What is it like to lose your entire portfolio on a security mistake you could prevent in two minutes? Crypto wallet security is underrated until it’s not. There are many ways to lose money other than trading, and cyber-attackers don’t precisely care about the size of your account.
We often associate cyber-threats with crypto security. But there are more likely ways to lose crypto that don’t involve malware or fraud. And if you don’t want to find out, it’s worth learning the most common mistakes.
Whether you use a cold storage wallet or web wallet, ERC-20 tokens, or NFTs, there’s always something you can do to protect your digital assets.
Blockchain technology is in many ways safer than traditional financial systems. Crypto wallets are not. Why?
Take Ethereum for example. It’s a decentralized network with autonomous, trustless programs (called smart contracts). It uses a secure proof-of-stake mechanism to keep consensus in a public, immutable database.
However, there are thousands of ways to buy Ethereum. You can use exchanges, crypto-fiat platforms, P2P sites, wallet companies, or decentralized applications (Web3 wallet dApps). While the Ethereum network might be “secure,” the platform used to store crypto isn’t necessarily:
We should not confuse blockchain-level and app-level security.
e.g., A wallet built on the public Ethereum network isn’t the same as a wallet built on privacy blockchains like Monero.
You can still lose security in an app built into a secure network. Inversely, an app cannot guarantee security if the network doesn’t. You need both.
That doesn’t mean you shouldn’t use popular blockchains because they’re not secure enough. They’re worth using, as long as you know how to prevent risks and compensate for their limitations.
When planning crypto wallet security, this is the most concerning problem:
Cryptocurrency is achieving fast mass adoption, and crypto scams are no exception. Not only are there more fraudsters, but they seem to come up with new schemes as quickly as blockchain innovations happen. It’s not surprising their biggest successes occurred right after Bitcoin’s 2017 boom, or the 2020 DeFi summer, or the 2021 NFT hype, or now with Metaverse.
The fear of missing out on these trends is what makes people vulnerable to so many tricks. Namely:
While these are the most alarming events, you’re more likely to lose money the second way.
Until recently, centralized platforms were the norm. If you want to use financial services or buy crypto, you go to the most popular exchange. Many have liquidity, which allows companies to offer higher returns or lower fees than most dApps.
Where is the problem? It’s a trust-based relationship, which defeats the purpose of trustless blockchains:
The alternative to delegated custody is self-custody, which has its own risks. Calculated, smart risks.
When you take control of your crypto wallet security, a lot can go wrong. Especially when buying crypto the first time:
You can learn these by losing money on mistakes, or you can learn them now with the right security habits.
Whether it’s a scam, a custodial platform, or yourself, there are two things to know about crypto wallet security:
Here are the steps from most to least important:
The easiest way to fall for fraud is to believe there is none. Scammers trick people because they impersonate the last people you would suspect. It might be Michael Sailor, the Binance team, Ledger customer support, or the market analysts you follow on social media.
Sometimes it’s a misspelled chatbot, sometimes it’s not that obvious. If they’re using these tricks, it’s because someone falls for them. You don’t want to be that person.
There are several scams in crypto, but the most common by far is phishing/impersonation:
Simply don’t share private keys with anyone (including support teams). As for email messages, watch for the unique phrase and email address of the sender. As for money opportunities, they’re easier to expose when you ask on online communities.
Airdrops are marketing strategies that introduce new projects to their first community users. They get free tokens for participating, and if it’s a good project, people will share it with others. Plus, you’re more likely to hold crypto when you get it for free.
Sometimes, airdrops are baits for phishing scams:
This sequence allows scammers to access your wallet funds. And while it doesn’t show your tokens, they can go to block explorers to find out from your transaction history.
If something seems too good to be true, remember there are countless airdrops out there. You’re not missing out if you don’t take the risk.
The three common contracts you will sign are:
The first “contract” is free and gives the platform the permission to request further contracts. The token approvals ensure that smart contracts can only use the approved token for an amount. If you’re swapping 1 ETH for PLS, you might get a request to enable PLS for equivalent to ~1 ETH.
However, a fraudulent platform might request something different. Like enabling all tokens for unlimited quantities. Or granting permission to auto-approve any transactions. Many smart contracts also have admin keys, a form of special control that allows founders to break the rules of their protocol.
Read carefully before signing contracts. If you believe the platform is secure, you can create a secondary wallet just to be safe. You send only the tokens you will use and remove all permissions when done.
This is one of the most stressful ways of losing crypto. Imagine sending a large crypto amount and it never arrives. Maybe the network is congested, maybe you wrote the wrong address, maybe it’s a different network.
A rule of thumb is to make test payments when possible. If it succeeds with $50, it will go through with $10,000. If it doesn’t, at least you lost nothing and can try something else.
To avoid lost transactions:
Sharing your private keys is like granting all admin permissions. You wouldn’t do that with a WEB3 platform, yet we do it all the time with regulated exchanges. Centralized platforms don’t share your privates with you, and neither should you.
To find your private keys, you go to settings and enter a password. It’s an alpha-numeric code that should store offline in case it’s lost or breached. Same with the 12-to-24-word seed phrase.
If you have to share them, do this instead:
Even when sharing with a trusted person, they can still accidentally put your private keys at risk. You can share control and still protect your wallet with a multisig wallet. This means a transaction requires the approval of all admin devices or users involved.
It’s like having your own private blockchain for your team. If you try to set multi-signature keys with Gnosis Safe, you’ll find out it’s easier to do than it sounds. With this security system, you can connect to 10+ web wallets like Metamask and use all Ethereum dApps.
You can add further verification steps with phone numbers, fingerprint screen locks, 2-factor authentication, and hardware keys.
Would it make sense to you if you could protect your life crypto savings with $100? Hardware wallets like Trezor cost less than that, and the value you get is priceless. As new models come up, hardware keys become safer, support more coins, and even interact with WEB3 apps.
As long as you store your private keys online, you’ll always worry about what happens to them. Will there be a cyber-attack on your exchange? What if someone is spying on your devices?
You can keep it offline on a piece of paper you’ll probably lose. Or like the keys to your car, you can get a physical device to keep your investment vehicles. Or if you prefer online wallets instead, you can still limit their access with your Trezor device only.
While important, crypto wallet security isn’t always the priority. It’s part of the risks of owning crypto assets. If you only use the safest platforms, you might miss out on many projects that have better features, fees, or price potential.
Sometimes a bit of trust can go a long way if you understand risk. The large exchange might be convenient, but they’re terrible savings accounts.
The answer isn’t to disregard security or overvalue it. It is to understand the common security problems, so you can prepare and prevent them from losing your crypto in the first place. Web3 wallets are a great improvement from centralized platforms, but crypto wallet security is still our responsibility.
Join The Leading Crypto ChannelJOIN
Disclaimer:Please note that nothing on this website constitutes financial advice. Whilst every effort has been made to ensure that the information provided on this website is accurate, individuals must not rely on this information to make a financial or investment decision. Before making any decision, we strongly recommend you consult a qualified professional who should take into account your specific investment objectives, financial situation and individual needs.
Max is a European based crypto specialist, marketer, and all-around writer. He brings an original and practical approach for timeless blockchain knowledge such as: in-depth guides on crypto 101, blockchain analysis, dApp reviews, and DeFi risk management. Max also wrote for news outlets, saas entrepreneurs, crypto exchanges, fintech B2B agencies, Metaverse game studios, trading coaches, and Web3 leaders like Enjin.