📊 Now LIVE: RWA Report 2024
Coins: 13,533
Exchanges: 1,031
Market Cap: $2.783T 0.2%
24h Vol: $142.975B
Gas: 46 GWEI
Go Ad-free
Tutorials
TABLE OF CONTENTS

16 Crypto Security Tips by CoinGecko’s Co-founder So You Can Invest & HODL in Peace

5.0 | by CoinGecko

The digital economy is booming and cryptocurrencies have developed to become a significant part of it. Unlike other digital currencies, cryptocurrencies use cryptography based on blockchain technology to secure and verify transactions. This means that crypto transactions are immutable and occur directly between two parties without the need for intermediaries like banks and stockbrokers. 

Why You Need to Secure Your Crypto

While crypto transactions per se are essentially secure, cryptocurrencies can get stolen depending on where they are kept. A centralized exchange, for example, is still vulnerable to attacks as it has a single point of failure by design, which is why hackers tend to target exchanges. If you keep your cryptocurrencies on an exchange or an online wallet, you risk having your valuable assets stolen from you. And so, as a crypto holder, you need to take certain precautionary measures to keep your cryptos safe.

Securing your crypto accounts does take a lot of time. It's not only that you need time to audit your personal security system but you may also need time to change your current behavior or habits. But if you're in it for the long term and value your financial well-being, you need to start taking this seriously. Stop making excuses like you're not used to taking full control of your assets or that the odds of losing cryptos to some hacker is low. It's an absolute necessity to secure your crypto accounts once you start investing in cryptocurrencies.

Crypto Security Best Practices

As a crypto holder or investor, it's your responsibility to keep your cryptos safe and navigate the digital world securely. The following are 16 best practices recommended by our co-founder, Bobby Ong.

1. Never reuse passwords

The most common thing that many people do when signing up to different website services is to use the same password for all of them so that they wouldn't have to remember too many passwords. However, this is a risky thing to do because certain websites could have leaked your password and hackers would take advantage of this. It's only a matter of time until your password is compromised and your accounts get hacked. Therefore, always use unique passwords. If you would like to know whether your password has been leaked, visit https://haveibeenpwned.com.

2. Use a password manager

Creating a unique password for each website can be tough — how could you possibly remember them all? To make it easy for you, use a password manager like 1Password or LastPass that would generate a long and strong password for each account. You would only have to remember the master password and let the password manager do the rest.

3. 2FA everything

You should use 2-factor authentication (2FA) for every service that offers it. Use apps like Google Authenticator or Authy instead of SMS-based 2FA as it's not secure. Hackers can do a SIM swap which is tricking mobile carriers into porting your phone number to a new device. If you use Authy, make sure you install it on another backup device and then disable the multiple device feature for an added security measure.

4. Consider using hardware-based 2FA

If you have the funds, consider upgrading to a hardware-based 2FA like Yubico, Google Titan, and Thetis. This changes your 2FA from an app to a physical USB device that you will need to authenticate before logging in. Hardware-based security keys are based on the FIDO U2F standard, a security protocol that is difficult to intercept. They provide a fast, no-fuss way to use 2FA without relying on the app on your phone.

5. Use a crypto hardware wallet

When starting to invest in crypto, most people would store crypto on MetaMask or other online wallets. Because those wallets are still connected to the Internet, there's still the risk of attack. It's highly encouraged that you start using a hardware wallet like Trezor or Ledger unless you're happy to let a hacker take away all your coins one day. A hardware wallet may be costly, but it would be worth the expense especially when you invest in crypto over time and know that they will be safe from hackers.

Watch this video to find out what's the best hardware wallet available in the market now.

 

6. Uninstall all Chrome extensions

Chrome extensions are useful to help improve productivity. However, they can act as keyloggers that can have access to your data, passwords, or other confidential information. Hackers would take advantage of this to steal your crypto. So unless you absolutely trust the extension developer, uninstall them all. It's not worth the risk.

7. Use separate browser profiles

If you must use a Chrome extension for whatever reason, then separate out your MetaMask extension to its own browser profile. You can create multiple profiles for all the different wallet extensions you need to use. This prevents hackers from reading and acquiring your data from other chrome extensions.

8. Limit smart contract approvals

When you interact with smart contracts, don't allow unlimited token approvals. This would allow the smart contract to drain all your tokens if it gets hacked. To set limits on your wallet, click 'Edit' on Permission and change the spending limit to the amount you want to send. You can use Etherscan's token approval checker to see which smart contracts you have assigned an unlimited spending limit. Then, connect your wallet via Web3 and click the 'Revoke' button.

9. Don't doxx yourself

When you want to send crypto funds to someone else, be sure to use a crypto exchange platform. If you send funds straight from your wallet, you risk doxing your crypto balance as well as your entire transaction history (past and future). 

10. Secure your mobile phone

This is particularly for those in the United States where there have been many incidences of SIM-jacking. Telco providers don’t usually have a top-notch security level and with your personal information that can be obtained through the Internet, perpetrators could convince telcos to transfer your phone number to a new SIM card. Once transferred, hackers could obtain your passwords especially if you enable SMS-based 2FA. Follow this excellent guide from Kraken on how to secure your mobile number as well as the email address associated with your telco account.

11. Don't click on ads

Make it a habit to never click on ads — especially Google Search ads. Now that Google has reversed the ban on crypto ads, it's likely that more scam ads would appear. If you want to visit a website, ignore the phishing ads and look at the sites listed below them.

12. Be careful of giveaway tweets and DMs

There are tons of scam giveaway messages via tweets, DMs, Youtube ads, Facebook comments, and many more. Ignore them all. Don't waste your time and energy moderating or policing scam messages. If it's too good to be true, it probably is!

13. Never download or open files from strangers

You never know which file will end up installing a keylogger. If you’re using a  Windows laptop, configure it to always show file extensions. Don't open ZIP files from random strangers because they may contain dangerous files mixed with other types of files. Instead, learn to distinguish between data files (documents that you can open, edit, save and delete) and executable files which you would want to avoid.

File extensions you should avoid if they aren't from trusted sources are:

bat, bin, cmd, com, cpl, exe, gadget, inf, ins, inx, isu, job, jse, lnk, msc, msi, msp, mst, paf, pif, reg, rgs, scr, sct, shb, shs, u3p, vb, vbe, vbs, vbscript, ws, wsf, wsh

14. Be careful with cold emails

Scammers can be slick. They can imitate existing crypto sites’ domain names and send you a scam email. If you’re not paying close attention, you wouldn’t notice the very tiny difference in the domain name or email address. Can you spot the difference in the email address below compared to CoinGecko’s? Notice how there is no dot on the “i” in coingecko.com. This actually happened and shows that scammers can easily add special characters representing crypto domains which are very difficult to spot. This is a scam email — don't fall for it.

CoinGecko scam

15. Use VPN on public WiFi

When you're working in a public area, avoid using public WiFi. Instead, use a Virtual Private Network (VPN) such as ExpressVPN or NordVPN, which connects to the Internet via an encrypted tunnel that protects your data and identity. With a VPN, you're connected to a server from another location that would access the Internet on your behalf. So not only that your data is protected but your location is hidden as well.

16. Use a metal storage seed backup tool

You may choose the traditional way of storing your seed phrase offline by writing it down in your notebook. But paper has its limitations as it could be destroyed or made ineligible by water, coffee, fire or acid. To mitigate this, you may want to consider using a metal storage tool like Cryptosteel or Cobo which is designed to protect your seed phrase under nearly all robust circumstances.

Safely Invest in Crypto

Now that you've got your crypto secured, you can start investing and HODL worry-free. Check out the current cryptocurrency trends and build your crypto portfolio on CoinGecko while earning rewards. Redeem your Candies in our rewards section for discounts on NordVPN, PureVPN, hardwallets, and more! 

Tell us how much you like this article!
Vote count: 7
CoinGecko
CoinGecko

CoinGecko's editorial team comprises writers, editors, research analysts and cryptocurrency industry experts. We produce and update our articles regularly to provide the most complete, accurate and helpful information on all things cryptocurrencies. Follow the author on Twitter @coingecko

More Articles

coingecko
Continue in app
Track prices in real-time
Open App
Select Currency
Suggested Currencies
USD
US Dollar
IDR
Indonesian Rupiah
TWD
New Taiwan Dollar
EUR
Euro
KRW
South Korean Won
JPY
Japanese Yen
RUB
Russian Ruble
CNY
Chinese Yuan
Fiat Currencies
AED
United Arab Emirates Dirham
ARS
Argentine Peso
AUD
Australian Dollar
BDT
Bangladeshi Taka
BHD
Bahraini Dinar
BMD
Bermudian Dollar
BRL
Brazil Real
CAD
Canadian Dollar
CHF
Swiss Franc
CLP
Chilean Peso
CZK
Czech Koruna
DKK
Danish Krone
GBP
British Pound Sterling
GEL
Georgian Lari
HKD
Hong Kong Dollar
HUF
Hungarian Forint
ILS
Israeli New Shekel
INR
Indian Rupee
KWD
Kuwaiti Dinar
LKR
Sri Lankan Rupee
MMK
Burmese Kyat
MXN
Mexican Peso
MYR
Malaysian Ringgit
NGN
Nigerian Naira
NOK
Norwegian Krone
NZD
New Zealand Dollar
PHP
Philippine Peso
PKR
Pakistani Rupee
PLN
Polish Zloty
SAR
Saudi Riyal
SEK
Swedish Krona
SGD
Singapore Dollar
THB
Thai Baht
TRY
Turkish Lira
UAH
Ukrainian hryvnia
VEF
Venezuelan bolívar fuerte
VND
Vietnamese đồng
ZAR
South African Rand
XDR
IMF Special Drawing Rights
Cryptocurrencies
BTC
Bitcoin
ETH
Ether
LTC
Litecoin
BCH
Bitcoin Cash
BNB
Binance Coin
EOS
EOS
XRP
XRP
XLM
Lumens
LINK
Chainlink
DOT
Polkadot
YFI
Yearn.finance
Bitcoin Units
BITS
Bits
SATS
Satoshi
Commodities
XAG
Silver - Troy Ounce
XAU
Gold - Troy Ounce
Select Language
Popular Languages
EN
English
RU
Русский
DE
Deutsch
PL
język polski
ES
Español
VI
Tiếng việt
FR
Français
PT
Português
All Languages
AR
العربية
BG
български
CS
čeština
DA
dansk
EL
Ελληνικά
FI
suomen kieli
HE
עִבְרִית
HI
हिंदी
HR
hrvatski
HU
Magyar nyelv
ID
Bahasa Indonesia
IT
Italiano
JA
日本語
KO
한국어
LT
lietuvių kalba
NL
Nederlands
NO
norsk
RO
Limba română
SK
slovenský jazyk
SL
slovenski jezik
SV
Svenska
TH
ภาษาไทย
TR
Türkçe
UK
украї́нська мо́ва
ZH
简体中文
ZH-TW
繁體中文
Login to track your favorite coin easily 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Forgot your password?
Didn't receive confirmation instructions?
Resend confirmation instructions
IT'S FREE! Track your favorite coin easily with CoinGecko 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Password must contain at least 8 characters including 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character
Didn't receive confirmation instructions?
Resend confirmation instructions
Forgot your password?
You will receive an email with instructions on how to reset your password in a few minutes.
Resend confirmation instructions
You will receive an email with instructions for how to confirm your email address in a few minutes.
Get the CoinGecko app.
Scan this QR code to download the app now App QR Code Or check it out in the app stores