two pieces of advice for crypto users. first, use fully open-source wallets. partial or fake open source doesn’t count. fully open source means it’s almost impossible for insiders to do shady stuff, and the build process is publicly verifiable. to defend against supply-chain attacks, it’s not enough to just lock dependency versions and use SRI checks. you also need to lock js variables, run code in sandboxes, and enforce strict CSP rules. only allow whitelisted outbound requests. anything else gets blocked. this prevents sensitive data like seed phrases from being sent to spoofed servers. second, use a hardware wallet. keep only small amounts in software wallets. store large funds in hardware wallets to isolate risk. software wallets give flexibility, hardware wallets give peace of mind. the same rule applies here too. it must be open source. if a wallet claims to be open source but hasn’t updated its repo in years, it’s not real open source. that means the code running on your device isn’t what you’re seeing. hooks could be hidden inside, dumping your seed without consent and uploading it through middleware to their own servers. some vendors absolutely have the ability to do this. always respect security. freedom has a cost. whether you’re a user or a wallet team, hackers are always there. protect yourself.(Yishi)