🔐 ShieldGuard — Hot Wallet Security Checklist

⚠️ Warning:
Hot wallets (browser extensions, mobile wallets, web wallets) provide convenience but come with significantly weaker security compared to hardware wallets.
ShieldGuard does not recommend storing large amounts of assets in hot wallets.

However, if you must use a hot wallet for trading or daily transactions, follow these security tips to reduce risks:

✅ Best Practices for Hot Wallet Security

Use Strong Authentication

Always enable 2FA (Google Authenticator, Authy, or hardware-based 2FA).

Avoid SMS-based 2FA.

Keep Software Updated

Regularly update wallet apps, browser extensions, and operating system.

Outdated software is the #1 entry point for hacks.

Beware of Phishing Links

Only download wallets from official sites/app stores.

Double-check URLs before entering private keys or seed phrases.

Never Share Your Seed Phrase

Store your seed phrase securely offline (paper or encrypted cold storage).

Never save it in cloud storage, email, or screenshots.

Limit Wallet Exposure

Use hot wallets only for small, daily-use funds.

Keep your main holdings in a hardware wallet.

Secure Your Devices

Use antivirus, firewall, and strong device passwords.

Avoid public Wi-Fi when accessing wallets.

🛡️ At ShieldGuard, we believe in empowering users with secure practices.
🔒 For maximum safety, always prioritize cold storage solutions (hardware wallets).

🛡️ ShieldGuard Security Guideline

Revoking Approvals Made Earlier in EVM Wallets

🔎 Why approvals matter

When you connect your wallet to a dApp, you often grant it permission (an approval) to spend or interact with your tokens. These approvals are stored permanently on-chain until you revoke them.

If left unchecked, scammers can exploit old or unlimited approvals by hacking or abusing the connected smart contracts — potentially draining your funds, even if you no longer use that dApp.

That’s why regularly reviewing and revoking unused approvals is a critical security practice.

🛠️ Types of approvals

There are generally two categories of approvals in EVM-based wallets:

1. By Contracts – Approvals you granted to specific smart contracts (e.g., DEX, NFT marketplace, lending protocol).
2. By Assets – Token-level approvals allowing dApps to spend a specific token (e.g., USDT, SHPRO, ETH).            Both types can be abused if left active.

🚨 The risks of unused approvals

• Hacked dApps or contracts → If a protocol you once trusted is compromised, attackers can use your old approvals.
• Rug pulls & exploits → Malicious developers may design contracts that exploit broad token approvals.
• Forgotten connections → Even if you no longer use a dApp, its approvals may still be active forever.

👉 Revoking approvals reduces your attack surface and protects your wallet.

✅ How to revoke approvals

We recommend using Rabby Wallet for managing and revoking approvals. Rabby provides a clean, user-friendly interface to view all your past approvals across different tokens and contracts.

Steps:

1. Open Rabby Wallet and go to the Approval Management section.
2. Review the list of contract approvals and asset approvals.
3. Identify those you no longer use or trust.
4. Revoke them with one click.
5. Confirm the transaction in your wallet.

⛽ Gas & cost considerations

• Revoking costs gas on the chain (ETH gas on Ethereum; BNB gas on BSC; etc.).
• Batching saves money → Most UI tools revoke one approval per transaction, but Rabby Wallet supports batch revokes, letting you revoke multiple approvals in a single transaction. This saves both time and fees.
• Timing matters → If possible, revoke during off-peak hours to pay lower gas.

🛡️ ShieldGuard Recommendation

• Audit your approvals at least once every 2–3 weeks, or after using new dApps.
• Always revoke approvals for projects you no longer trust or use.
• Use Rabby Wallet’s batch revoke to efficiently clean your wallet in one go.

By staying proactive, you minimize attack risks and ensure your funds remain safe.

🔗 Stay protected with ShieldGuard Protocol — because prevention is stronger than recovery.

ShieldGuard Learn — Security Guideline

Protecting Yourself from Telegram-Based Hacks

Context
The THORChain founder’s $1.2M wallet hack started with a compromised Telegram account belonging to a trusted friend. A malicious Zoom link delivered through Telegram triggered the attack, leading to drained funds. Similarly, ShieldGuard’s Co-Founder and CEO, Ajayakumar K, faced a hacking attempt where a fraudster (posing as a VC) sent a fake Zoom link that attempted to install remote control software and keyloggers. Thankfully, he identified and reported the attempt in time.

These cases highlight a serious reality: Telegram has become a primary hunting ground for scammers, many of whom operate systematically, launching impersonation, malware, and social engineering attacks. Their goal is not just your crypto wallet, they target your entire wealth, including bank accounts and sensitive personal data.

If you are using Telegram for communication in crypto, you must assume you are a potential target.

 ShieldGuard Telegram Security Guidelines

Follow these mandatory security practices to secure your account:

1. Account Privacy & Identity Protection

• Hide your phone number from everyone (Settings → Privacy and Security → Phone Number).
• Disable calls (both audio and video) unless from trusted contacts.
• Prevent strangers from adding you to groups or channels.
• Disable forwarded messages so your identity cannot be traced via forwarded content.

2. Authentication & Device Security

• Set a strong password for your Telegram account in addition to your SMS login.
• Enable Two-Factor Authentication (2FA) (Settings → Privacy and Security → Two-Step Verification).
• Create a local passcode lock for your Telegram app to prevent device-level hijacking.
• Regularly check active sessions (Settings → Devices) and immediately terminate all unknown sessions.
• Always log out from public or shared devices.

3. Data & Information Protection

• Clear payment and shipping info from your account to avoid leakage.
• Never click on suspicious links (Zoom, Google Docs, airdrop forms, etc.) even if they appear to come from a trusted contact.
• Do not connect third-party websites or bots to your Telegram unless they are verified and absolutely necessary.
• Disable “Suggest Frequent Contacts” to reduce exposure to impersonation attempts.

4. Proactive Measures

• Subscribe to Telegram Premium for added security features and advanced privacy options.
• Regularly update the app from official app stores to patch vulnerabilities.
• Report suspicious accounts and block them immediately.
• Use multiple communication channels for sensitive discussions (do not rely on Telegram alone).

5. ShieldGuard Critical Recommendation

• Treat any link shared via Telegram as potentially malicious. Verify directly with the sender through another channel before clicking.
• Keep crypto wallets (especially mobile hot wallets) separate from your Telegram device. Avoid storing significant assets on the same phone you use for Telegram.
• For funds over $1,000, always move assets to a hardware wallet (cold storage).

 Final Note

Telegram is a powerful tool for crypto communities but is also exploited by professional scam networks. Protecting yourself requires strict privacy settings, disciplined security hygiene, and the use of hardware wallets.

This guideline is prepared under ShieldGuard Learn:ShieldGuard Protection and Scam Prevention & Education.

🔐Save Your Crypto Assets from PC-Based Hacks

📌 Why PC Security Matters

Many investors use Chrome-based wallet extensions (like MetaMask, Trust Wallet, etc.) to store and manage their crypto assets. While convenient, these wallets can become highly vulnerable if your PC security is weak. A compromised PC can give hackers direct access to your private keys, seed phrases, and wallet connections — leading to irreversible asset theft.

⚠️ How Hackers Exploit a Weak PC

1. Malware & Keyloggers – Malicious software records your keystrokes to steal seed phrases and passwords.
2. Phishing via Email – Clicking on infected attachments or links can install backdoors for hackers.
3. Telegram Desktop Risks – Malicious files or links received in Telegram can infect your PC.
4. WhatsApp Connectivity – Fake files, cracked software, or phishing links shared via WhatsApp Web/Desktop can be exploited.
5. Browser Exploits – Outdated Chrome or extensions may be hijacked, giving hackers control over wallet activity.

🔐 Safety Measures for a Secure PC

• Use Updated Software – Keep your OS, Chrome browser, and wallet extensions always updated.
• Install Trusted Antivirus/Anti-Malware – Regular scans can detect and remove hidden threats.
• Email Hygiene – Never open suspicious attachments or click unknown links.
• Secure Messaging Apps – Avoid downloading unknown files from Telegram Desktop or WhatsApp.
• Dedicated Browser/User Profile – Use a separate Chrome profile or dedicated browser only for crypto wallets.
• Disable Auto-Connect – Turn off auto-login and auto-connect features in wallet extensions.
• Strong Authentication – Use hardware wallets wherever possible, and enable 2FA for exchange logins.
• Regular Backups – Store encrypted backups of your seed phrases offline (never on your PC).

✅ Final Note from ShieldGuard

Your PC is the first line of defense for your crypto assets. Hackers often don’t need to attack blockchains directly, they target weak devices. By securing your computer, practicing safe browsing, and avoiding risky email or messaging app behavior, you can significantly reduce the chances of losing funds through Chrome-based wallet hacks.

🔗 Stay informed with ShieldGuard Learn → ShieldGuard Protection. Knowledge is your shield!

🛡️  Security Guidelines: Protect Your X (Twitter) Account

X (Twitter) is a prime target for hackers who use DM-based social engineering, phishing links, and impersonation to steal wallets and personal data.

Follow these steps to stay safe 👇

🔐 1. Enable Strong Authentication

• Use 2FA with an authenticator app (avoid SMS).
• Create a unique, strong password.

📥 2. Be Cautious with DMs

• Don’t trust unsolicited DMs — hackers impersonate admins/influence
• Never share seed phrases or wallet details.

🌐 3. Avoid Malicious Links

• Double-check URLs & bookmark official sites.
• Beware of fake domains like “shíeldguard.io”.

👤 4. Protect Your Personal Data

• Don’t overshare details publicly.
• Keep wallets & social accounts separate.

🚨 5. Stay Alert

• Most hacks on X happen via social engineering in DMs.
• If it looks too good to be true, it is.

✅ Stay safe with ShieldGuard.
💡 Education is your true defense.

🛡️ ShieldGuard Protection Guideline

Saving Yourself from Email Attacks

Email remains one of the most common entry points for cybercriminals. Phishing, malware attachments, spoofing, and credential theft are widely used tactics to steal money, data, or access. ShieldGuard Protection outlines the key steps every user must follow to stay safe.

1️⃣ Understanding Email Threats

Phishing Emails → Fake emails that trick you into clicking malicious links or sharing credentials.
Spoofed Addresses → Attackers disguise their email to appear like it’s from a trusted source (e.g., your bank).
Malware Attachments → Infected files sent as invoices, reports, or PDFs that install keyloggers or ransomware.
Business Email Compromise (BEC) → Hackers impersonate company executives to request urgent money transfers.

2️⃣ Best Practices to Avoid Phishing & Email Hacks
🔒 Verify the Sender
Always check the sender’s email domain carefully (e.g., @bank.com vs. @bánk.co).
Hover over links before clicking to reveal the actual URL.
🚫 Don’t Trust Urgent Calls-to-Action
Be skeptical of emails that say: “Your account will be suspended,” “Pay immediately,” or “Confirm your password now.”
Attackers create panic to force quick action.
📎 Beware of Attachments
Never download attachments from unknown senders.
If it’s from a colleague but looks unusual → call them to verify.
🔐 Enable Two-Factor Authentication (2FA)
Protect your email account with 2FA (Google Authenticator, Authy, YubiKey).
Even if your password is stolen, hackers can’t log in without the second factor.
🛡️ Use Email Security Tools
Activate spam filters and phishing detection in Gmail, Outlook, or your email provider.
Use anti-malware and anti-virus software with email scanning.
🔑 Strong Password Hygiene
Use unique, complex passwords for your email.
Never reuse your email password on multiple platforms.
Store credentials in a password manager (e.g., Bitwarden, 1Password).

3️⃣ Advanced Protections
Email Encryption → Use PGP/GPG or end-to-end encrypted providers (ProtonMail, Tutanota).
Custom Domain Security → If you run a project, enable SPF, DKIM, and DMARC records to protect users from spoofing.
Security Awareness Training → Regularly train team members to spot phishing and verify suspicious messages.

4️⃣ What To Do If You Suspect an Email Hack
Immediately change your password and enable 2FA.
Log out of all devices from account settings.
Scan your system for malware.
Report phishing emails to your provider (e.g., Gmail → “Report phishing”).
Inform your network if hackers could impersonate you.

✅ ShieldGuard Takeaway:
Your email is the front door to your digital life. By practicing vigilance, using strong authentication, and avoiding suspicious links or attachments, you can shield yourself from most email-based scams.

🛡️ ShieldGuard Protection: CEX/DEX Investment & Storage Guidelines

The recent multi-billion dollar incident involving Bybit, where a supply chain compromise led to the theft of funds from a seemingly secure cold wallet, dramatically underscores the risk of relying on Centralized Exchanges (CEXs) for asset storage.

Your security is an active choice. Here are the ShieldGuard guidelines for interacting with exchanges:

🔑1. Mandatory Vetting: Why Proof of Reserves (PoR) Matters

When choosing a CEX for trading, the presence of Proof of Reserves (PoR) must be a minimum requirement.

• What is Proof of Reserves (PoR)? PoR is a public audit that uses the transparency of public blockchains and cryptography (like Merkle Trees) to verify that a centralized exchange holds the assets it claims to hold for its clients. In simple terms, it proves the exchange has a 1:1 backing of customer deposits at a specific point in time.
• Why It Matters: PoR addresses a fundamental question of trust: “Does this platform have the assets it claims to have?”. It makes it significantly harder for exchanges to operate with less than full reserves or engage in risky lending practices that led to major collapses in the past. While PoR is a powerful tool for transparency, it is not a full financial audit and does not guarantee against hacks, fraud, or mismanagement after the audit snapshot.
• ShieldGuard Recommendation: Only select CEXs that provide verified PoR for key, foundational cryptocurrencies like Bitcoin (BTC) and Ethereum (ETH). These two assets represent the backbone of the industry, and their verifiable presence demonstrates robust financial practices by the exchange. Exchanges that offer PoR include established names like Kraken and Gemini.

🔒2. Golden Rule: Not Your Keys, Not Your Crypto

The fundamental risk of a CEX is that they hold your private keys, giving them custody of your funds.

• CEX Risk vs. EVM Wallet Control: Centralized exchanges are attractive targets for sophisticated attackers, as demonstrated by the Bybit hack (which involved $1.5 billion worth of ETH). They also expose you to regulatory, operational, and bankruptcy risks. Non-custodial wallets (like EVM wallets) put you in full control of your private keys, making funds nearly impossible for external hackers to access unless your device is compromised.

🔒3. ShieldGuard Asset Storage Guidelines

Follow this tiered strategy for asset storage:

Tier 1: Cold Storage (Mandatory for Savings)

• Hardware Wallets (Recommended): For all large holdings and long-term savings, always move your assets off the exchange and onto a hardware wallet (cold storage). These devices store your private keys completely offline, offering maximum security.

Tier 2: EVM/Hot Wallets (For Trading/DEX)

• Post-POW Exchange Withdrawal: If you must keep funds accessible for immediate trading, immediately withdraw assets from the CEX wallet to your personal, non-custodial EVM (Ethereum Virtual Machine) wallet (e.g., MetaMask, Rabby). These wallets provide you with custody and control.
• Why EVM Wallets Post-CEX? By moving to an EVM wallet, you transfer the custody risk from a single, large centralized target (the CEX) to your own isolated wallet, which is only vulnerable if you personally fall for a phishing or malware attack (risks you can mitigate with proper personal security hygiene).

Tier 3: POW Exchanges (If CEX Storage is Unavoidable)

• Use POW Exchanges ONLY for Liquidity: If you absolutely need funds on a CEX for liquidity purposes (trading), select a CEX known for its security and verified PoR in BTC and ETH (both POW chains). While this doesn’t eliminate the risk, a CEX dedicated to robust security practices (often audited by third parties) is a better choice than a non-compliant one.

⚠️ Final Note

Your safety depends on who you trust with your crypto. CEXs may fail, DEXs may be exploited — but by following ShieldGuard guidelines, you minimize exposure:

✅ Only trade on PoR-backed exchanges.

✅ Never store assets on exchanges.

✅ Always secure funds in your own wallets.