security · beginner
Solana security basics
The security mindset that protects beginners from 90% of real-world losses.
Quick summary
- 01Your seed phrase is the single most valuable secret you hold.
- 02Always read transaction simulations before signing.
- 03Use bookmarks for important sites — never click links from chat.
- 04Keep large balances on a hardware wallet.
- 05Revoke stale token approvals periodically.
What you'll learn
- The handful of habits that block almost every common attack.
- What transaction simulation actually shows you.
- How to think about hot vs cold wallet separation.
- When to revoke token approvals.
Most on-chain security is behavior, not technology. Almost every catastrophic loss comes from a small set of mistakes — and a small set of habits prevents them. This lesson is the short list.
Habit 1: Treat your seed phrase as offline-only
Your seed phrase reconstructs every key in your wallet. Write it down on paper or metal. Never photograph it. Never put it in a password manager, email draft, or cloud note. Never type it into a website — your wallet will never ask outside the recovery flow.
Habit 2: Always read the simulation
Modern wallets simulate transactions before you sign. The simulation tells you which programs will be invoked and which balance changes will result. If a "claim" button shows that you'll lose assets, that is a drainer scam.
Habit 3: Bookmark, don't click
Phishing sites buy ads that rank above the real one. Use bookmarks for the apps you use repeatedly. Verify URLs character-by-character on first visit.
Habit 4: Hot/cold separation
Keep daily-use balances small. Use a hardware wallet for serious holdings. Even if your hot wallet is compromised, the loss is bounded — and you keep operating.
Habit 5: Periodic approval cleanup
When you interact with DeFi or NFT marketplaces, you sometimes grant token approvals. Periodically review and revoke ones you no longer use. Most wallets and a handful of tools surface this clearly.
Key takeaways
- →The seed phrase is offline-only. Always.
- →Read every transaction simulation before signing.
- →Bookmark important sites; never click links from DMs.
- →Hot/cold wallet separation bounds the worst case.
- →Revoke stale approvals periodically.
Frequently asked questions
Is a hardware wallet really necessary?
For meaningful balances, yes. The one-time cost is much smaller than even one bad signing event.
What's the single most important habit?
Reading the simulation before signing. It surfaces almost every drainer scam in real time.
People also learn
security
How to avoid scams and phishing
The high-leverage habits that block almost every common attack.
security
Common beginner mistakes (and how to avoid them)
The same handful of mistakes account for most beginner losses. Here's the list.
security
Security and operational risk
Smart contract risk, infrastructure risk, and operational discipline.
Solana.college is an independent educational platform and is not affiliated with Solana Labs or the Solana Foundation. Content is for educational purposes only — not financial, investment, or legal advice. See our full disclaimer.