have any suggestions as to how to contact them a little faster? Any additional tips?

I will cool my judgement and just assume Trezor is busy with an overwhelming amount of newbies wishing to protect their WL tokens :wink:

I have a Trezor T. Ordered from the company website, took about a week to be delivered. They are quite simple to use. Highly recommend it.


All of your suggestions are great security tips and some are just basic common sense tips that all users should utilize wherever they surf the web. I will add one more tip that should help all users based on what I have been seeing in the Discord chats. Several users have had their coins wiped out due to the fact that, somehow, a hacker was able to retrieve their seed phrase words (think infected site(s) that a user may have frequented, keylogger, etc. Here is the rub - when a user approved a smart contract when purchasing a coin(s), a lot of these contracts default to an unlimited amount that can be withdrawn from the users account merely as a convenience to that user. I believe that one can change that setting before committing to the contract but I am not sure. However, if not, the user can still go back and alter said contract, via DeBank or other sites, and withdraw the contract so that the hacker cannot withdraw all of the users funds without their knowledge.

All of this is assuming that the user is utilizing the “soft” wallet in Metamask versus using a Ledger or a Trezor hardware wallet where the keys are kept on the hardware wallet.

1 Like

Not going to lie, this one had my head spinning, all the more reason to invest in a hard wallet imo!

Thank you for sharing this DHLDmoore… cute dog btw haha

1 Like