Wallet Security

Best practices for securing your withdrawal wallet

Wallet Security for Withdrawal

Your withdrawal wallet is where all payouts are sent automatically. Securing this wallet is critical — if compromised, an attacker could potentially redirect payouts or steal funds.

---

Understanding the Risk Model

What Spray and Play Controls

  • Platform vaults holding sprayed funds
  • Multi-sig security on reserves
  • Automatic payout execution

What YOU Control

  • Your withdrawal wallet address
  • Access to received payouts
  • Security of your private keys

Key Point: While the platform secures the spraying process, you are responsible for securing the wallet that receives payouts.

---

Recommended Wallets

For EVM Chains (Ethereum, Base, Arbitrum, BSC, HyperEVM)

MetaMask (Most Popular)

  • ✅ Large user base, well-tested
  • ✅ Hardware wallet support (Ledger, Trezor)
  • ⚠️ Browser extension = potential phishing target

Rabby (Security-Focused)

  • ✅ Pre-transaction simulation
  • ✅ Security warnings for suspicious contracts
  • ✅ Better UX for power users

For Solana

Phantom (Recommended)

  • ✅ Clean, intuitive interface
  • ✅ Mobile and desktop apps
  • ✅ Built-in token swaps
  • ✅ Hardware wallet support

Jupiter Wallet

  • ✅ Advanced Solana features
  • ✅ Built-in DEX integration
  • ✅ For experienced Solana users

Hardware Wallets (Best Security)

Ledger or Trezor

  • ✅ Private keys never leave the device
  • ✅ Immune to computer malware
  • ✅ Recommended for $1,000+ in payouts
  • ⚠️ Higher cost (~$50-150)
  • ⚠️ Must be present for transactions

---

Security Best Practices

1. Secure Your Seed Phrase

Your seed phrase = Complete access to your wallet

✅ DO:

  • Write it down on paper (not digital)
  • Store in a safe, fireproof location
  • Consider multiple copies in different locations
  • Use a metal seed plate for durability

❌ DON'T:

  • Store in cloud storage (Google Drive, iCloud)
  • Screenshot it on your phone
  • Email it to yourself
  • Share it with anyone (including "support")

2. Enable All Security Features

MetaMask/Rabby:

  • Set a strong password
  • Enable automatic lock after inactivity
  • Use hardware wallet if possible

Phantom:

  • Enable biometric authentication (mobile)
  • Set app password
  • Enable transaction approval

Google Account (for Spray and Play login):

  • Enable 2-Factor Authentication (2FA)
  • Use Google Authenticator or YubiKey
  • Review security alerts regularly

3. Verify Withdrawal Address Carefully

Before saving your withdrawal wallet:

1. Copy address from your wallet

2. Paste into Spray and Play Profile

3. Verify first 6 and last 6 characters match

4. Save

5. Send test payout first (small RAPID spray)

:::danger

One wrong character = Lost forever. Payouts to wrong addresses cannot be recovered.

:::

4. Use Self-Custody Wallets (Not Exchanges)

Why not use exchange addresses?

❌ Exchange addresses can:

  • Change without notice
  • Have minimum deposit requirements
  • Freeze funds for compliance
  • Not support the specific token/chain

✅ Use self-custody wallets:

  • You control the keys
  • Address never changes
  • No minimums or holds
  • Direct token support

5. Keep Software Updated

  • Update wallet apps regularly
  • Update browser (for MetaMask)
  • Update operating system
  • Install security patches promptly

---

Common Attack Vectors

1. Phishing Attacks

Attack: Fake website looks like Spray and Play, asks you to "verify wallet"

Protection:

  • Only use official URL: playtrenches.xyz
  • Check for HTTPS and correct spelling
  • Never enter seed phrase on any website
  • Spray and Play will NEVER ask for your seed phrase

2. Clipboard Hijacking

Attack: Malware replaces your copied address with attacker's address

Protection:

  • Verify address after pasting (check first/last characters)
  • Use QR codes when possible
  • Keep computer free of malware
  • Use hardware wallet for large amounts

3. Fake Support Scams

Attack: "Support" DMs you asking to "verify wallet" or "sync account"

Protection:

  • Spray and Play support will NEVER DM you first
  • Never share seed phrase with anyone
  • Official support only through Discord/Email
  • When in doubt, contact through official website

4. Compromised Exchange Accounts

Attack: Hacker gets your exchange login, changes withdrawal address

Protection:

  • Enable 2FA on ALL exchanges
  • Use unique passwords (password manager)
  • Monitor for suspicious login emails
  • Whitelist withdrawal addresses if exchange supports it

---

Setting Up Your Withdrawal Wallet Securely

For Small Amounts (< $1,000)

1. Install MetaMask or Phantom

2. Create new wallet (write down seed phrase)

3. Enable password/biometric lock

4. Copy address to Spray and Play

5. Verify character-by-character

6. Test with small RAPID spray

For Large Amounts (> $1,000)

1. Buy a hardware wallet (Ledger Nano S Plus or Trezor Model One)

2. Set up hardware wallet (follow manufacturer guide)

3. Install wallet software (MetaMask with hardware, or Phantom)

4. Connect hardware wallet to software

5. Copy address from hardware wallet

6. Paste into Spray and Play

7. Verify address on hardware device screen

8. Test with small amount first

---

Monitoring and Maintenance

Regular Checks

Weekly:

  • Verify withdrawal address in Profile is correct
  • Check for unauthorized transactions in your wallet
  • Review Google account security alerts

Monthly:

  • Update wallet software
  • Review and rotate passwords
  • Check backup of seed phrase is accessible

Red Flags

Contact support immediately if:

  • Payout went to wrong address (you didn't receive it)
  • Unusual activity on your wallet
  • You accidentally shared seed phrase
  • Google account compromised

---

Recovery Scenarios

Lost Access to Wallet

If you lose wallet but have seed phrase:

1. Install same wallet software on new device

2. Import using seed phrase

3. Verify address matches Spray and Play

4. Update address if needed

If you lose wallet AND seed phrase:

1. Create new wallet immediately

2. Update withdrawal address in Spray and Play

3. Future payouts go to new wallet

4. Previous payouts to old wallet are lost forever

Suspected Compromise

If you think your wallet is compromised:

1. Create new wallet immediately

2. Transfer any existing funds to new wallet

3. Update Spray and Play withdrawal address

4. Scan computer for malware

5. Change Google password + enable 2FA

---

Summary Checklist

Before First Spray

  • [ ] Set up secure wallet (MetaMask/Phantom or hardware)
  • [ ] Write down seed phrase physically
  • [ ] Enable 2FA on Google account
  • [ ] Set withdrawal address in Profile
  • [ ] Verify address character-by-character
  • [ ] Test with small RAPID spray first

Ongoing Security

  • [ ] Keep wallet software updated
  • [ ] Monitor for phishing attempts
  • [ ] Never share seed phrase
  • [ ] Use hardware wallet for large amounts
  • [ ] Regular security checkups

---

Emergency Contacts

If you suspect security issues:

Remember: Legitimate support will NEVER ask for your seed phrase.