The cryptocurrency world is a big and scary one.
News of people getting hacked and having their crypto stolen circle every week.
To a beginner, this makes crypto seem like a wild west type of world, where all you can do is sit and wait to get robbed.
But, all is not lost – you can fight back.
Keeping you and your crypto safe does take a little bit of work, but it’s possible, even for a total beginner.
So, we here at CryptoMeister are going to teach you how to keep your crypto as safe as possible.
Whether you’re new to crypto or you’re a crypto veteran, we’ve got tips that will help you.
To make this a bit more fun and to really make it hit home just how important this is, we’ve added points to each security item.
The more points an item is worth, the more important that item is to your security.
Then, the more points you have at the end, the better your overall cyber security is!
Let’s dive right in and help you secure your crypto!
It All Begins with an Exchange
Your first port of call in the crypto world is a crypto exchange.
This is the magical fiat on and off ramp that will let you get in and out of crypto at the click of a button.
These guys have all your information on file, including your credit card details – if you opt for a card deposit.
So, we’re going to start with how to remain as safe as possible while using a crypto exchange.
Unique Email Addresses – 5 points
Before you sign up, create a new email address.
Ideally you should have a new account for every exchange that you wish to use, but this is a top tier level of security.
Let’s say your name is Mary Smith and your personal email address is [email protected] and you want to sign up at Binance.
You can just throw in Binance or BNB somewhere in your new email address.
So you could run with [email protected], as an example.
The reason behind this is that from time to time, exchanges get hacked and leak data.
If you’re using an email address just for your Binance account, you will know that it was Binance that leaked your data if you start getting spam emails.
Also, if your email and identity is leaked with another website, hackers don’t have the correct email address for your exchange account, making it far harder for them to access your account.
Again, this might seem excessive, but if you want the top level of security for your crypto, this is a necessary step.
But for most people, you can get away without doing this, but you are then creating an additional weak point in your security.
Your security is only as strong as the weakest point, so it’s up to you where you want the weak points to be.
Unique Passwords – 10 points
The next step when you’re signing up at a crypto exchange is to use a password.
If you don’t use a unique email address, it’s even more critical that you use a unique password.
But, you should be using unique passwords anyway for every website and application that you use.
The reason for this is that more than 50% of web users still use the same email and password combination for everything.
If your data gets leaked from a single website, every single online account you have is now at risk.
You can remove this risk totally if you use a random password generator to create all of your passwords.
LastPass and 1Password have fantastic password generation tools and they’ll even store them for you, meaning that you don’t need to remember them.
If your password gets leaked when you use unique passwords for every website and app, you only need to change that 1 password and secure that account again.
This is far better and more secure than having 50 passwords all the same.
You should aim for at least 12 characters that include upper case, lower case, numbers and special symbols.
Again, this is why the random password generators are handy to use.
They also don’t reduce your security in any way, shape or form, so use them.
Enable 2-Factor Authentication – 10 points
Exchanges do their best to keep hackers out on their end, but that doesn’t mean that you’re automatically safe.
Even though guessing a totally random password and a unique email address is incredibly unlikely, you can never be too careful.
Every exchange has a couple of 2-factor authentication (2FA) options for you to use.
While you can use email or SMS recovery, these are pretty unsafe options.
Email accounts can get hacked and hackers can get your SMS messages.
There’s currently a big issue in the USA where hackers are calling cell providers and getting SIM cards issued.
This is known as a SIM swap attack, and these hacks have claimed millions of dollars in crypto in the past couple of years alone.
So, we suggest that you use a 2FA application such as Google Authenticator, Authy or FreeOTP.
These are ultra-secure applications that you can install on your mobile phone and unlock using biometrics or a unique password – that’s up to you.
They then generate a 6-digit code that is used on the exchange to unlock your account after you have verified your password and email address.
It’s an extra layer of security that will make a huge difference to your life in terms of security.
We prefer to use FreeOTP as it’s open source, which means that the code goes through more stringent reviews.
Authy is a second-best option, but it’s closed source, meaning that a rogue developer can slide in malicious code to updates.
It’s unlikely that this will happen, but we saw it happen to BitPay’s Copay wallet back in 2018.
So, if you want to play it safe and take your security to the max, opt for FreeOTP.
Authy is still a great 2nd choice option though.
It takes a few seconds to connect your 2FA app to your exchange account.
You can also opt for a hardware 2FA device, such as a Yubico device.
These are top of the range and are the best 2FA devices around.
But, they will set you back around $50.
They’re simple and easy to use, with many people agreeing that they’re actually simpler to use than a 2FA application.
These are far superior to a 2FA app, so if you want to take your security seriously, shell out the $50 or so and get your hands on one of these.
There are other brands out there, but Yubico has the best reputation.
Whitelist Addresses – 5 points
Once your exchange account is all set up and ready to roll, you’ll be able to delve into the more advanced security settings.
In the incredibly unlikely event that a hacker guesses your unique email address, unique password and passes the 2FA verification, there are still ways to protect your crypto.
Some of the better crypto exchanges allow you to create an address whitelist.
Simply put, this is a list of approved addresses that you can send to from your exchange account.
In order to add these wallets to the whitelist, you will need to deposit from them, proving ownership.
Once the whitelist is set, you’ll only be able to withdraw to these specific wallets.
So, even if a hacker does break into your account, they can only withdraw funds to your wallets.
You will get a notification of a new sign in as well.
So this gives you plenty of time to resecure your account before the hacker attempts to add their wallet to the whitelist.
But, there’s yet another step that a handful of exchanges offer to keep you even more secure!
Manage Devices – 5 points
Let’s say that a hacker manages to jump through all these hoops that you’ve created – there’s a better chance of winning the lottery every week for 2 months, by the way.
A handful of exchanges will grant you the power to manage devices that can log into your account without requiring additional verification.
You will have to pass through this verification process on every device that you wish to use.
But once it’s done, only those approved devices will be able to log in.
This will make your exchange account virtually impenetrable, presuming that you’ve implemented all of these tips.
At this stage, if a hacker manages to break in, you should really buy a lottery ticket.
If you’ve followed all of these steps, your exchange accounts will be more secure than Fort Knox and you can rest easily at night.
But, that doesn’t mean that you should leave crypto on an exchange for long periods of times.
Exchanges have their own issues that your security measures won’t help with.
They can get hacked and even vanish with user funds, just as we saw with Quadriga CX and Mt. Gox.
These tips are just to keep your account safe and secure from hackers, not the whole exchange.
And this brings us nicely to the next area where you can work on your crypto security!
Wallets, Wallets, Wallets!
When you are storing or looking to store your crypto for long periods of time, you should be using a wallet.
Crypto wallets come in all shapes and sizes, so picking the right one can often be tricky.
You can explore the types of different wallets available with CryptoMeister’s guide to crypto wallets.
But for this guide, we’re looking at how you can keep your crypto as secure as possible.
So, we’ll only be covering how to secure your wallet as best as possible.
Pick the Right Wallet – 10 points
There are 3 main categories of wallets in terms of their build.
These are hardware wallets, desktop wallets and mobile wallets.
Most of these are known as hot wallets, meaning that they’re in constant contact with the internet and the blockchain.
Cold wallets, on the other hand, are air gapped at least some of the time.
This means that hot wallets are less secure as they are always “online”.
Cold wallets are more secure and this is why you see exchanges touting their cold storage solutions so much.
Hot wallets are more ideal if you’re constantly using crypto and need it in your life.
Perhaps you’re using DeFi or you use crypto in your daily life to buy goods and services.
For these cases, a hot wallet is more useful as you can access your funds and move them as quick as you need with minimal effort.
On the other hand, if you want to stake or just hodl long-term, then a cold wallet is better for you.
Cold wallets are more secure for the long-term hodl.
So, carefully think about what you want to do with your crypto before you pick a wallet.
This is the first step to making sure your wallet is as secure as possible.
Generally speaking, a cold wallet is always the best option unless you use crypto all the time in your daily life.
But even so, most cold wallets can be used on the fly, they just make the process a touch longer.
Store Your Seed Phrase Safely – 10 points
Once you’ve picked the correct type of wallet for your needs, it’s time to set it up.
The first thing you’ll be asked to do when you load up your wallet is to write down the seed phrase.
This is a 12-word recovery code that will allow you to restore the wallet if you forget your password or lose the wallet.
Where you write this seed phrase is incredibly important as anyone with this phrase can restore your wallet.
And if you lose it, then you could lose access to your crypto – something we’ve seen happen time, time and time again.
You’ve got a wide range of choices here, so pick one that sounds good to you.
You can buy punch cards for seed phrases.
These let you punch out a code that then translates into your seed phrase.
This is a secure and safe way to store your seed phrase, but it’s a bit finickity, especially if you’re new to crypto.
The most common method is to write it down on a piece of paper or card, then store that somewhere safe.
The safe storage space could be in a fire proof safe in your residence, a secure vault or with your lawyer.
People have used safe deposit boxes at banks before, but this isn’t as secure as you might think.
Boxes aren’t insured and often go missing, so avoid using these at all costs.
Finally, you can opt to hide your seed phrase in a game.
For example, some gamers have been writing down their seed phrases in Minecraft.
The exact coordinates of the seed phrase are only known to the owner, meaning that even if someone access the save file, they won’t be able to find the seed phrase easily.
Whatever you do, make sure that you do not store this information anywhere online.
A BBC journalist stored his seed phrase in Gmail, resulting in his crypto getting stolen.
Seed phrases should always be air gapped.
However you store your seed phrase, make sure it’s somewhere safe.
Take Care of Your General Security
We’ve covered the 2 aspects of crypto specific security that you need to focus on.
But, that doesn’t mean that you’ll be totally secure if you just do those items.
You are still incredibly vulnerable in other aspects of your digital life.
Hackers can take over your network or devices, stealing information that you think is secure.
So, let’s run you through general cyber security points that you really need to follow if you’re going to remain totally secure.
A little forewarning.
These might sound a bit tin foil hat, but trust us, if you take these measures seriously, you won’t easily be hacked.
So if you’re being your own bank and dabbling in crypto, you need to turn your defenses up to the max!
Turn Off Your Wi-Fi & Bluetooth – 2 points
When you’re out and about, make sure that you turn off your Wi-Fi and your Bluetooth.
Bluetooth is far more secure than it used to be, but there are still some vulnerabilities with it.
So hackers can inject scripts into your device when you’re walking around town or sat at a café.
If you turn your Bluetooth off, then they cannot do this.
Next up, turn your Wi-Fi off as well.
Your devices will constantly be calling out looking for networks that you’ve previously connected to.
Think of it like your phone shouting out “home, home, is that you?”.
But it does this constantly, always looking to connect to a network.
There’s a device out there known as a Wi-Fi pineapple and it detects these signals.
The user of the pineapple can then quickly throw up a network with the same name as the network your device is looking for.
They often use public network names, such as Starbuck’s Wi-Fi or Airport Wi-Fi.
Your phone then automatically connects to this fake network and the hacker can see all your traffic.
The hacker can then intercept packets and inject packets to your connection.
Hackers can also use this type of “honeypot” attack in order to take over your browser session.
When you leave the network, the hacker is able to resume your session and can access anything that you didn’t actively log out of.
For example, if you just closed a tab that was logged into your Binance or Coinbase account, they can just reload it and they’ll be in.
No passwords or 2FA needed.
This is why you should never use public Wi-Fi, or any network that’s not your own.
You can remain secure on public Wi-Fi if you use a VPN, but this can slow your connection.
So you’d be wise to avoid using public Wi-Fi or just keep your Wi-Fi off all together.
Use Unique Passwords – 10 points
You should be using a unique password for every digital account you have.
This protects you in the event that 1 password gets leaked or stolen.
If all passwords are different, then only 1 account will be compromised at a time.
It’s best to use a 12-character password that consists of lower case, upper case, numbers and special characters.
You can use password generators and storage apps like LastPass and 1Password to help you with this.
Use the random password generators to create a unique master password and make sure you store this offline, similarly to your seed phrase.
By doing this, you protect all of your accounts from being hacked in the event 1 site gets breached.
Use Multiple Email Addresses – 5 points
We talked about using a unique email address for every single crypto exchange that you use.
But this is slightly different.
If you create a handful of email for different purposes, you protect yourself a lot more.
The more accounts you have, the more secure you’ll be.
But, generally speaking, if you create one for online shopping, one for social media, one for newsletters and a personal one, then you should be fine.
Use each email specifically for each purpose.
Then, if one site gets compromised, it’s only the email address associated with a handful of accounts that’s out there in the wild.
You should only use your personal email address with people you know in real life and trust.
You can then add all these email addresses to a mailbox client and manage all your emails in one place.
Never Ship to Your Home Address – 5 points
If you want to keep yourself as safe and secure as possible, never ship items to your home address.
Always use a PO box or your office’s address when shopping online.
In the event that a company is hacked and your details are leaked, you don’t want your home address leaked.
This especially goes for items that are related to cryptocurrency.
Take a look at the Ledger database hack.
It took the company more than 6 months to tell its customers that its database was hacked and their home addresses were leaked.
The worst part is that this is a hardware wallet company.
This gave unsavory characters a shopping list of addresses, names and the knowledge that they all store crypto in a hardware wallet.
If people ship to a PO box or office address, it prevents the true home address from being revealed in these types of attacks.
This is far safer and you don’t need to worry about gunmen showing up at your house to steal your Bitcoin.
Update Your Firmware – 10 points
Hackers are constantly trying to find backdoors and other ways to infect devices in order to access your data.
As a result, developers work tirelessly to patch bugs before they can be exploited.
So, to keep your hardware secure, you should constantly check for updates.
Every piece of hardware you own will have updates ready for it, so spend some time every now and then checking and updating.
Mobile phones, tablets and computers are the obvious items that spring to mind, and will often be covered by auto updates.
But, you have other devices around the home that do need to be updated.
One of the most overlooked items is your router.
Routers are the gateway to your network, and if a bug is exploited on this bit of hardware, then your entire network falls.
These days, most routers come with a handy app that lets you control the network.
So, once or twice a month while you’re sat in bed, open up the app and check for a firmware upgrade.
Older routers will require that you log in to the router and navigate some clunky menu.
You can find most router pages by typing in 192.168.1, or 192.168.0.
The admin and password will be on a sticker located somewhere on your router.
There was a scandal in India where more than 30,000 MikroTik routers were shipped with the CoinHive cryptojacking script pre-installed.
This is the type of thing that you need to avoid, so do check for updates as often as you can.
New firmware means that any bugs that hackers knew about will be patched, keeping you safe.
Change Default Settings – 5 points
While we’re on the subject of routers, it’s probably a good idea to go into a few more details here.
Your router will come packed with a bunch of default settings, and it’s wise to change some of these up.
All routers have the option for remote access.
What this means is that a device from outside of your network can connect to your router as an admin.
Find this in your router’s settings and make sure that it’s disabled.
You should also change the network password away from the default one that it came with.
For this, use a password generator and make sure that it’s 12 characters in length, using lower case, upper case, numbers and special characters.
The more complex a password is, the longer it takes a hacker to crack.
Here are some examples of this in practice.
|Password length||Password||Time to Crack Password*|
|12||[email protected]||5,389,762 years|
As you can see, the longer your password, the longer it’ll take a hacker to crack it.
This also goes for every single password that you use.
The longer your password, the more secure it is.
At the end of the day, it only takes you a few more seconds to type in the extra characters to join your network, but it makes your network far more secure.
It’s a small price to pay for peace of mind.
As a side note, please don’t use any of these passwords, they’re just here as an example.
Then we come to port forwarding and using the DMZ.
A lot of people that want to game will be tempted to fiddle with these settings.
Opening up the wrong port or putting the wrong device in the DMZ on your router will put it at risk, and potentially your network.
So, unless you know what you’re doing, it’s best to steer clear of using these features.
If you must use them and are unsure on how to correctly port forward, speak to an expert.
It’s better to pay a small fee for assistance than accidentally expose your network to hackers and end up losing all your crypto.
Don’t Click Links or Download Files – 10 points
One of the very last points for you to absorb is something that should be common sense.
But, unfortunately people are still far too trusting and believe that a Nigerian prince is trying to send them a tax return from the UK.
Unless you are 100% confident that you know the sender of an email, assume that it’s a scam or packed with malware.
The same goes for random people that message you on WhatsApp, Telegram, Facebook, Reddit or any other platform, for that matter.
The best way to authenticate the identity of the author, check the sender’s email address.
Make sure that it’s spelt exactly as the official email address is.
Another telltale sign is that you’re being threatened or something sounds too good to be true.
For example, there has been a spate of spam emails flooding Europe recently, where the scammers pretend to be the police.
They then claim that you’re going to be arrested if you don’t send money via Western Union to an account.
First up, police don’t warn you about your impending arrest – they just smash your door down.
They also wouldn’t ask you to send money via Western Union – you’d have to go to the local station to pay in person.
Look out for signs like this and you’ll be safe.
Only if you can verify without a shadow of a doubt that the sender is legitimate should you click links or download files.
If you’re not sure, you can always call up the company and ask them to verify that they sent a specific email or letter.
Some companies will allow you to enable encrypted emails.
If you have an email client that supports this, such as Proton Mail, then you will instantly know the scammers from the real emails.
The fake emails won’t be encrypted!
However, this is still not offered everywhere and it’s just beginning to catch on, so you won’t find it available everywhere.
Be Smart. Be Safe!
If you follow all of these points, your cyber security will be on point.
You’ll have made it so hard to hack you that 99% of hackers will leave you alone.
However, there is still a tiny chance that a really dedicated hacker could still get in.
Chips are designed with backdoors for the NSA to use, and they’ve admitted to this.
But, the chances of these being used to hack you are incredibly slim.
These are unbelievably expensive hacks to pull off and are not worth it if your portfolio is worth less than several million Euros.
Even if your pot is worth that much or more, then there’s still a good chance that you’ll never get hacked if you use all of these items.
As long as you’re sensible and treat everything with an extra dose of caution, then you’ll be fine.
Now, it’s time to tally up your points!
The more points you have, the more secure you and your crypto are!
|Number of Points||Your Security Level|