Best Practices for Creating and Securing ERC-20 Wallets while Testing HAT Apps
The goal of the HAT.Exchange ecosystem is to create the most accessible and simplest to use cryptocurrency wallet, fiat-to-crypto exchange, and goods/services marketplace, but as with anything having to do with technology and currency, security considerations are always going to make things a little more complicated. In the past week we had a few cases of our users and beta testers reporting that they were unable to send or access their HAT tokens. Let’s go over the process for avoiding any possibility of this happening:
The most important step users can take is to make sure they have full access to the ERC-20 compatible wallet(s) they’ll be using with the HAT apps via MyEtherWallet (MEW) or MetaMask. In this way, users can avoid losing access to their HAT tokens even if HAT services are temporarily down, or if a feature in the HAT app is not available for any reason. Whether you’ve created your wallet from within the HAT application, or you’ve done so using MEW, it is critical that you backup and securely store your private key, password, and in the case of the HAT app, your passphrase. If you plan to transfer your HAT tokens from your wallet to another wallet or an exchange, then you must have a minimum amount of ETH in the wallet to cover gas fees.
Here’s what NOT to do: do not create a new wallet from within the HAT wallet or beta application without writing down your PIN and passphrase, and without securely backing up and storing your private key.
Here’s what you SHOULD do: You most certainly can create your wallet using the HAT app, but to ensure full access at all times while we get through the testing and beta phase, it is advisable to make sure you know how to access your wallet using MEW or MetaMask. The foolproof way to do is to create the wallet you plan to use on the MEW site first, and then link it to the HAT app. Start by visiting https://www.myetherwallet.com and following the step-by-step instructions, making sure to back up your private key, preferably to multiple, offline locations, including USB sticks and paper printouts. Whenever you interact with the MEW website, always check the SSL cert and URL of the website, ensuring that you are connecting to MEW’s servers and not a phishing site. The MEW website has a getting started tutorial here: https://myetherwallet.github.io/knowledge-base/getting-started/creating-a-new-wallet-on-myetherwallet.html. Another option is to install the MetaMask browser plugin, create the wallet, and backup your private key. More information can be found at https://metamask.io/
If you do one thing and one thing only: always back up your ERC-20 private keys!