Practical Guide To Crypto Security

Security is the most important aspect to manage in the crypto space. It’s crucial to follow best practices for online safety and cryptocurrency storage. This resource covers some of the best practices for staying safe in crypto.

Key Takeaways

• Prioritise doing the basics well, such as using a password manager, running virus protection, and enabling 2FA whenever possible.
• Never share a recovery phrase and store it offline (e.g. piece of paper).
• Beware of illegitimate crypto projects (i.e. ‘rug pulls’) and phishing attacks. These are the two most common ways people lose money in crypto.
• Consider doing test transactions before sending large amounts of crypto.

#1. Nail The Fundamentals of Basic Security

There are a few fundamental steps to start with that aren’t just related to cryptocurrency but are great for overall online security:

• Use a password manager and create unique long passwords.
• Have active virus protection on your computer or device.
• Activate two-factor authentication (2FA) across all financial and social accounts.

#2. Never Share Recovery Phrases

When setting up a Cold Storage wallet you will get a recovery phrase (or seed phrase). This is a backup in the event an account or device is lost. Usually, this phrase consists of 12 or 24 words.

Recovery phrases should never be shared with anyone. Unfortunately, many scams are possible because users are tricked into sharing their recovery phrases (e.g. a scammer impersonating a customer service representative).

#3. Be Mindful of Scams

It is vital anyone online is constantly vigilant. Here are two main types of scams to watch out for:

• Rug pulls and illegitimate projects. This is where a group of people will create a token, promote it and raise funds before disappearing. This is known as a ‘rug pull’. Usually, this happens to extremely small cryptocurrencies and they will have one or more of the following warning signs:
  • No public information about the team, meaning they are anonymous or pseudonymous.
  • The project has an unusually high following on social media, likely because they have paid for bots to increase their perceived legitimacy.
  • The team often highlights the token’s price performance.
  • The project’s website is full of buzzwords and lacks any detail.
• Phishing attacks: Phishing is when scammers trick users into thinking they are on an official website when they are actually on a fake site designed to look legitimate. A great way to avoid visiting the incorrect site is to bookmark the official one. Funds could be drained if a wallet is signed on such a site. (CoinSpot offers anti-phishing phrases to help protect users.)

#4. Practice Wallet Segregation & Cold Storage

A hardware wallet requires manually plugging in and typing on a device to move cryptocurrency. At the very least, a cold wallet—a fresh wallet not connected to the internet—will ensure crypto can’t be accessed if the computer is compromised. This extends to not storing important recovery phases in cloud-based storage (e.g. iCloud, Google Cloud).

A common security practice is to keep long-term cryptocurrency and NFT holdings in one wallet while keeping all other cryptocurrencies in another wallet. This can significantly reduce damage in the unfortunate event of a phishing attack.

#5. Test Transaction With Small Amount

Transferring cryptocurrencies into personal custody is important, but there is no undo button once a transaction has been completed.

Once the correct address is understood, it’s best to send a small transaction when using a new wallet or sending a significant amount. Following these guidelines can bolster security and increase confidence when using crypto apps.

Summary

Security is constantly changing, with new threats and best practices always emerging. This is as true in the crypto space as it is anywhere else. We hope these practical security measures help you stay safe and secure online.