Tools & Resources

Authored by:

Piña

Coinspect

Auditware

Auditware

This section provides a curated list of tools and resources to help users select wallets, practice safe signing habits, and verify transactions. Using these tools is a critical part of a robust security strategy.

Wallet Selection

Before choosing a wallet, it is essential to consult independent, community-trusted resources.

• ethereum.org/wallets: The official, community-maintained list of wallets, filterable by features. A reliable starting point for discovering wallets.
• Wallet Scrutiny: An in-depth review site that focuses on transparency, verifiability, and reproducibility. It flags wallets that are closed-source or have other potential security concerns.
• Wallet Security Ranking: Evaluates wallets by permissions, intent clarity, device security, and threat prevention to help users choose safer, more trustworthy options.
• Wallet Beat: Aims to provide a comprehensive list of wallets, their functionality, practices, and support for certain standards.

Hardware Wallets

Hardware wallets provide the highest level of security for storing cryptocurrency by keeping private keys offline and isolated from potentially compromised computers.

• Top 9 Cryptocurrency Hardware Wallets for 2025: A comprehensive security researcher review comparing the top hardware wallets, including analysis of security features, usability, and recommendations for different use cases.

Wallet Applications

Rabby Wallet

• Install Rabby wallet
  • Verify open source code
  • Enable pre-sign security checks (e.g. new address warnings)
  • Use built-in transaction simulation

MetaMask with Security Snaps (Alternative)

• Install MetaMask
• Install recommended security Snaps:
  • Tenderly Snap - Allows you to easily simulate transactions before confirming them
  • Forta Network Snap - Scam and malicious address detection

Transaction Simulation

Transaction simulators allow you to preview the exact outcome of a transaction before signing it, preventing errors and security risks.

• Tenderly: A platform that allows you to simulate transactions and preview, helping to prevent transaction failures, security risks, and unnecessary gas costs.
• Alchemy Simulation APIs: An API suite that predicts the precise impact of a transaction before it reaches the blockchain.

Monitoring & Alerting

Implement continuous monitoring to detect unauthorized or suspicious activity on your multisig wallets.

Multisig Monitoring

• Gearbox Safe Watcher or equivalent for monitoring and alerts
  • Connect to Telegram for notifications
  • Monitor for suspicious delegateCall transactions

Network Security

For dedicated signing machines, implement network-level protections:

• DeFi DNS Whitelist: A curated whitelist of legitimate DeFi domains that can be used as a firewall for dedicated signing machines
• Little Snitch (macOS): Active firewall and network monitoring
• Lulu (macOS): Free, open-source network monitor
• Glasswire (Windows): Network monitoring with firewall capabilities

For more on network security configuration, see Personal Security (OpSec).

Transaction Verification

These tools are designed to help you independently verify the integrity of transaction data, especially for multisig operations.

• Safe Multisig Transaction Hashes: A Bash script that locally calculates domain and message hashes using the EIP-712 standard. It allows you to generate the exact hash that your hardware wallet will display.
• Cyfrin Safe TX Hashes: for additional support without relying on Safe API.
• Safe Utils: A user-friendly web interface for calculating and verifying Safe transaction hashes. While convenient, remember the security advantages of using a local, offline tool like safe-hash for high-value transactions.
• Foundry cast: A powerful command-line tool for local, offline decoding.
• safe-hash: A command-line tool for locally verifying Safe transaction data and EIP-712 messages before signing. It is designed to protect against phishing by allowing you to independently generate the hash your wallet will ask you to sign.
• calldata.swiss-knife.xyz: Web-based tool for quick decoding of transaction data.
• Lido Safe TX Hashes Calculation: IPFS hosted tool with simple hash calculation.

Conversion & Utilities

• Hex ↔ Decimal Converter: Handy for interpreting raw instruction bytes (e.g., Solana instruction data) when verifying simulations.

Security Training

These tools allow you to practice identifying threats in a safe, simulated environment.

• The Phishing Dojo: An interactive threat simulation platform designed to train users to recognize real-world security risks. It offers realistic, in-browser scenarios covering phishing emails, fraudulent wallet signing requests, spoofed block explorer data, and malicious DApps, all without requiring any special setup or browser extensions.
• Wise Signer: An interactive platform that challenges users to identify safe and dangerous transactions before signing them. It is an excellent tool for learning to recognize common phishing attacks and deceptive transaction patterns without risking real assets.
• Web3 Wallet Security Courses: Offers a structured curriculum for hands-on security training, guiding users from foundational concepts in "Web3 Wallet Security Basics" to advanced techniques. The advanced course covers critical topics like Safe multisig configuration, EIP-712 signature verification, and real-world hack analysis.
• How to Multisig: A dedicated resource with best practices on how to implement secure standard operating procedures for multisig wallets.