The Golden Rules of Crypto Security
Crypto security is entirely your responsibility — there's no fraud protection, no reversals, no customer support. Lost funds are gone forever. Follow these principles to protect your assets.
1. Use a Hardware Wallet for Large Holdings
A hardware wallet (cold wallet) stores your private keys offline, away from internet-connected threats. If you hold significant amounts, this is non-negotiable.
- Ledger Nano X/S Plus: Most popular. Supports 5,500+ coins. $79-149. Has faced data breach (customer info, not funds). Use with Ledger Live or third-party wallets.
- Trezor Model T/Safe 5: Open-source firmware. Community-verified. $69-169. No known customer data breaches.
- Coldcard: Bitcoin-only, maximum paranoia. Air-gapped transactions. For advanced users.
2. Backup Your Seed Phrase Correctly
Your 12 or 24-word seed phrase is the master key to your wallet. Anyone with it can access all your funds.
- Never photograph it — don't put it in your phone's Photos app, Google Drive, or email
- Write it on paper — in multiple copies, stored in different physical locations
- Consider metal backup — cryptosteel or similar; paper burns, metal doesn't
- Never type it online — no website legitimately needs your seed phrase
- Never share it — with anyone, ever. "Support staff" asking for your seed phrase is a scam
3. Enable Strong 2FA on Exchange Accounts
Use an authenticator app (Google Authenticator, Authy) — never SMS 2FA, which is vulnerable to SIM-swap attacks. Store your 2FA backup codes securely offline.
4. Common Crypto Scams to Avoid
- Fake giveaways: "Send 1 ETH, get 2 ETH back" — always a scam, even if it appears to be from Elon Musk or Vitalik
- Phishing sites: Fake MetaMask, Coinbase, or Uniswap sites that steal your seed phrase. Always verify URLs carefully.
- Rug pulls: New DeFi projects that drain liquidity after launch. Research the team and audit history before investing.
- Social media DMs: Anyone messaging you about "investment opportunities" is a scammer
- Fake support: Scammers pose as exchange support and request screen sharing or seed phrases
- Pig butchering: Romance scams that build trust over weeks before convincing you to invest in a fake platform
5. Exchange Security Best Practices
- Use unique, strong passwords for each exchange (use a password manager)
- Enable withdrawal address whitelisting where available
- Use a dedicated email address for crypto — not your personal account
- Enable anti-phishing codes (Binance feature) to verify authentic emails
- Only keep funds on exchanges that you're actively trading — withdraw the rest to self-custody
6. Safe Usage of DeFi
DeFi adds additional risk vectors: malicious contracts and token approvals that drain wallets. Best practices:
- Use a separate "hot wallet" for DeFi — never your main holdings wallet
- Revoke token approvals regularly via Revoke.cash or similar tools
- Only use established protocols with audited code and significant TVL
- Verify contract addresses on CoinGecko or official project sites before approving
Compare exchanges with strong security records on our exchange comparison page. For hardware wallet prices and reviews, see our hardware wallet comparison.
Remember: In crypto, you are your own bank. Take security seriously.