Pendle Intern Profile picture
Jul 31, 2024 β€’ 24 tweets β€’ 7 min read β€’ Read on X
Crypto's a dangerous world, fraught with scams, frauds, and unscrupulous characters.

Here's the Ultimate Opsec Guide that EVERYONE needs to protect your magic internet money πŸ‘‡πŸ»

1/69 Image
2/ Never reuse passwords

"Don't put all your eggs in one basket"

This old adage applies to passwords too. You don't want ALL of your accounts and wallets going down in flames just because of ONE password.

Always use long, complex, alphanumeric + special characters passwords
3/ Use a password manager

Can't remember all 699 of your passwords? Good news is you won't have to.

All you really need to remember is ONE strong master password and the password manager can do the rest.

P.S. @Bitwarden is open source + free.
4/ Never save your passwords/private keys online

No emails. No iCloud. No Evernote.

The best way is the old fashioned way - write it down (in multiple copies) and store the physical copies in secure locations.

And if you feel like graduating from pen and paper...
5/ Anonymize your emails

It's the same logic as passwords - a478u5g_w1r@gmail.com makes it a lot harder to guess than john_wong@gmail.com, especially when your identity/personal details have been leaked.
6/ Use multiple emails

Again, "don't put all your eggs in one basket".

This way if shit goes down, at least the risk will be contained within just ONE email + ONE password.

Too much work? At least consider having a FEW different emails to mix and match.
7/ 2FA everything

2FA so that you'll need more than just an email + password to login.

Consider using 2FA apps such as Google Authenticator, @Authy or even better...
8/ Use a hardware security key

Hardware-based 2FA such as a Yubikey lets you authenticate the login by pressing a physical button, instead of having a code sent to you on your phone app.

Best practice is to have at least 3:

1 for daily use, 2 for backup (stored separately) Image
9/ Disable SMS authentication

Just don't. Your accounts will likely be more secure with this TURNED OFF (just remember to 2FA in other ways, please)

The risk of SIM swap attack is very real so be extra mindful of this.
10/ Use a hardware wallet

Hot wallets are fast and convenient yes. But if you really value your magic internet coins, start storing them on a @Trezor or @Ledger.

This way, thieves ahold your device(s) will need more than just your Metamask login password to steal everything
11/ Don't use the 1st address

This doesn't work as well these days since @Rabby_io will just display all the addresses but hey - anything to make it HARDER for them.

If your private key gets leaked, maaaaaybe they'll give up after seeing $0 in the 1st address (or 2nd, 3rd...)?
12/ Don't approve infinite amount

Don't set unlimited spend limit when approving transactions.

Yes, more hassle, more gas fees when you want to change this down the road, but hey if shit hits the fan for the smart contract, at least your entire balance won't be drained
13/ Double check the approval

Don't just blindly click-through those transactions!

It takes just ONE mistake to potentially lose everything, so be sure to double-check, triple-check the deets before you even hover your cursor over that "approve" button.
14/ Revoke approvals periodically

This is a good practice to stop access to your wallet or funds, especially for contracts you haven't interacted with for quite some time.

Why? Because you never know. Malicious devs for instance could technically build in backdoor access
Image
Image
15/ Eliminate/minimize browser extensions

These little buggers may come with an extra serving of malware, and some may even have excessive permissions to read your data.

Unless you 100% trust the developer, best to just rid of them despite the inconvenience. Image
16/ Use separate browser profiles

Multiple emails. Multiple passwords. Multiple profiles. Same logic.

Isolate your wallet extensions like @rabby_io and @MetaMask into their own browser profiles. Image
17/ Double-check the site

Don't just click on the 1st link that pops up on your Google search.

Often times, the first link could be a fake. Be extra cautious when it's an ad.

Always cross-check sources for the right URL - official X account, @CoinGecko, @CoinMarketCap etc. Image
@SlowMist_Team 18/ Dedicated device for dedicated purpose(s)

It’s NOT a good idea to crypto on the same device you use for torrents, XXX contents, deep web surfing etc.

To be extra safe, use a separate, dedicated device for crypto + an OFFLINE only mobile device for 2FAs.
19/ Beware of fake X accounts

Fakes, fakes, fakes everywhere.

Example - this fake @pendle_fi account:
βœ… Got a golden @X checkmark
βœ… Has its reply featured BEFORE the 2nd post in this thread

See how easy it is?

Rule of thumb - if it sounds too good to be true, it probably is Image
20/ Don't just rawdog crypto, remember to always use protection, folks!

I'm sure there are plenty more "best practices" out there but these should serve as a good starting point for all of us.

If you have any other good threads/suggestions, please leave them in the replies πŸ‘‡πŸ»
21/ Remember, the rule of thumb here is to doubt and double-check everything - the website URL, approval transaction, Telegram/Discord ID, make sure that "I" is not an "L"....
22/ Also shoutout to @bobbyong for this amazing opsec guides:
23/ And also our dearest beloved TVL inhouse TVL whisperer @imkenchia 🫢
"Search any protocol to go straight into their website, avoiding scam results from Google."

Nifty little tool by @DefiLlama πŸ‘‡πŸ»

But still, remember to cross-check, double-check, triple-check the URL JUST IN CASE

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Pendle Intern

Pendle Intern Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @PendleIntern

Jul 28
It's been a long time since we've seen an @ethena_labs PT breaking 15% APY.

We now have PT-tUSDe at 15% APY AND a decent amount of time til maturity.

That means HIGHER YIELD for LONGER...

...AND a suite of lending market integrations to boot.
πŸ‘‡ Image
πŸ’‘ Fixed Yield BABY

Fixed yield to me means getting $1 in exchange for <$1.

In the case of PT-tUSDe, I can pay $97,778 and get back $100,001.

That's:
πŸ“Œ $2,223 pure profit
πŸ“Œ 2.27% RoI in 58 days
πŸ“Œ ~15.2% APY Image
βš’οΈ Leveraged Fixed Yield Baby

@TermMaxFi lets me do something silly:
1. Deposit 100,001 PT-tUSDe
2. Borrow 88,292 USDC

M interest cost is known upfront.

That's:
πŸ“Œ $1,638 interest paid
πŸ“Œ11.7% borrow APR

Fixing both collateral yield AND borrow cost should be illegal lmao 🫧 Image
Read 5 tweets
Jul 28
ENA running means YT-USDe running and YT-USDe meanings I ape LP-USDe.

"Wait... LP-USDe? Why LP-USDe?", I hear you ask.

Here's 30% APY on stablecoins and a lil' lesson on risk and yield management by your favourite intern. Image
πŸ”’ The Numbers

Now what financial criminal would your boy be without a no context LP APY image.

Here we're looking at :
πŸ“Œ Liquid yield in USDe and PENDLE: ~19.6% APY
πŸ“Œ Future yield in ENA: ~9.3% APY

29% APY on stablecoins is very cool - but why intern do this INSTEAD of YT? Image
1⃣ The No Lose Strategy

While YT profitability depends on point valuations, LP profitability depends on... well, literally nothing.

You don't even HAVE to care about how Sats perform - as long as you're LPing you're already making money.

Highs stay high.
Lows don't exist. Image
Read 7 tweets
Jun 6
Being an effective yield trader means understanding where the yield comes from but more importantly where the yield is going.

The new $USDC markets with @eulerfinance is a VERY interesting case for YT speculators.

Lemme show you how I'm playing this.
πŸ‘‡ Image
πŸ“ˆ $USDC (Euler Yield)

Euler's $USDC yield vault provides liquidity to a range of tokens.

Our first part of research - how is their interest rate model set up?

As shown below, optimal utilization offers:
πŸ‘‰ 7.5% Borrow APY
πŸ‘‰ 6.75% Supply APY Image
🫳 Predicting yield

Gauging where the yield is going means understanding what types of collateral can borrow from the vault.

Notably, this vault supports Pendle PTs with 8-13% APY.

Let's think what this means for $USDC rates 🧐 Image
Read 7 tweets
Mar 19
While point systems are shrouded in mystery, my job as a spreadsheet CRIMINAL is to lay down the FACTS.

How does this sound over 71 days:
πŸ“Œ 235% RoI on USD
πŸ“Œ 91% RoI on ETH
πŸ“Œ 329-505% RoI on S

It's @SonicLabs moonsheet time.

(TL;DR Use Pendle Sonic)
πŸ‘‡ Image
πŸ“Š The Numbers

Based on current YT cost, underlying yield and Sonic Point multipliers, we can derive a $/point for each Sonic YT.

Yes, that's a 91-505% RoI range from your favourite YTs...

...in 71 days lmao.

Don't believe me? Let me break down my model. Image
1⃣ Current Points

I used top 100 point holders on to find base points then added a 25% buffer.

Leaderboards are usually HEAVILY top-loaded.

From this, I have an idea of current Sonic points in circulation. my.soniclabs.com/points/leaderb…Image
Read 8 tweets
Mar 13
WELLCUM BACK to another episode of INTERN GIBBERISH

Today we will be exposing our speerun method on how YOU can get rich with the FASTEST GROWING L1 @SonicLabs...

And how to leverage your Sonic points using $stS @beets_fi and $OS @OriginProtocol

MONEY MONEY MONEY πŸ‘‡ Image
πŸ—’οΈ Quick recap on what's $stS

- Liquid-staked $S by @beets_fi that earns staking yield;

- 8x Sonic points on @pendle_fi;

- Winner of Sonic Boom = extra 8750 Gems that will be distributed to users.

- Points and Gems will be convertible to $S at end of S1. Image
Quick intro on what's $wOS

- Similar to stS, it is a liquid-staking token by @OriginProtocol that earns staking yield;

- $wOS also earns 8x Sonic points;

- Sonic points will be convertible to $S at end of S1. Image
Read 7 tweets
Mar 10
Are you unfamiliar with @SonicLabs ecosystem?

Are you intimidated by the long ASSet names such as $stkscUSD and $stkscETH?

Welcome back to another episode of INTERN EXPLAINS where we tap into good ASSets for our pendidilers

Here we go ⬇️ Image
What is $scUSD and $scETH?

▢️ scUSD/scETH = yield-bearing assets created by @Rings_Protocol on Sonic;

▢️ They're minted by depositing assets on Veda's BoringVaults, which generates yield from various farming strategies. Image
Use cases of $scUSD / $scETH:

😴 Hold - for barebone Rings and Sonic points;

πŸ€” Lock - for governance power, or;

😘 Stake - receive stkscUSD/stkscETH, earning yield directly BoringVault (while also earning multiplied Rings, Sonic, and Veda points)! Image
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(