Wallet Security Guide
Security is paramount when using automated trading bots. This guide covers best practices for keeping your funds safe on SuiSwarm.
Private Key Security
How SuiSwarm Protects Your Keys
- AES-256-GCM Encryption: Military-grade encryption for your private keys
- Local Storage Only: Keys are encrypted and stored locally, never on servers
- No Plain Text Transmission: Keys are never sent over the network
- User-Controlled Access: Only you can decrypt with your password
Best Practices
Use a Dedicated Trading Wallet
- Create a separate wallet specifically for trading
- Only fund it with amounts you're actively trading
- Keep majority of funds in cold storage
Regular Key Rotation
- Change trading wallet keys periodically
- Move profits to secure storage
- Monitor for unusual activity
Secure Your Device
- Use strong device passwords
- Enable 2FA where possible
- Keep browser and OS updated
- Use antivirus software
Platform Security Features
Token Gating
- 1,000,000 PUMPKIN tokens required for access
- Prevents unauthorized platform usage
- Creates aligned incentive structure
Encrypted Storage
Encryption: AES-256-GCM
Key Derivation: PBKDF2
Storage: Browser LocalStorage (encrypted)
Access: Password protected
Session Management
- Automatic session timeout
- Secure cookie handling
- IP-based rate limiting
- WebSocket authentication
Security Checklist
Before Starting
- Using a dedicated trading wallet
- Backed up wallet seed phrase
- Strong unique password set
- Browser is up to date
- On secure network (no public WiFi)
During Trading
- Monitor bot activity regularly
- Check for unusual transactions
- Verify trade confirmations
- Keep logs of all activity
After Trading
- Move profits to secure wallet
- Review trade history
- Check for any anomalies
- Log out when finished
Red Flags to Watch For
Phishing Attempts
❌ Emails asking for private keys ❌ Fake SuiSwarm websites ❌ Unsolicited DMs about "upgrades" ❌ Requests to "verify" your wallet
Platform Issues
⚠️ Unexpected logouts ⚠️ Changed settings you didn't make ⚠️ Unknown transactions ⚠️ Suspicious bot behavior
Emergency Procedures
If Compromised:
-
Immediately:
- Stop all bots
- Transfer funds to new wallet
- Change all passwords
- Review transaction history
-
Within 24 Hours:
- Contact [email protected]
- Document all suspicious activity
- Create new trading wallet
- Update security measures
Advanced Security
Hardware Wallet Integration
For maximum security, consider:
- Ledger integration (coming soon)
- Multi-sig setups
- Time-locked contracts
API Key Management
When using CEX integrations:
- Use read-only keys where possible
- Whitelist IP addresses
- Set withdrawal limits
- Enable 2FA on exchange
Network Security
- Use VPN for trading
- Avoid public networks
- Enable firewall
- Monitor network traffic
Security Resources
Tools
- Revoke.cash - Check token approvals
- Suiscan - Verify transactions
- Password managers for secure storage
Education
Reporting Issues
If you discover a security vulnerability:
- Do NOT post publicly
- Email [email protected]
- Include detailed information
- Allow time for patch deployment
Bug Bounty Program
We offer rewards for responsibly disclosed vulnerabilities:
- Critical: Up to $10,000
- High: Up to $5,000
- Medium: Up to $1,000
Summary
Remember:
- 🔐 Your keys = Your coins
- 🛡️ Defense in depth
- 👀 Stay vigilant
- 📚 Keep learning
Questions? Join our Discord #security channel for help.