Razor Extension Setup Guide | Wallet Guidance Hub

Connect Razor Wallet to a dApp wallet setup guide and crypto safety tips Razor wallet setup guide and crypto safety tips Store the bulk of your holdings in a cold storage device like a Ledger or Trezor. These hardware units keep your private keys completely offline, rendering them immune to remote hacking attempts, phishing attacks, or malware that might infect a connected computer or phone. Never keep more than two to three percent of your total portfolio on a mobile app or browser plugin that you use for daily transactions. When generating a recovery phrase for your offline device, you must do it on a freshly restarted, air-gapped machine–ideally using a dedicated tool like Tails OS or a live USB booted from a known-clean Linux image. Write the 12 or 24 words down on a fireproof, waterproof paper (e.g., Cryptosteel or Billfodl) using a pen that cannot be erased. Store this physical copy in a bank safe deposit box, and never type it into any smartphone, cloud service, or laptop. Enable two-factor authentication on every exchange or software client you interact with, using a hardware key like a YubiKey instead of SMS-based codes. SMS is vulnerable to SIM-swapping attacks where an adversary convinces a carrier to port your number to their device. For every transfer, always start with a micro-transaction of minimal value to verify the address you have copied is correct, especially if you are pasting it from a clipboard that could be intercepted by clipboard-hijacking malware. Store your private keys–if you must use a hot client–inside a password manager that uses a strong, unique master passphrase of at least 20 characters, along with a physical backup of that passphrase. Use a dedicated browser extension like NoScript or uBlock Origin to block malicious scripts that attempt to alter withdrawal addresses on web interfaces. Regularly audit your transaction history on a block explorer to confirm no unauthorized small movements have occurred, as adversaries often test compromised keys with tiny transfers. Razor Wallet Setup Guide and Crypto Safety Tips Download the official client only from the project’s verified GitHub repository or a trusted app store for your operating system, checking the developer’s digital signature and published hash against a PGP signed release note to avoid fake software. After installation, enable full-disk encryption on your device before generating any private keys, as an unencrypted drive exposes seed phrases to recovery software if the machine is stolen or compromised. Write down the 24-word recovery phrase on hardened steel plates (e.g., Cryptosteel or Billfodl) rather than paper, and never store the words in a cloud service, password manager, or photograph–even encrypted backups expand the attack surface. When creating the encryption password for the local database, use at least 20 random characters with a mix of cases, numbers, and symbols, generated locally with a tool like `pwgen -s 24` on a disconnected computer, avoiding any phrase tied to personal information. Set a spending passphrase (different from the database password) inside the client’s settings before making the first transaction; this separate requirement for outgoing funds prevents malware from draining assets if only your database password is captured via keylogging. For daily use, install the software on a dedicated air-gapped machine (never connected to the internet) and sign transactions on a secondary online machine using QR codes or microSD cards, eliminating private key exposure to network-based threats entirely. Verify the binary’s checksum against the published hash on the project’s official website (accessed via a trusted DNS resolver, not your ISP’s default) and cross-check the hash page’s SSL certificate fingerprint before proceeding with installation. Test the recovery process immediately after setup by deleting the local data folder on a test device, restoring from your steel plate backup, and sending a micro-transaction to confirm the seed phrase works under real conditions before storing any substantial value. Downloading the Official Razor Wallet Client from the Correct Source Only download the client from the official GitHub repository under the "Releases" section, not from any third-party website, search engine ad, or link shared in a chat room. Verify the repository owner’s username string exactly as "marc0s" on GitHub; any variation with extra characters, numbers, or dashes indicates a phishing clone. Always check that the repository URL begins with "https://github.com/marc0s/" immediately in your browser’s address bar before clicking any download button. Cross-check the file’s SHA-256 hash provided in the release notes against the hash computed by your local terminal command (`sha256sum filename.zip` on Linux/macOS or `Get-FileHash -Algorithm SHA256 filename.exe` in PowerShell). A single mismatched byte invalidates the package. The official releases carry a PGP signature (file ending in .asc) made with the developer’s OpenPGP key ID 0x4A9C2C0A, which should be imported from a keyserver and verified locally using `gpg --verify`. If the source offers the application as an executable (.exe) installer from a direct link outside the official GitHub Release assets, immediately abandon the operation. Official distributions include exactly three asset types: the source code archive (.zip, .tar.gz), the standalone binary for your operating system (named consistently as "razor-client-[version]-[OS].tar.gz" for Linux, or a signed .dmg for macOS), and the checksum file. No separate "Lite" or "Pro" variants exist. Verification Criterion Official Source Indicator of Fake Source Domain github.com razorclient.co, razor-wallet.net, or any .org/.io Download URL pattern /marc0s/razor/releases/download/v[x.y.z]/ Direct .exe from blog posts or Google Drive Release notes Contains SHA-256 hashes, changelog, and PGP signature references No hashes, no signature, or generic "update" text Code signing macOS builds are notarized by Apple (check via `spctl --assess --verbose`) Missing notarization or signed by "Unknown Developer" Immediately after downloading, disconnect your device from the internet before running the installer for the first time. This isolates the file from any script that might phone home if the binary was somehow compromised despite passing hash checks. Execute the verification steps offline: calculate the checksum from the downloaded file, compare it to the published hash saved from the GitHub release page beforehand, and only then proceed with installation. Remember that the official GitHub repository will never ask for your mnemonic seed phrase, private keys, or email address during download. No official client ever requires you to disable your antivirus, firewall, or system integrity protection (SIP on macOS). Requests to do so are a universal red flag indicating an intent to install keyloggers or clipboard hijackers. Binaries from the official source are signed by the author’s private key, which can be validated with `codesign -dv --verbose=4 /path/to/executable` on macOS to show a "signature valid" result with authority "Developer ID Application: [Name]". Finally, if you discover a source claiming to be the "official" version through a Google ad, a sponsored post on social media, or a pinned message in a Telegram group, assume it is fraudulent. Bookmark the exact GitHub release page URL after your first legitimate download and always navigate to it by typing the full URL manually. Use a password manager to store this URL as a secure note with a flag "do not open via search." This single habit prevents 99% of client-side credential theft incidents. Commit to re-verifying the hash before every update, even if the file automatically notifies you of a new version within the application itself–malicious updaters have been known to spoof that dialog. Generating and Securing Your Seed Phrase Using Offline Method Use an air-gapped computer that has never been connected to the internet, or a dedicated hardware device like a Ledger or Trezor, to generate your seed phrase. For a purely offline approach, download a trusted opensource tool like Ian Coleman’s BIP39 generator onto a USB stick, transfer it to a clean machine running a fresh OS from a live CD (e.g., Ubuntu), and boot without any network connection. Generate 24 words using cryptographically secure entropy–do not use online generators or browser extensions, as they leak randomness via web requests. Verify the output by manually checking each word against the BIP39 English wordlist; any discrepancy indicates tampering. Physical recording: Write each word in permanent black ink on acid-free archival paper (e.g., Stonehenge 100% cotton). Use a steel stamping kit to emboss the words onto titanium or stainless steel plates–avoid copper or aluminum, which corrode. Store two identical copies in separate fireproof safes rated for 1+ hour at 1700°F. Sequence integrity: Number each word 1–24 on the same physical medium. Never split the phrase into fragments stored in different locations–thieves can reconstruct missing parts via brute force or social engineering. For a 24-word seed, each missing word reduces entropy by 11 bits, making partial recovery trivial with custom scripts. No digital copies: Never photograph, scan, type, or dictate the words. A single compromised device–camera, smartphone, printer memory, or cloud sync–exposes the entire key. If you must back up digitally (not recommended), encrypt the file with a strong password (15+ random characters) using VeraCrypt and store it offline on an encrypted USB drive that remains disconnected except during updates. Test your recovery process annually: boot from the same live CD, input your physical seed phrase, and confirm the generated addresses match your public keys. Burn the test USB immediately afterward–any residual file could be extracted via forensics. For high-value holdings, implement a multisignature scheme (2-of-3 or 3-of-5) using different hardware devices from separate manufacturers, each with its own distinct offline seed. This eliminates single-point-of-failure risks from physical theft, device defects, or manufacturer backdoors. Never reuse a seed phrase across different blockchain networks or software forks; derivation paths differ by implementation, leading to asset loss even if the mnemonic is valid. Q&A: I just downloaded Razor. The setup guide says I need to write down a recovery phrase, but I’m not sure how to store it safely. Should I take a photo of it and save it in my Google Drive just in case I lose the paper? No, do not store your recovery phrase digitally. Taking a photo, saving it in cloud storage, or even typing it into a notes app makes it accessible to hackers, malware, or anyone who gains access to your accounts. The correct method is to write the phrase down on paper using the card provided in the wallet’s packaging. Keep that paper in a safe place, like a fireproof home safe or a bank safety deposit box. For extra protection, you can stamp the words into a metal plate to avoid damage from water or fire. Never enter your phrase into any website, even if it looks like an official Razor support page.