Learn how to avoid security threats, protect your private key and seed phrases, and more in this crypto safety guide.
Here’s what we cover:
- Key Crypto Security Threats
- How to keep your crypto safe
- How to Protect Your Private Key and Passphrase
- How to secure your wallet and internet connection
- How to DYOR
- How to avoid sending crypto to wrong address
- Bonus: Who Should Hold Money on Exchanges and When?
Cryptocurrency is not particularly safe in 2022. In fact, October was particularly scary, with a total of $718 million stolen through 11 different hacks:
2022 is on track to set a record. Unfortunately, not what you want to see:
With crypto hacks more prevalent than ever, CoinMarketCap Alexandria has put together a guide on how to protect your crypto from being hacked in 2022 and 2023. We wouldn’t want you to get caught in just a few months, right?
What are the main security risks of crypto?
Of course, we all know that crypto is volatile (sometimes a little too volatile on the downside).
But what are the main security threats? In other words, how can your crypto be stolen or hacked?
Scams are ubiquitous and popular in crypto. There are many scams like Telegram scams, gift scams, UNICEF scams, and many more. There are also pump and dump schemes and shitcoins, although they don’t strictly count as scams (but you can still lose money).
Holding your crypto on centralized exchanges
Centralized exchanges are great and sometimes make sense for long-term crypto storage. But if they get hacked, you can also lose your crypto. As such, most crypto security experts recommend that you keep all funds you HODL in custody.
Losing your private keys or passphrase
An old favorite. You can either be forgetful and not careful enough or you can lose your seed phrase in a phishing attack. Even your phone can guess your passphrase, so be extra careful with it.
Malware as a security risk is related to losing your passphrase, as the passphrase can be stolen without you noticing until it’s too late. If you store your seed phrase in the cloud or in a location where it is particularly exposed to attackers, you may regret it. Best practice says to use a hardware wallet.
Fake apps or spoofing
Fake crypto apps or websites that pretend to be legitimate, real crypto applications are a type of phishing attack that can gain access to your private keys and drain your wallet funds. It’s always important to double-check the URL you’re accessing and make sure it matches the real website.
De-Fi protocols are prone to hacks, especially if they haven’t been around long enough and haven’t passed many audits. As we’ve seen in the past year, D-Fi bridges are favorite targets for hacks.
Sending crypto to the wrong address.
A hastily sent transaction, a wrongly copied address and your crypto ends up on a network it should never have been on. This is an annoying and completely avoidable way to lose crypto, so we’ll explain how not to send it to the wrong address (and if you can recover it).
How to keep your crypto safe
In this section, we cover several important aspects of how to keep your crypto safe.
How to protect your private key and seed phrase.
There are three important aspects to storing safe seed phrases:
- Never share it with anyone;
- Do not store it in the cloud (or anywhere on the computer);
- Backing it up and storing it offline.
First, you should not share your seed phrase with anyone. You can make exceptions with trusted parties such as family members or close friends, as long as you can be sure that you only want these people to know your passphrase. But, under no circumstances, share it with strangers online or offline.
Second, when you store your seed phrase, preferably do so offline. If you don’t want to use old-fashioned pen and paper, there are ways to engrave seed phrases. You can also use a computer to store your seed phrase. However, it must be separate from the computer you use for transactions, and must not be used to access the Internet.
How to Store Your Crypto Safely
Next, you want to make sure your crypto is safe wherever you keep it.
First, you should use different wallets for different purposes. For example, you can store some crypto on a centralized exchange — but it usually shouldn’t be crypto you plan to hold for a long time. The rule of thumb should be:
- Use a hardware wallet for long term investment.
- Use a software wallet for small investment and interaction with the protocol.
- If you trade, exchange or buy crypto, use a centralized exchange.
Second, you should be careful with the protocols you interact with. You should periodically check which protocols have access to your wallet. Here’s a guide on revoking token approvals for protocols you don’t interact with.
Finally, be careful with the transactions you sign. Remember that fraudulent transactions can wipe out your wallet, so only sign transactions that you believe are legitimate.
How to secure your devices and internet connection
Another important aspect of crypto security is securing the devices you use to access and connect to the Internet. Ideally, you have a dedicated device just for crypto transactions. You must not sign smart contract transactions from the same computer from which you access certain websites. Also the use of two-factor authentication is mandatory. It is best practice to use a dedicated 2FA app like Google Authenticator instead of 2FA with SMS because of the prevalence of SIM swapping attacks. Additionally, your password must be at least 12 characters long.
Finally, consider using a VPN to cover your tracks. If you don’t use your real IP address, it will be difficult for a malicious party to track you.
Why (and How) DYOR
DYOR is short for Do Your Own Research and is a very important concept for crypto investing — but also an important guideline for staying safe in crypto. You should pay attention to two things:
- Always double check everything.
- Be careful with DMs on all social platforms
First, you should always double and triple check the addresses and networks you send crypto to. Also double-check the links you click, especially when it comes to decentralized applications. You can also test transfer a small amount first if you are unsure if you are interacting with a legal protocol.
Second, DMs on Telegram, Twitter or Discord are almost always spam or scams. Do not reply to them and never click on a link, unless you know the sender.
How to prevent crypto from being sent to the wrong address
It can happen to the best of us: you need to send some cryptocurrency, but you copy-paste the wrong address or click on the wrong network. Or worse: you fall victim to a phishing attack and lose your funds.
Since crypto transactions are irreversible, you usually cannot get your crypto back. Here’s a guide to recovering cryptocurrency in the limited ways that’s possible: But in short, if the transaction was actually completed at an address you don’t control, your coins are gone.
Here’s how to prevent crypto from being sent to the wrong address:
- Copy and paste the recipient’s address or use the QR code. Always and always double check. You can check the first few and last few characters of the address to make sure it is correct.
- If you are receiving crypto, you may want to use a domain like ENS to make it easier for people to send you crypto. Sending crypto to moonboi.eth is much easier than a long 32 character address.
- Double check the network you are sending to. If you are using a software wallet, make sure you are on the correct network. If you are withdrawing from a centralized exchange, make sure you are moving back to the correct network.
Bonus: Who Should Hold Crypto on Exchanges?
Of course, you want and need to use centralized exchanges – and most of the time they’re quite secure, especially if we’re talking about the biggest ones. There are some instances when holding some money on CEX is considered a good security practice:
- If you have some tokens from a platform like BNB or FTT, you get a discount on the fee.
- If you are an active day trader, you need to keep your capital on CEX to trade.
- If you want to convert or bridge crypto. CEXes are often cheaper (and safer) than civil bridges.
- If you are using staking services, your crypto will be in the cold storage of the exchange.
- If you are too forgetful or not careful with your security and don’t trust yourself to keep your crypto safe. Also, if you’re traveling, you might not want to think about your hardware wallet all the time.
You can never be completely safe with any money online, but you can minimize the risks and attackers. Your crypto Keeping it safe is actually pretty easy if you follow a few basic rules — and this guide will help you protect your crypto even in a bear market.
This article contains links to third party websites or other content ("Third Party Sites") for informational purposes only. THIRD PARTY SITES ARE NOT UNDER THE CONTROL OF CRYPTOGPT.COM, AND CRYPTOGPT.COM IS NOT RESPONSIBLE FOR THE CONTENT OF ANY THIRD PARTY SITE, INCLUDING ANY LINK TO, OR ANY CHANGES OR UPDATES TO, ANY THIRD PARTY SITE. . On a third-party site. CRYPTOGPT.COM is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation of any association with CRYPTOGPT.COM or its operators. . This article is meant to be used and should be used for informational purposes only. It is important to do your own research and analysis before making any material decisions regarding the products or services described. This article is not intended to be, and should not be construed as, financial advice. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CRYPTOGPT.COM. CRYPTOGPT.COM IS NOT RESPONSIBLE FOR THE SUCCESS OR CORRECTNESS OF ANY PROJECT, OUR INTENT IS TO SERVE AS AN Unbiased INFORMATION SOURCE FOR END USERS.