Learning to secure your digital coins properly is a vital step as you journey down the cryptocurrency rabbit hole. It's not just all about storage either. Nowadays, many cryptocurrency holders interact with DApps in the DeFi world, so you should also learn how to use your coins securely.
Just like you wouldn't allow an untrustworthy business to handle your money, you also shouldn't trust your coins with any random DApp. The same goes for exchanges where you purchase and trade crypto. In this guide, we'll discuss some ideal practices on how to keep crypto safe as much as possible.
How to Keep Crypto Safe
Assuming that you’ve already purchased some crypto, your next priority should be placing it somewhere safe. If you're not leaving it on the exchange to trade later, the only other option is a wallet. Wallets differ in the ownership of your private keys and their connection to the Internet. The choice between them depends on the level of security you're comfortable having.
Use Cold/Hardware Wallets
To eliminate the significant online attack vector, many opt instead to keep their keys offline at all times, and they do so with cold wallets. Unlike hot wallets, cold wallets don't connect to the Internet. Previously, some cryptocurrency holders would keep a paper wallet: a printed piece of paper containing the wallet's private key, usually in the form of a QR code. However, we now see this as an outdated, risky security mETHod and your best option for cold storage is definitely a hardware wallet.
Hardware wallets (such as the Trezor One or Ledger Nano S) aim to provide a better user experience while adopting a similar principle of keeping the private key offline. These are more portable, cheaper than a full PC, and custom-made for cryptocurrency storage.
The physical devices store your private keys securely and never need to connect to the Internet. A good hardware wallet ensures that private keys never leave the device. They're usually held in a special place in the device that doesn't allow them to be removed.
Secure your Seed Phrase
Your 12, 18, or 24-word seed phrase is extremely important to keep secure and safe. Anyone who has access to the phrase can import your keys into their wallet and steal your funds. You may also have a JSON file or individual private keys that act the same as a seed phrase. Think extremely carefully about how you manage your keys by following our tips below.
1. Keeping your seed phrase saved on a device connected to the Internet isn't recommended. If you download a virus or your computer is hacked and controlled remotely, your phrase can be compromised.
2. Offline storage is much more secure. You could store the phrase physically or on an offline device. Even if you have a cold storage device that we'll discuss later, you should also backup the key if your device breaks.
3. If you decide to store your phrase physically, think about the material you'll use and where you'll keep it. Writing the words on a piece of paper that can be destroyed or easily lost at home isn't a good idea. You might want to use a safety deposit box in a secure location or store the phrase with your bank. Some people will even engrave their seed phrase onto metal as it can't be easily destroyed or use metal letters on a seed board.
Only Invest in Audited Projects Ideally
Audited projects are more secure options to invest your tokens and coins with. If you're interacting with smart contracts, staking in pools, or providing liquidity, it's recommended you always look for projects with audits.
An audit analyses a DApp's smart contract code. The auditors will look for backdoors, exploitable scripts, and security issues. These are reported to the project founders, who then make changes to the code. Any changes are added to the final report to show users the complete, transparent process. The final report can then be made public.
While an audit cannot guarantee a project's safety, the chance of your funds being more secure does improve. It would be unwise to invest money in a project that has no audit available. Some smart contracts handle a massive amount of funds which makes them attractive to hackers. If auditors don't check the code, they become easy targets.
Avoiding Scams
Cryptocurrencies, unfortunately, attract many scammers. People look to exploit other users and take their crypto, and once the funds are stolen, there is usually no way of getting them back. Scammers abuse the anonymous nature of cryptocurrencies and the fact that many users directly control large amounts of funds.
You should always be vigilant and never send money to users you don’t know. You should also always check the identity carefully of anyone you do send money to. Here are some of the most common scams to look out for:
1. Phishing - You may receive an email from an exchange or other service you use, asking you to log in or provide personal information. However, this may be a scammer looking to steal your information.
2. Fake exchanges - These are often mobile apps or websites which imitate the look of an exchange. Once you enter your details, a scammer will then use it to access your real account.
3. Blackmail - A scammer may send you malware that holds your files for ransom. To pay, you will most likely have to send Bitcoin or another currency to get them back. You may not even receive the files after payment.
4. Pyramid and Ponzi schemes - You may be offered to participate in a new project and purchase its coins or enter a special deal requiring you to make a crypto payment. However, a deal that’s too good to be true often is. Do your own research to make sure what you’re investing in is safe.
5. Impersonation - Someone may pretend to be an official, person of trust, or even friend. They will then ask you for crypto or information that you would not typically give out. In this case, always double-check someone is who they say they are.
Other Good Security Practices
- Pick a secure exchange to purchase and store your cryptocurrencies
- Secure your crypto accounts with two-factor authentication (2FA)
- Regularly change your crypto accounts’ passwords
- Be cautious when signing approvals that allow crypto dApps to access your funds
- Regularly revoke wallet permissions
What is the Most Secure Storage Option?
Unfortunately, there's not a single answer to that question – the answer largely depends on your risk profile and how you use your cryptocurrency. For instance, an active swing trader will have different requirements from a long-term HODLer. Or if you run an institution that handles large amounts, you'd probably want a multi-signature setup, where multiple users need to agree before funds can be transferred.
For regular users, it's a good idea to keep the funds you're not using in cold storage. Hardware wallets are the most straightforward options – but make sure you test them out with small amounts to get comfortable first. You'll also want to keep your keys backed up elsewhere as per our tips above in case the device itself is lost or fails.
Online wallets are great for small amounts that you're using to buy goods and services. If your cold storage is like a savings account, your mobile wallet is like the physical wallet you carry around. Ideally, it should be an amount that, if lost, would not cause you serious financial issues.
For lending, staking, and trading, custodial solutions are your best bet. Before putting your funds to use, though, you should come up with a plan for how much you're allocating (e.g., with a position sizing strategy). Remember that digital currency is highly volatile, so you should never invest more than you can afford to lose.
Closing Thoughts
When it comes to how to keep crypto safe, the blockchain industry today provides many security measures. From trading through to storing and using your crypto, simple tips are effective in keeping your funds safe. In terms of storage, each alternative has its benefits and drawbacks, so it's essential to understand the trade-offs. As always, make sure to do proper research into anywhere you’re putting your money or crypto.
