You should always keep your crypto secure whether you’re purchasing, storing, or investing. Losing your coins and tokens is, in the vast majority of cases, permanent.
If you trade cryptocurrencies on centralized exchanges, use ones that are regulatory compliant with KYC and AML checks. Peer-to-peer trading and decentralized exchanges with audits have the best chance of security.
There are multiple options when it comes to storing your crypto securely. You can keep your crypto on a regulated exchange, which is practical for newcomers and traders. However, you don’t own the keys to the wallet.
A non-custodial wallet where you own the keys provides more security, and the more secure option is to keep it in a wallet not connected to the internet like a cold storage device. In both cases, keep your private keys safe in an offline, secure place.
Use audited DApps to improve your security and regularly check which DApps have permission to use your wallet. Remove these permissions as soon as you’re finished using the DApp.
At the core of cryptocurrencies is the idea of self-sovereignty – the notion that a user can act as their own bank. Secure your funds properly, and they'll be harder to reach than even the most well-guarded of bank vaults. Fail to do so, and you run the risk of someone remotely emptying your digital wallet.
Learning to secure your digital coins properly is a vital step as you journey down the cryptocurrency rabbit hole. It's not just all about storage, either. Nowadays, many cryptocurrency holders interact with DApps in the DeFi world, so you should also learn how to use your coins securely.
Just like you wouldn't allow an untrustworthy business to handle your money, you also shouldn't trust your coins with any random DApp. The same goes for exchanges where you purchase and trade crypto. In this guide, we'll discuss some of the best techniques for keeping your crypto assets safe wherever they are.
Purchasing crypto securely
Picking a secure exchange
To use an exchange, you'll need to transfer your funds into its custodial wallet. Giving the exchange responsibility for your coins can provide some security depending on your outlook. If you aren’t familiar with wallets or are new to cryptocurrencies, you may be more secure using the exchange’s wallet. This saves you from accidentally locking yourself out of your wallet and losing your crypto.
However, some people prefer the security of controlling their funds directly. You may have already heard the phrase “not your keys, not your coins”. If you don’t actually own the wallet, then someone else can control your crypto. You can check our storage section later on for more information.
If you need to use a peer-to-peer service, make sure it requires KYC for both buyers and sellers. Ideally, it should also offer an escrow service. While it doesn’t remove the risks completely, a third party holding your funds in escrow provides both the buyer and seller more protection from scams.
How to secure your account
If you signed up for your exchange or chosen trading method, follow standard good practices to keep your account safe. These tips are no different from those you would use for your online bank account or other sensitive information. Preventing people from getting access to your account and its funds is easy by:
How to store your crypto securely
What is a private key?
If you look that number up on Google, you'll see the only occurrence is in this article (unless it's been subsequently copied elsewhere). That should give you an idea of how truly random the number is – the odds of anyone having ever seen it before are astronomically low.
We won't get into depth on how this is done in this article. All you need to know is that, while it's easy to generate a public address with the private key, doing the reverse is impossible today. That's why you can safely list your public address on blogs, social media, etc. No one can spend the funds sent to it without the corresponding private key.
strike sadness boss daring voice connect holiday vintage quantum pony stable genuine
Unless you deliberately choose to use only one private key, you'll probably be asked to back up a seed phrase when you create a new wallet. When we discuss key storage later, the term keys will be used interchangeably to describe both private keys and seeds.
How to secure your seed phrase
Your 12, 18, or 24-word seed phrase is extremely important to keep secure and safe. Anyone who has access to the phrase can import your keys into their wallet and steal your funds. You may also have a JSON file or individual private keys that act the same as a seed phrase. Think extremely carefully about how you manage your keys by following our tips below.
Hot wallets vs. cold wallets
A hot wallet is any cryptocurrency wallet that connects to the Internet (e.g., smartphone and desktop wallets). Hot wallets tend to provide the most seamless user experience. They're convenient when it comes to sending, receiving, or trading cryptocurrencies and tokens. But this convenience often comes at the cost of security.
Hot wallets are inherently vulnerable because of their Internet connectivity. Though private keys aren't broadcast at any point, there's a possibility that your online device can be infected and remotely accessed by malicious actors.
This isn't to say that hot wallets are completely insecure – they're just less secure than cold wallets. Hot wallets are superior on the usability front and thus are the generally preferred option for holding smaller balances.
To eliminate the significant online attack vector, many opt instead to keep their keys offline at all times. They do so with cold wallets. Unlike hot wallets, cold wallets don't connect to the Internet. Previously, some cryptocurrency holders would keep a paper wallet: a printed piece of paper containing the wallet's private key, usually in the form of a QR code. However, we now see this as an outdated, risky security method. Your best option for cold storage is definitely a hardware wallet.
Custodial vs. non-custodial
Crypto exchanges provide a much more convenient experience for users that aren't concerned with third-party custody of their funds. One of the risks of being your own bank is that no one can come to your rescue if something goes wrong.
If you lose your private key, you'll never recover your funds. If you lose your account password, on the other hand, you just need to reset it. You're still at risk of having your credentials stolen, so you need to ensure that you're taking the suitable precautions we mentioned above to secure your account.
What's the most secure storage option?
Unfortunately, there's not a single answer to that question – this would be a much shorter article if there was. The answer largely depends on your risk profile and how you use your cryptocurrency.
Online wallets are great for small amounts that you're using to buy goods and services. If your cold storage is like a savings account, your mobile wallet is like the physical wallet you carry around. Ideally, it should be an amount that, if lost, would not cause you serious financial issues.
Using Decentralized Finance and DApps securely
Unless you've studied the smart contract yourself and understand exactly what it does, there's always a chance of a backdoor exploit. Typically, projects go through auditing to prove that their smart contracts are safe. Certik is a famous provider of audits, but this reputation still doesn't always guarantee safety.
A compromised project will ask for permission to move unlimited or large amounts of tokens. Less experienced users are more likely to accept these and become victims of fraud. Even if you remove your funds from the DeFi platform, the project may still have some control and be able to steal them. Hackers can also attempt to manipulate and abuse smart contracts. Once again, if you've given permission to a project, you could be at risk in this situation.
How to revoke wallet permissions
You'll now see a list of smart contracts that have permissions in your account and how much they are approved for. To revoke the permission, click the button circled in red below.
Use audited projects that offer more security
As we mentioned above, audited projects are more secure options to invest your tokens and coins with. If you're interacting with smart contracts, staking in pools, or providing liquidity, it's recommended you always look for projects with audits.
An audit analyses a DApp's smart contract code. The auditors will look for backdoors, exploitable scripts, and security issues. These are reported to the project founders, who then make changes to the code. Any changes are added to the final report to show users the complete, transparent process. The final report can then be made public.
While an audit cannot guarantee a project's safety, the chance of your funds being more secure does improve. It would be unwise to invest money in a project that has no audit available. Some smart contracts handle a massive amount of funds which makes them attractive to hackers. If auditors don't check the code, they become easy targets.
Certik regularly updates their list of audited projects, along with their rating out of 100 and other important information.
How to avoid scams
Cryptocurrencies, unfortunately, attract many scammers. People look to exploit other users and take their crypto, and once the funds are stolen, there is usually no way of getting them back. Scammers abuse the anonymous nature of cryptocurrencies and the fact that many users directly control large amounts of funds.
You should always be vigilant and never send money to users you don’t know. You should also always check the identity carefully of anyone you do send money to. Here are some of the most common scams to look out for:
When it comes to keeping your cryptocurrencies secure, the blockchain industry today provides many security measures. From trading through to storing and using your crypto, simple tips are effective in keeping your funds safe. In terms of storage, each alternative has its benefits and drawbacks, so it's essential to understand the trade-offs. As always, make sure to do proper research into anywhere you’re putting your money or crypto.