Step 6 of 14
Security
Crypto security is not optional. One mistake can mean permanent loss of funds. Read these rules, understand them, and follow them every single time.
Rule #1 — If anyone asks for your seed phrase or private key, it is ALWAYS a scam. No exception. Not your team lead, not Bittensor support, not a Discord admin. Nobody legitimate will ever ask for these. Ever.
The Three Security Rules
1. Never Share Your Seed Phrase
Your seed phrase (also called "mnemonic" or "recovery phrase") is a list of 12 or 24 words. It is the master key to your wallet. Anyone who has it can steal everything.
- Never type it in a chat, email, or website
- Never take a screenshot of it
- Never store it in a notes app or cloud storage
- Write it on paper and keep it in a physically secure place
There is no "undo". If someone gets your seed phrase, they can drain your wallet instantly. There is no support team, no bank to call, no way to reverse it. The crypto is gone forever.
2. Coldkey Stays Offline
In Bittensor, you have two types of keys:
| Key | What it is | Where it lives |
|---|---|---|
| Coldkey | Your main wallet key. Controls funds and staking. | Offline only — never on a server |
| Hotkey | Your mining key. Used for running miners and validators. | On the VPS — this is normal and expected |
Think of it like this: The coldkey is your bank vault. The hotkey is your debit card. You carry the debit card around (on the server), but the vault stays locked at home (offline). If someone steals the debit card, you lose some money. If someone steals the vault key, you lose everything.
3. Hotkey Lives on the Server
The hotkey is supposed to be on the VPS — that's how mining works. But treat it with care:
- Don't share the hotkey file with anyone
- Don't copy it to your Mac (it stays on the server)
- If you suspect the server is compromised, tell your team lead immediately
Common Scam Patterns
Scammers are creative. Here are the most common traps in the crypto/Bittensor world:
| Scam Type | How It Works | What To Do |
|---|---|---|
| "Support" DMs | Someone on Discord or Telegram pretends to be support and asks you to "verify" your wallet | Ignore and block. Real support never DMs first. |
| Fake websites | A site that looks like a wallet or exchange asks you to enter your seed phrase | Never enter your seed phrase on any website. Ever. |
| "Airdrop" links | A message says "claim your free tokens" and links to a site that asks to connect your wallet | Ignore. Free tokens don't exist. |
| "Urgent" messages | "Your account will be locked unless you verify now" — creates panic to make you act fast | Stop. Breathe. Ask your team lead before doing anything. |
When in doubt, ask your team lead. If you receive any message about wallets, keys, funds, or security — and you're not 100% sure it's legitimate — stop and ask before doing anything. There is no penalty for being cautious.
Quick Reference
| Action | OK? |
|---|---|
| Share seed phrase with anyone | NEVER |
| Share private key with anyone | NEVER |
| Put coldkey on the VPS | NEVER |
| Keep hotkey on the VPS | YES — that's where it belongs |
| Enter seed phrase on a website | NEVER |
| Ask your team lead if something seems suspicious | ALWAYS |