You need crypto security tips because the fastest way to lose all of your money is to lose all of your coins.
You need crypto security tips because the fastest way to lose all of your money is to lose all of your coins.
In the few years that DeFi has been around, there have been over $10B in losses on scams and cyber-attacks. Companies aren't doing better in this crypto winter, as more and more crypto exchanges are freezing withdrawals without warning. And while you might think that none of these put you at risk, sometimes the risk comes from yourself.
According to Chainalysis, 2 out of every 10 Bitcoins are forever lost on forgotten accounts (hence why there are so many “holders”). That was in 2020 when crypto adoption wasn't nearly where it is today.
The data shows how, every day, countless people lose money on crypto scams, hacks, suspended accounts, lost wallets, and unreliable stablecoins. So if you don't want to contribute to those statistics, it's time for a security check. Here are 10 security tips the pros use to make crypto investing (almost) risk-free.
You see, crypto security is more than protecting against hackers. You may lose your coins because of an unreliable exchange, or because you didn't back up your private keys responsibly. A good security system means that no matter the economic events or mistakes that you make, your coins will be safe.
The safest system in all finance is, in theory, blockchain payments:
However, there are widespread misconceptions about this security:
In short, crypto security is very relative to how you use cryptocurrencies. The following 10 security tips are ordered from highest to lowest priority. And if you follow them, your coins will be safer than in a bank.
Decentralization is the essence of blockchain, and it couldn't be more true for cyber-security. No matter how safe your system is, it's far from perfect. Programmers make mistakes, and so do we when storing crypto.
Chances are you're going to lose sometimes anyway, so why keep all your eggs in one basket? If you spread your risk, you won't have to lose sleep worrying about the 100 different ways of losing. Many risks are unpredictable, but you can decide how much to lose:
For example, you can create 5 Metamask accounts managed by you and connect them to a Gnosis Safe Vault. One condition might be 3 out 5 confirmations to send crypto outside the wallet. So you would sign into 3 of those wallets and click Confirm or Decline.
Most security incidents start with giving away control. And unless you're the only one who can access the wallet, you really can't do much to protect against threats. Trustworthy or not, third-party security creates a single point of failure.
If you can take over the central node, you can manipulate the entire network and breach thousands of user wallets.
Offline "cold" wallets are self-custodial, although not as practical. The best online alternative is Web3 wallet dApps (decentralized applications) like Metamask. It's built exclusively on the Ethereum network, which works like a computer server with no central nodes. (You can't take down the network by shutting down one data center. Ethereum itself doesn't own any servers.)
What happens if you keep most of your coins in custodial wallets? The company might decide to freeze your account, suspend withdrawals, or change terms without notice. And because exchanges manage millions of balances, they're the no.1 target for cyber-attackers.
In crypto, decentralization goes hand-in-hand with security. Decentralized wallets are a good first step, but security consists of multiple layers. No matter how safe a dApp is, it can only be as secure as the underlying blockchain (network layer).
As beginners, we might see all cryptocurrencies as decentralized and safe. But if they were secure and efficient, then why would there be so many?
Decentralized blockchains have several validators, fair consensus mechanisms, and systems that prevent users from centralizing:
These are the most popular blockchains with dApp ecosystems. So if you're going to store crypto, choose secure networks like Ethereum (Metamask), Avalanche (Avax Wallet), Bitcoin (Bitcoin Wallet), or Cardano (Yoroi). All smart-contract networks have at least one wallet dApp.
The costliest mistakes are sometimes the dumbest ones. It's not the first time someone sends crypto to the wrong address. Crypto.com lost $7.2M on a typo in August 2022.
While it's standard practice to copy and paste the address, it can still go wrong. Maybe you misclicked a letter, or you chose the wrong network, or the person misspelled the wallet address. When it comes to large amounts, it's worth spending extra fees on test payments.
Whether it's $1,000 or a $1M transaction, start with ~$20. If that payment goes through, then it's safe to send the big bucks. There won't be typos, as the only field you need to change is the amount.
If you don't want to do this every time, consider:
Linking your wallet address to a human-readable domain NFT. Yourname.eth is easy to remember and shows the same alphanumeric address.
You can only benefit from blockchain security as long as you stay in crypto. The moment you sell for fiat currencies, you're back to the old problems of banks, exchanges, and brokers. Traditional finance isn't decentralized, but DeFi platforms don't support fiat exchanges yet.
Whether you want to protect against volatility or buy goods and services, the best way to “sell” is to buy secure stablecoins. Stablecoins are programmed to always have the same price as the underlying currency. For example, USDL is an over-collateralized stablecoin that regulates its token supply, so 1 USDL is always redeemable for $1 worth of PLS.
If stablecoins are equivalent to electronic money, safer, and just as practical, why not use them instead? More and more businesses accept cryptocurrencies for payments, and eventually, you might be able to buy anything. Stablecoins also give you access to DeFi services (lending, staking, yield farming), which aren't as flexible and profitable as traditional finance (CeFi).
If you have more crypto than you need, you might be tempted to trade larger amounts, take more risks, or overspend. As you grow your crypto portfolio, it becomes increasingly important to save and invest long-term. But if you're going to hold, there's no reason not to upgrade your security.
Cold storage refers to crypto wallets that you can only access with physical keys. A typical Web3 wallet has private keys hidden in the account settings (so anyone can find them if they have your device and password). But a cold wallet doesn't show them: you need a hardware key (e.g., Trezor, Ledger) or a specific device (e.g., Exodus for desktop, Mycelium for mobile), also called local storage.
A common misconception is to think of cold storage as offline wallets. Only private keys are offline, as all blockchains need the Internet to work. Because the actual balance is online, you can still benefit from features like cold staking and exchanging. If you use a physical Ledger device as the only way to unlock a Metamask wallet, that's a valid cold storage example.
However, cold storage is ineffective if you fail the basics of cyber-security.
Think about how essential mobile phones have become for security. This one device allows you to update passwords, recover accounts, or change security requirements. It's not uncommon to save passwords on notes, screenshots, and password managers.
If someone can access your device or primary account, they can unlock everything else. Crypto security starts with basic cyber-security, both on the hardware and software side:
Ironically, it's easier to lock yourself out with a complex security system. So instead of using all these tips, choose the ones you can follow consistently.
Some mistakes are hard to see unless you make them first. But you don't have to lose money if you can learn from other's mistakes. One website to keep track of the news is Web3IsDoingGreat.com.
If you find that a crypto exchange was breached, it might happen to others you use. If some bad news affects the overall blockchain, then everything under it is at risk, from the dApp ecosystem to the price. For example, the previous UST crash motivated the audit of other stablecoins and the development of better ones.
As confident as you might be about your crypto security, it can always be better. It's definitely not perfect, and it's better to find those flaws before a cyber-attacker does. Most security problems in blockchain are still undiscovered.
To update security, you can:
Crypto payments are considered pseudo-anonymous, which means they are identifiable. You can look at the transaction history to identify the account balance, habitual sending addresses, and even IP addresses. Someone with network access (like Internet providers, governments, or intelligence agencies) can find out your identity. So crypto isn't safer than cash.
It might be if you trade crypto for cash in person.
Note that there are privacy coins that do achieve anonymity (like Monero) via mixnets, ring signatures, and other obfuscation methods.
Well, can the Internet be shut down? Arguably yes, if you can shut down every single telecom company, each with hundreds of data centers. Like the Internet, blockchains will be online as long as there's at least one provider. And because blockchain is online-based, shutting down the Internet would also paralyze all crypto.
Taking over thousands of nodes worldwide is no easy feat. It's expensive and not possible (permanently at least). So if you're using large networks like Ethereum, you can rest assured that it won't disappear overnight (whereas banks might if there's a considerable economic downturn).
Banks boast of their security with encrypted website back-end, tall buildings, and Government-backed insurance. The question isn't whether someone can steal it or not, but if they can protect your buying power. Banks only have so much liquidity (definitely not enough if everyone decides to cash out at once), and so does the FDIC (trillions of dollars currently uncovered). Not to mention currency devaluation.
If borrowers can't pay back their loans, central banks will order to print money to devalue that debt, reducing your buying power.
Most cryptocurrencies have a limited supply, and the most traded ones tend to gain price long-term. Blockchains are also autonomous, so there's no third party controlling when or how much money you can get out. But a bank can go out of business or reduce withdrawal limits to protect liquidity. Crypto is safer.
Disclaimer: Please note that nothing on this website constitutes financial advice. Whilst every effort has been made to ensure that the information provided on this website is accurate, individuals must not rely on this information to make a financial or investment decision. Before making any decision, we strongly recommend you consult a qualified professional who should take into account your specific investment objectives, financial situation and individual needs.
Max is a European based crypto specialist, marketer, and all-around writer. He brings an original and practical approach for timeless blockchain knowledge such as: in-depth guides on crypto 101, blockchain analysis, dApp reviews, and DeFi risk management. Max also wrote for news outlets, saas entrepreneurs, crypto exchanges, fintech B2B agencies, Metaverse game studios, trading coaches, and Web3 leaders like Enjin.