I know, you probably weren’t trained in bank security and if you were, a lot of that training doesn't apply to cryptocurrency. But in a world of rising inflation and corrupt financial systems, it’s unwise to trust someone else with your money. Cryptocurrency solves a lot of the issues that centralized finance brings to the table, but the blockchain isn’t foolproof.
Below I’ve listed some tips we can use to secure our crypto funds. I’ll update this list with more tips as I come across them.
- Keep your seed phrases and/or keystore file hidden and private. When you set up your wallet(s), depending on the company you use, you are given a seed phrase, private key, and/or keystore file that is completely private and should not be shared with anyone. Write your wallet seed phrase down on several pieces of paper and store them in separate, safe places no one knows about. In case you are given a keystore file, upload it to a thumb drive or external hard drive and store for safekeeping.
- NEVER share your private key. Anyone with access to your private key has access to your funds. Share your PUBLIC key, as this is what will be used to receive funds from external wallets. Anyone with your public address only has the ability to send money to your wallet.
- Keep your money in a wallet. Avoid keeping it on the exchange unless you plan to actively trade with that money in the very near future. No exchange is hack-proof. Actually, nothing is hack-proof and anything is possible, especially where cryptocurrency is concerned.
- When sending large amounts of money from a wallet to another or to an exchange, send a small test transfer first to see if it works.
- ALWAYS double and triple check that your public address is correct because if it’s wrong and you still send the money, you lose it. Aside from human error, another thing to remember when sending funds is scammers' ability to intercept the public address you’ve copied and replace it with their own. If you don't catch it, you'll paste their address and when you send the funds, you'd send it straight to them. Check your key is correct and send a small test to mitigate these risks.
You can get creative with this like the Winklevoss twins did, for example. The Bitcoin billionaires and founders of the popular crypto exchange Gemini, fragmented their seed phrase keys into separate pieces and hid the pieces in several locations around the world so that whoever could get their hands on one of the seed phrase words would only have the word and not access to the entire wallet.
Other people hide their keys in fake dirty underwear or floorboards. Whatever you choose, make sure it’s secure, even in the chance of a fire (this is one reason why many people like to keep multiple copies of their keys), and in multiple locations including outside of your home.
- Write all your passwords down and store them in a safe place. Don’t try to confuse people you think might read it in the future by using code words and cryptic messages. 20 years down the road you may not remember what you meant and not be able to get into your wallet to access your funds.
- Always make sure to double check that the link you are clicking is correct. “Phishing” is a very popular scam technique that allows people to install viruses on your computer that can do a number of things when you click their link. Some take your wallet’s public address that you just copied and insert their own address, so that when you send your funds, it goes to them (another good reason to triple check your password before sending funds). In the case that you believe your computer has been compromised with malware, turn it off immediately and take the necessary steps to clean your computer of the malware.
This tip goes for ANY links you click, but especially when you are logging into exchanges, as scammers can intercept your account info when you log in with their link. Many exchanges will remind you of this, but always make sure you are using the correct link to log in. It should always have “https” at the beginning to show that it’s secure. “Http” is very uncommon these days for reputable companies and usually means the website is either not maintained regularly or is a scam. Bookmark each exchange you use and get in the habit of using them in order to decrease your chances of being a target of phishing.
- “Not your keys, not your wallet.” If you are keeping your funds on an exchange or on a platform that does not give you a private key to your wallet, just know that that money is kind of in limbo and is much more vulnerable than it would be in a wallet. While the exchange may say the money belongs to you, technically they have the ability to take it from you whenever, either intentionally or unintentionally.
- When opening your wallet, do it offline. If you use a hot wallet (one that is connected to the internet), turn your device on airplane mode and login to your wallet using your keystore file or seed phrase and/or password, depending on the wallet you are using.
- Use BRAVE Browser. Not only will you earn free cryptocurrency (BAT) for viewing their ads, they will legally block internet ads on every website you use. Brave also has a built-in VPN so you can hide your location from hackers.
- Have 2FA (two-factor authentication) enabled on all exchanges. Use an authenticator app like Google’s Authenticator app instead of your phone number (scammers can clone your phone number and authenticate their log in to your exchange account).
- Avoid using the exchange if they don’t offer 2FA. 2FA is sometimes the only thing holding back hackers from getting into your account. Some software is able to discover your password but not get past your 2FA if you’re using an authenticator application, as was the case with Binance--one of the world’s most popular exchanges--in their recent hacks. Users who did not have their 2FA enabled or had it enabled with their phone number were the ones who lost their money.
- On that note, enable all forms of account security that you can on your exchanges. Some exchanges allow you to enable security codes sent to your email, 2FA, a password to your account, AND a withdrawal code, all just for making a trade or withdrawing your money. While it may seem like a pain, it is helping your peace of mind when done right. The more blocks you put between a hacker and your funds, the safer from them you will feel and be.
It is literally a hacker’s full-time job to find ways to cheat the systems. They are actively looking for loopholes; no doubt there will come more methods to their madness. Exploiting DeFi (decentralized finance) while it’s still new(ish) and vulnerable to attacks is how scam companies make their millions. Fortunately, there are many security precautions we can put in place to secure our funds; above are a handful of some of the most important.
I trust this guide will help you get to your money goals more efficiently, but feel free to leave me a comment letting me know what you think or what I missed.
Knowledge always trumps strength in numbers. While hacker groups may be getting better and better, so are the technologies built to put them out of business. Companies like DoraHacks are constantly working to find ways to hack the system for good. Yin and yang, folx. Can’t have the highs without the lows and if you’re watching the trendlines, you probably know that all too well by now.
