Security tips I've learned as a founder to avoid malicious actors: 1. Don't trust twitter accounts who DM you with no mutuals. Always check. You can bot followers and engagement but getting mutuals to follow is difficult to fake. 2. Ipads/Iphones are better for signing transactions because it is more difficult to inject malware. Each app is sandboxed. 3. Always use a ledger. It is significantly safer since the private keys never touch the internet. Malware also can't sign transactions without your approval. 4. Always check the transaction details because malicious actors can change the javascript to appear like you are signing something safe. Rabby is great because it can alert you if an address or app is not something you have interacted with. 5. Emails are a common attack vector. Actors often try to fake docusigns with vesting, recent partnership agreements, etc. Always double verify an email with a partner and the email address. Never click on attachments until it is verified as safe by a third party via a different channel.

6. Connect all accounts with yubikey (best) or 2FA on Google Auth (good). Do not use 2 factor via SMS.

@sirajmsy but I do stick to mainstream providers