From 8f946ea1b2effbb085894a745ec8a44b2aba288a Mon Sep 17 00:00:00 2001 From: gaardiolor Date: Tue, 12 Nov 2024 18:13:31 +0100 Subject: [PATCH] Update exchanges.md - further clarify private key best practices --- docs/exchanges.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/exchanges.md b/docs/exchanges.md index 34bab4c22..596e9e360 100644 --- a/docs/exchanges.md +++ b/docs/exchanges.md @@ -324,7 +324,7 @@ walletAddress must be in hex format: `0x<40 hex characters>`, and can be easily privateKey also must be in hex format: `0x<64 hex characters>`. -If needed you can use your mnemonic phrase (the 12 or 24 words you had to write down when creating your wallet) to generate your private key in python. First install eth_account: +Some wallets, like metamask, support exporting the private key directly. However, if needed you can use your mnemonic phrase (the 12 or 24 words you had to write down when creating your wallet) to generate your private key in python. First install eth_account: ```shell $ pip3 install eth_account @@ -341,7 +341,10 @@ print(f"0x{Account.from_mnemonic(words)._private_key.hex()}") Some general best practices (non exhaustive): -* Don't ever run this conversion online. Online tools 'facilitating' this conversion are likely scams and will steal your funds. +* If you have to run the mnemonic -> private key conversion: + * Don't ever run the mnemonic -> private key conversion online. Online tools 'facilitating' this conversion are likely scams and will steal your funds. + * Beware of supplychainattacks, pip package poisoning etcetera. Make sure your python environment, including the eth_account module, are safe to use. Use at your own risk. +* Interact as little with the private key as possible. Store it in a seperate file from the config.json (secrets.json for example) that you never have to touch, and secure it. * Always keep your mnemonic phrase and private key (basically the same thing) private. * Don't use the same mnemonic as the one you had to backup when initializing a hardware wallet, using the same mnemonic basically deletes the security of your hardware wallet. * Create a different software wallet, only transfer the funds you want to trade with to that wallet, and use that wallet / private key to trade on Hyperliquid.