The digital economy is booming and cryptocurrencies have evolved to become a significant part of it. Unlike other digital currencies, cryptocurrencies use cryptography based on blockchain technology to secure and verify transactions. This means that crypto transactions are immutable and take place directly between two parties without the need for intermediaries such as banks and stockbrokers.
Why You Should Secure Your Crypto
While crypto transactions per se are essentially secure, cryptocurrencies can be stolen depending on where they are kept. For example, a centralized exchange is still vulnerable to attack as it has a single point of failure by design, which is why hackers tend to target exchanges. If you keep your cryptocurrencies on an exchange or an online wallet, you run the risk of having your valuable assets stolen from you. And so, as a crypto holder, you must take certain precautions to keep your cryptos safe.
It takes a lot of time to secure your crypto accounts. Not only do you need time to audit your personal security system, but you may also need time to change your current behavior or habits. But if you’re in it for the long haul and value your financial well-being, you need to start taking it seriously. Stop making excuses like you are not used to taking full control of your assets or that the chance of losing cryptos to some hacker is low. Securing your crypto accounts is an absolute necessity once you start investing in cryptocurrencies.
Crypto Security Best Practices
As a crypto holder or investor, it is your responsibility to keep your cryptos safe and navigate the digital world safely. The following are 16 best practices recommended by our co-founder, Bobby Ong.
1. Never reuse passwords
The most common thing that many people do when logging into different website services is to use the same password for all of them so that they don’t have to remember too many passwords. However, this is a risky thing to do because certain websites could leak your password and hackers would take advantage of this. It’s only a matter of time until your password is compromised and your accounts are hacked. So always use unique passwords. If you want to know if your password has been leaked, visit https://haveibeenpwned.com.
2. Use a password manager
Creating a unique password for each site can be difficult – how can you remember them all? To make it easy for you, use a password manager like 1Password or LastPass that will generate a long and strong password for each account. You only need to remember the master password and let the password manager do the rest.
3. 2FA everything
You must use 2-factor authentication (2FA) for every service it offers. Use apps like Google Authenticator or Authy instead of SMS-based 2FA, as they are not secure. Hackers can perform a SIM swap that tricks mobile service providers into transferring your phone number to a new device. If you use Authy, be sure to install it on another backup device and then disable the multiple device feature for an added security measure.
4. Consider using hardware-based 2FA
If you have the funds, consider upgrading to a hardware-based 2FA such as Yubico, Google Titan, and Thetis. This changes your 2FA from an app to a physical USB device that you’ll need to authenticate before signing in. Hardware-based security keys are based on the FIDO U2F standard, a security protocol that is difficult to intercept. They provide a quick, effortless way to use 2FA without relying on the app on your phone.
5. Use a crypto hardware wallet
When starting to invest in crypto, most people will store crypto on MetaMask or other online wallets. Because those wallets are still connected to the internet, there is still the risk of attack. It is strongly encouraged that you start using a hardware wallet like Trezor or Ledger, unless you are lucky to have a hacker take all your coins one day. A hardware wallet can be expensive, but it will be worth the expense, especially if you invest in crypto over time and know that it will be safe from hackers.
Watch this video to find out the best hardware wallet available in the market right now.
6. Uninstall all Chrome extensions
Chrome extensions are useful to help improve productivity. However, they can act as keyloggers that can access your data, passwords or other confidential information. Hackers will use this to steal your crypto. So, unless you absolutely trust the extension developer, remove them all. It’s not worth the risk.
7. Use separate browser profiles
If you need to use a Chrome extension for whatever reason, then separate your MetaMask extension to its own browser profile. You can create multiple profiles for all the different wallet extensions you need to use. This prevents hackers from reading and obtaining your data from other chrome extensions.
8. Limit smart contract approvals
When interacting with smart contracts, do not allow unlimited token approvals. This will allow the smart contract to drain all your tokens if hacked. To set limits on your wallet, click ‘Edit’ on Permission and change the spending limit to the amount you want to send. You can use Etherscan’s token approval checker to see which smart contracts you have assigned an unlimited spending limit. Then connect your wallet via Web3 and click the ‘Revoke’ button.
9. Don’t doxx yourself
If you want to send crypto funds to someone else, make sure you use a crypto exchange platform. If you send funds directly from your wallet, you risk doxing your crypto balance as well as your entire transaction history (past and future).
10. Secure your mobile phone
This is especially for those in the United States where there have been many cases of SIM jacking. Telco providers usually do not have a top level of security and with your personal information accessible through the internet, criminals can convince telcos to transfer your phone number to a new SIM card. Once transferred, hackers can get your passwords, especially if you enable SMS-based 2FA. Follow this excellent guide from Kraken on how to secure your mobile number as well as the email address associated with your telco account.
11. Don’t click on ads
Make it a habit to never click on ads – especially Google Search ads. Now that Google has reversed the ban on crypto ads, it is likely that more scam ads will appear. If you want to visit a website, ignore the phishing ads and check out the sites listed below.
12. Be wary of giveaway tweets and DMs
There are tons of scam giveaway messages via tweets, DMs, Youtube ads, Facebook comments and many more. Ignore them all. Don’t waste your time and energy moderating or policing scam messages. If it’s too good to be true, it probably is!
13. Never download or open files from strangers
You never know which file will end up installing a keylogger. If you’re using a Windows laptop, set it to always show file extensions. Do not open zip files from random strangers as they may contain dangerous files mixed with other types of files. Instead, learn to distinguish between data files (documents you can open, edit, save, and delete) and executable files you want to avoid.
File extensions you should avoid if they are not from trusted sources are:
bat, bin, cmd, com, cpl, exe, gadget, inf, ins, inx, isu, job, jse, lnk, msc, msi, msp, mst, paf, pif, reg, rgs, scr, sct, shb, shs, u3p, vb, vbe, vbs, vbscript, ws, wsf, wsh
14. Be careful with cold emails
Scammers can be slick. They can impersonate existing crypto websites’ domain names and send you a scam email. If you don’t pay close attention, you won’t notice the very small difference in the domain name or email address. Can you see the difference in the email address below compared to CoinGecko’s? Notice how there is no dot on the “i” in coingecko.com. This actually happened and shows that scammers can easily add special characters that represent crypto domains that are very hard to spot. This is a scam email — don’t fall for it.
15. Use VPN on public WiFi
When working in a public area, avoid using public WiFi. Instead, use a virtual private network (VPN) like ExpressVPN or NordVPN, which connects to the Internet via an encrypted tunnel that protects your data and identity. With a VPN, you are connected to a server from another location that would access the internet on your behalf. So not only is your data protected, but your location is also hidden.
You can choose the traditional way to save your seed phrase offline by writing it down in your notebook. But paper has its limitations, as it can be destroyed or incapacitated by water, coffee, fire or acid. To mitigate this, you may want to consider using a metal storage tool like Cryptosteel or Cobo designed to protect your seed phrase under almost all rugged conditions.
Invest safely in Crypto
Now that you’ve secured your crypto, you can start investing and HODL without worry. Check out the current cryptocurrency trends and build your crypto portfolio on CoinGecko while earning rewards. Use your candy in our rewards section for discounts on NordVPN, PureVPN, hard wallets and more!
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
