How much cryptocurrency do you have lying around? Wait, don’t answer that – we are not interested to know. But as long as you’re thinking about it, why not go over to your account and check all your funds just to be safe? Your password is strong and unique, right? Okay, type it in, bypass that annoying suggestion that you should turn on 2FA and … what’s going on? All your balances are at zero! Hang on – that link you visited is not the real site you always go to.
If you spotted all the security mistakes in that paragraph, your cryptocurrency stash is probably doing okay. However, depending on how much you have and how paranoid you are, there’s probably more you can do to make sure your crypto doesn’t mysteriously go missing.
1. Get your crypto off the exchanges
MtGox, Coincheck, Binance, Cryptopia, QuadrigaCX … big, trusted exchanges lose crypto all the time, and you don’t want to be part of that statistic.
If you have any significant amount of cryptocurrency, you should set up a desktop, mobile, hardware, or even paper wallet rather than keep your crypto on an exchange. Do your research to find a trusted wallet that suits your needs, make sure you keep it up to date, and only keep the crypto you intend to trade on exchanges.
2. Strengthen and secure your passwords/recovery phrases
If you reuse passwords anywhere, you should stop. That goes double for your crypto. Use strong, unique passwords on everything and don’t store them anywhere a hacker could get to them. Using a password manager or securely-stored hard copies can help.
Wallet recovery phrases (or “seed phrases”) are equally sensitive. These are lists of words that help you recover the funds from a wallet in case something happens to the device it’s installed on. Anyone else with the words can also get into your wallet, though, so it’s essential to keep these secret and, ideally, separate from your devices.
Encrypting your words and/or storing them on air-gapped devices is one approach, but you can also opt for the old-fashioned route and keep multiple hard copies in different physical locations. Heck, you can write your info in steel if you want. Storing seed phrases as any kind of file on an Internet-connected device isn’t advisable, though.
3. Enable Two-Factor Authentication (2FA)
Most crypto exchanges and wallets give their users the option to use two-factor authentication as an extra layer of security to protect logins and transactions. If available, go with an app-based option like Google Authenticator or Authy, as text messages are vulnerable to things like SIM-swapping.
Note: you can (theoretically) avoid SIM-swapping hacks by getting your phone provider to put a porting/swapping lock on your account or by switching all your 2FA over to a VoIP number.
4. Back up everything!
Hackers are a major threat to your crypto assets, but the second-biggest danger is you. If you lose your password, recovery phrase, key, or other crypto-information, your chances of getting your lost money back are pretty slim. It’s estimated that between 2.78 and 3.79 million (17-23%) of all Bitcoins have been lost, rendering them pretty much inaccessible to everyone forever. In keeping with the advice above, it’s best to keep your information on physical media in a secure place or on air-gapped digital media.
If you’re into crypto, I’m sure I don’t have to preach to you about the virtues of decentralization. Keeping your crypto-assets spread over several devices and wallets (with multiple copies of each) will help further insulate you from any potential loss or theft. Just be sure you can stay organized enough to keep track of where all your different coins are.
6. Watch out for scams
The complexity and anonymity of cryptocurrency make it a popular target for scams. Here are a few things to be on the lookout for:
- Fake URLs: Phishing and typosquatting are big problems in crypto. If you click on a link, double-check the URL to make sure it’s the right one. Some changes are especially hard to see, like the infamous Binance URL that put dots under the n’s in Biṇaṇ The safest way to avoid this is manually typing in the URL. If you do fall prey to a malicious link, change your password ASAP!
- Scams: No one is giving away free crypto, your computer probably isn’t hacked, and no real business will ever call you asking for your password. If you see something that looks fishy in your inbox or online, Google it first.
- Don’t be a target: Letting everyone know you have a lot of crypto could put you that much higher on someone’s list. Keep it on the down-low.
7. Exercise general cybersecurity
There are some things that people in general should be doing to keep their tech safe, and that’s especially true if you have cryptocurrency lying around:
- Don’t use public Wi-Fi without a VPN
- Have antivirus software installed and running
- Update your software
- Browse the Internet safely
- Keep an eye out for suspicious activity on your devices or in your accounts
Crypto is complicated
Cryptocurrencies can be prohibitively difficult to use and store safely, which is probably why they haven’t replaced traditional currency yet. Lost coins stay lost and thieves love taking advantage of people who don’t have their cryptocurrencies appropriately secured. There’s no guarantee – perfectly smart, tech-savvy people can slip up on security – but using secure wallets and passwords, enabling 2FA, having backups, and exercising general common sense should keep your crypto reasonably safe! Some of these steps will seem like overkill to people who aren’t heavily invested, but as the value of your coins increases, so should your security.