This sounds simple, but in fact it is not easy. The reasons are as follows:

1. Many people cannot find the real official website, or the right application market, and eventually install a fake wallet.

2. Many people do not know how to identify whether the downloaded application has been tampered or not.

Thus, for many people, before they enter the blockchain world, their wallet is already empty.

To solve the first problem above, there are some techniques to find the correct official website, such as

• using Google(Exercise caution with the advertised entries in search results, as they are often unreliable.)

• using well-known official websites, such as CoinMarketCap

• asking trusted people and friends (or ask the community by creating a thread on Bitcointalk.org)

You can cross-reference the information obtained from these different sources, and ultimately there is only one truth:) Congratulations, you have found the correct official website.

Next, you have to download and install the application. If it is a PC wallet, after downloading from the official website, you need to install it yourself. It is highly recommended to verify whether the link has been tampered before installation. Although this verification may not prevent cases where the source code was altered completely (due to insider scam, internal hacking, or the official website may be hacked, etc.) However, it can prevent cases such as the partial tampering of the source code, man-in-the-middle attack, etc.

The method to verify whether a file has been tampered is the file consistency check. Usually there are two ways:

• Hash checks: such as MD5, SHA256, etc. MD5 works for most cases, but there is still a tiny risk of hash collision, so we generally choose SHA256, which is safe enough.

• GPG signature verification: this method is also very popular. It is highly recommended to master GPG tools, commands, and methods. Although this method is a bit difficult for newcomers, you will find it very useful once you get familiar with it.

However, there are not many projects in the crypto world that provides verification. So, it is lucky to find one. For example, here is a bitcoin wallet called Sparrow Wallet. Its download page says "Verifying the Release", which is really impressive, and there are clear guidelines for both of the methods mentioned above, so you can use for reference:

https://sparrowwallet.com/download/

The download page mentioned two GPG tools:

• GPG Suite, for MacOS.

• Gpg4win, for Windows.

If you pay attention, you will find the download pages for both GPG tools give some instructions on how to check the consistency of both methods. However, there is no step-by-step guide, that is to say, you need to learn and practice yourself:)

If it is a browser extension wallet, such as MetaMask, the only thing you have to pay attention to is the download number and rating in the Chrome web store. MetaMask, for example, has more than 10 million downloads and more than 2,000 ratings (though the overall rating is not high). Some people might think that the downloads numberand ratings may be inflated. Truth to be told, it is very difficult to fake such a large number.

The mobile wallet is similar to the browser extension wallet. However, it should be noted that the App Store has different versions for each region. Cryptocurrency is banned in Mainland China, so if you downloaded the wallet with your Chinese App Store account, there is only one suggestion: don't use it, change it to another account in a different region such as the US and then re-download it. Besides, the correct official website will also lead you to the correct download method (such as imToken, OneKey, Trust Wallet, etc. It is important for official websites to maintain high website security. If the official website is hacked, there will be big problems.).

If it is a hardware wallet, it is highly recommended to buy it from the official website. Do not buy them from online stores. Once you receive the wallet, you should also pay attention to whether the wallet is inact. Of course, there are some shenanigans on the packaging that are hard to detect. In any case, when using a hardware wallet, you should create the seed phrase and wallet address at least three times from scratch. And make sure that they are not repeated.

If it is a web wallet, we highly recommend not to use it.Unless you have no choice, make sure it is authentic and then use it sparingly and never rely on it.