# Security Best Practices Protecting your funds requires good security habits. This guide covers everything you need to know to use ARCHONE safely. *** ## Your Responsibilities ARCHONE handles security on the infrastructure side, but your habits matter equally. Most wallet compromises happen through user error, not platform vulnerabilities. *** ## Seed Phrase Protection Your seed phrase is the keys to your kingdom. Treat it accordingly. ### What Is a Seed Phrase? A seed phrase (also called recovery phrase) is a list of 12–24 words that generates your wallet's private key. Anyone with these words can recreate your private key and access your funds. ### When You See It You only see your seed phrase **once** — when you generate a new wallet in ARCHONE. After this moment, it's never shown again. ### How to Store It **Do:** * Write it on paper * Store in a fireproof safe * Use a metal backup plate (cryptosteel) * Store in a bank deposit box * Keep multiple copies in separate secure locations **Never:** * Screenshot it * Save it in a notes app * Email it to yourself * Share it with anyone * Store it in cloud storage * Type it into chat windows ### If Someone Gets Your Seed Phrase If you suspect your seed phrase has been compromised: 1. Transfer all funds immediately to another wallet 2. Do not wait — assume the worst 3. Create a new ARCHONE wallet 4. Never use the compromised wallet again *** ## Private Key Protection Your private key (base58 format) is different from your seed phrase. It's used for importing wallets. ### When You Enter It You enter your private key only when importing a wallet into ARCHONE. ### How It's Protected Once entered, your private key is immediately encrypted with AES-256-GCM and the plaintext is discarded from memory. It's never stored unencrypted. ### When Exporting When you export your private key from ARCHONE: * It's shown in the chat for 5 minutes * After 5 minutes, it auto-hides * You can only export once per cooldown period *** ## Password Security ### What the Password Does The password you set when creating/importing a wallet: * Encrypts your wallet locally * Protects access on your device * Is never sent to our servers * Is never stored by ARCHONE ### Best Practices * Use a strong, unique password * Don't reuse passwords from other accounts * Use a password manager * Never share your password with anyone * ARCHONE staff will never ask for your password *** ## Trading Lock Use the `/lock` command to disable all trading if: * You're going to be away * You suspect unauthorized access * You want to temporarily disable the bot ### What Gets Disabled When locked: * `/trade` — Disabled * `/snipe` — Disabled * `/dca` — Paused (existing DCA orders stop executing) * `/limits` — Paused * `/agent` — Paused ### What Stays Enabled When locked: * `/portfolio` — Still works (view only) * `/wallet` — Still works (view only) * `/deposit` — Still works * `/help` — Still works ### Unlocking Send `/unlock` to restore full functionality. You may be asked to confirm. *** ## Recognizing Scams ### Common Scam Patterns **Impersonation:** * Someone messages you claiming to be ARCHONE support * They ask for your seed phrase or password * Real support never asks for these **Fake Links:** * You receive a link to a fake ARCHONE bot * Always verify you're in the official ARCHONE bot **Phishing:** * Emails or messages asking you to "verify" your wallet * ARCHONE will never email you asking for sensitive info ### How to Verify the Real Bot 1. Look for the blue verified checkmark 2. Check the bot username (@YourArchoneBot) 3. We won't message you first about your wallet *** ## Withdrawal Safety ### Always Verify Before confirming any withdrawal: * Check the recipient address matches what you intended * Verify the amount is correct * Confirm network fees are reasonable ### Start Small When withdrawing to a new address for the first time: * Send a small test amount first * Confirm it arrives * Then send the rest ### Use the Transaction Hash After any withdrawal: * Save the transaction hash * Use it to verify on-chain at solscan.io * This proves the transaction was completed *** ## Security Checklist Before trading with ARCHONE, verify: * [ ] I wrote down my seed phrase and stored it safely * [ ] My wallet password is strong and unique * [ ] I enabled MEV protection in settings * [ ] I understand how `/lock` works * [ ] I know how to recognize phishing attempts * [ ] I've verified the official bot username * [ ] I never share my seed phrase or password * [ ] I've set up stop losses on positions *** ## What ARCHONE Protects | Protection | What It Means | | -------------------------- | ---------------------------------------------- | | **Encrypted Private Keys** | AES-256-GCM encryption, never stored plaintext | | **Envelope Encryption** | Two-layer encryption for defense in depth | | **No Unencrypted Storage** | Keys never written to disk unencrypted | | **Export Cooldown** | Prevents hasty key exports under pressure | | **Trading Lock** | Emergency disable for all trading | | **MEV Protection** | Jito bundles reduce front-running risk | | **No Password Storage** | Passwords never leave your device | *** ## What ARCHONE Cannot Protect | Limitation | Why | Mitigation | | ---------------------- | ---------------------------------------------------- | --------------------------------------- | | **Seed phrase theft** | If someone has your seed phrase, they own the wallet | Store seed phrase offline | | **Phishing** | If you give credentials to a fake site | Always verify the bot | | **Device compromise** | Malware on your device can capture input | Keep devices secure | | **Social engineering** | If you're tricked into sending funds | Always verify addresses | | **Insider threat** | With physical access, anything is possible | Use hardware wallets for large holdings | *** ## If You Suspect a Problem 1. **Use `/lock` immediately** — Stops all trading 2. **Transfer funds** — Move SOL and tokens to another wallet 3. **Contact support** — Through official channels only 4. **Document evidence** — Screenshot conversations, transaction hashes *** ## General Best Practices * **Use a dedicated device** for large holdings — not your daily phone * **Use a hardware wallet** for maximum security on large portfolios * **Enable notifications** — Stay informed of all account activity * **Review positions regularly** — Don't set and forget * **Stay updated** — Follow official ARCHONE channels for security announcements --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.archone.trade/wallet-and-security/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.