Your 13-Point Crypto Security Checklist
Unpopular opinion: as much as we crypto enthusiasts rally for a world without middlemen, most of us are more than appreciative of the customer support provided by our favorite apps.
Unless you’re using centralized finance apps, there is no such support in the decentralized world…no reset if you lose your password, no recovery if you send your crypto to the wrong address, no recourse if somebody runs away with your crypto assets.
(Credit: @Crypto_Memes on Pinterest)
Which is why you’d want to make all the effort to stay as safe and secure as you can.
In the checklist below, you’ll find that many of the cryptocurrency security measures are what we are already supposed to observe in the non-crypto world, because after all, blockchain/crypto/Web3 is the internet at the next level.
Crypto is volatile enough as it is; don’t expose yourself to any unnecessary risks that will cause your crypto to be lost or stolen. Make Satoshi proud and take care of yourselves out there.
1. Keep your private keys private.
This may seem like a no-brainer, but it is worth repeating. Your private keys are what give you access to your cryptocurrency funds, so it is important to keep them safe and secure. Never share your private keys with anyone, never casually key them into any website/app/email/online form without knowing who the requestor on the other end is.
2. Never share your seed phrase.
Also known as a recovery phrase or mnemonic phrase, is a list of words that can be used to recover your cryptocurrency funds. If your private key is like your password, your seed phrase is like your secret question. If you lose your private keys, you can use your seed phrase to generate a new set of keys and regain access to your funds. If you lose your seed phrase, it’s not the end of everything, but it’ll be the end of your crypto funds.
For future reading: What Is Seed Phrase: Your Crypto Wallet’s Master Key
3. Use a reputable cryptocurrency exchange.
When you want to buy or sell cryptocurrency, you will need to use an exchange. Be sure to do your research and choose a reputable exchange that has a good track record of security and safety, like Phemex. And yes, being a centralized exchange, it comes with top-flight customer support.
4. Always use two factor authentication.
2FA is an additional layer of security that can be used to protect your accounts. With 2FA enabled, you will be required to enter a code from your phone in addition to your password in order to login to your account. This makes it more difficult for hackers to gain access to your account, even if they have your password. Every respectable exchange will offer this.
5. Never connect to public WiFi.
This is applicable especially to the everyday device that you use to trade crypto or do anything Web3. We can assure you that losing your crypto will be infinitely more painful than paying for data.
6. Keep your software up to date.
One of the best ways to protect yourself from online threats is to make sure that all of your software is up to date. This includes your operating system, web browser, and any cryptocurrency wallets or exchanges that you use. New security vulnerabilities are discovered all the time, so it is important to keep your software up to date.
7. Be careful of phishing scams.
Phishing is a type of online scam where criminals try to trick you into giving them your personal information, private keys or seed phrase, usually masquerading as a trusted brand via email, text messages or pop-ups. No respectable organization will ever ask you to disclose that sort of sensitive information.
8. If it’s unexpected, it’s a red flag.
The rule of thumb is: don’t entertain any unexpected invitation, solicitation, prize giveaways or free airdrops like “You have won 1 BTC! Click now to claim!” or “Deposit 0.5 ETH, get 1ETH back!” or fear-mongering alerts like “Your account has been hacked. Click here to repair!!” Greed and fear–they always prey on these emotions.
9. Never click on random links.
Closely related to the two points above. Attackers can hijack–or to use the industry term, “cryptojack”–the computers of unsuspecting users to mine for crypto. They do this by sending links to users’ inbox, and the moment someone clicks on it, the malicious code takes over and runs in the background to mine crypto. If your device suddenly slows down or overheats, your device might have been compromised.
10. Direct is dupe-proof.
Want to buy a hardware wallet? Buy directly from the manufacturer on the official website. Want to enter any sensitive information? Make sure you’re typing directly on trusted sites and exchanges. Check and double check all websites and apps before connecting your wallet.
11. Use a hardware wallet.
Consider using hardware wallets with good security features for long-term savings or HODLing, while keeping a smaller stash of your funds on a hot wallet for everyday use or trading. A hardware wallet (cold wallet) is less susceptible to viruses or malware that are transmitted online, as compared to a software wallet (or hot wallet).
12. Be vigilant on Discord and Twitter.
Discord and Twitter are the favorite hunting grounds of scammers. You can be almost fully certain that if you follow Michael Saylor (@saylor) on Twitter today, @sayl0r will slide into your DM the next day. Nuff said.
13. When in doubt, err on the side of caution.
This is the catch-all security measure. For obvious reasons, there will never be a complete list of safety do’s and don’ts (those pesky scammers and hackers are an innovative bunch.) If something feels off, or sounds too good to be true, it usually is. Stay vigilant.