Since the advent of Bitcoin in 2009, the global cryptocurrency market has grown significantly, attracting a wide range of investors. But despite this, the cryptocurrency market is hardly regulated, prone to volatility, and vulnerable to both scammers and cybercriminals. It’s imperative to keep your funds safe, and in this guide, we outline top tips for using cryptocurrency safely, including how to protect crypto from hackers and how to protect your crypto wallet.
It’s essential to be aware of cryptocurrency security risks. These include:
: For example, you might receive an email threatening to reveal compromising photos of you if you don’t pay a ransom in Bitcoin. Or you might receive a suspicious message congratulating you for winning a rare or a large amount of crypto. Crypto scams are prevalent, so be aware of malicious actors that could be attempting to steal your money.
Limited legal protections: Whereas payments with traditional debit or credit cards typically offer certain security features, crypto doesn’t. For example, with some card payments, you may not be liable for fraudulent purchases made in your name. This isn’t usually the case with cryptocurrency. If you lose money to a crypto scammer, you are unlikely to get it back.
You can’t take back a cryptocurrency transaction: Cryptocurrencies typically use blockchain technology to create a secure, public, and un-editable ledger of transactions. This technology provides security benefits but also means that crypto transactions are generally not reversible after the fact. If you pay someone with crypto, there’s typically no third party you can appeal to process a refund if things go sour.
These are just some of the security risks associated with cryptocurrency, but there are others that continue to arise as the crypto landscape evolves – so it’s important to stay informed.
Here are our top tips to help you understand crypto wallet safety, crypto password safety, and how to use digital currency safely.
Before getting involved with cryptocurrency, it’s important to become knowledgeable about it. That means researching the different types of cryptocurrencies, each blockchain, and what types of software to use. It also means keeping up to date with the latest cryptocurrency scams and learning about crypto safety tips like these. Online cryptocurrency forums can be useful places to get ideas and tips to supplement your own research.
Storing most of your crypto in a secure wallet should give you some protection from theft. A crypto wallet is a software product or physical device that stores the keys to your cryptocurrency accounts. Crypto wallets allow you to transfer funds between crypto types and make transactions while keeping your investments protected. There are various types of cryptocurrency wallets, so research which one is best for you and your accounts.
When you first buy cryptocurrency, it will usually be in an exchange account. If a hacker obtains access to this account, they can withdraw your crypto to a wallet address under their own control. One of the best ways to thwart these attacks is to enable two-factor authentication (2FA) for withdrawals in your exchange app. 2FA requires you to input a code from your phone every time you make a crypto withdrawal. If you don’t have 2FA enabled, you have to rely on the security of your email address and password to protect your crypto – reducing your protection against cyber criminals.
By monitoring your crypto accounts regularly, you can keep an eye on any suspicious transactions, as well as bots that monitor the state of your wallet and notify you about any transactions Keeping up to date with crypto news means that in the event of a breach, you can make a timely report of any losses you may have had. For added security and protection, it’s a good idea to change your login credentials regularly.
Hackers often use social engineering to enact crypto scams. This can include using phishing emails to gain access to users’ crypto accounts. When receiving emails, be wary of addresses that seem slightly off, odd spelling and grammar mistakes, and any links or attachments added to the message. Stay away from supposed giveaways on social media, and always double-check any crypto website or app. Being cautious and alert when you are online is an important step to ensuring your account safety.
Exchanges often have millions of dollars’ worth of crypto stored in them. This makes them attractive targets for scammers. You can minimize your exposure to this risk by withdrawing your cryptocurrency from the exchange. To do this, you’ll need to download a wallet and set it up on your PC, then instruct your exchange to send your crypto to your new wallet address. Once you’ve done this, an attacker can no longer steal your crypto by gaining access to your exchange account or hacking the exchange itself. Instead, the attacker would effectively need to compromise your PC or steal your private key to get to your crypto. Withdrawing your crypto can be a simple and effective way to reduce the threat of crypto theft.
The longer the password, the more difficult it is to crack. If a password has both capital and lowercase letters, numbers, and special characters, then it’s even more difficult to crack. Avoid using the same password on multiple platforms and remember to change your passwords periodically. You can read more about strong passwords here. If you struggle to remember your passwords, don't store them in plain text. Instead, consider getting a secure password manager.
When you’re away from home and need to connect to the internet, free public Wi-Fi at a restaurant or coffee shop may seem like a convenient option. However, when you’re carrying out sensitive transactions such as crypto trading, it’s advisable to avoid public Wi-Fi. One of the risks of public Wi-Fi is that people nearby can potentially intercept your internet traffic. They can use the information they receive to determine if you are visiting crypto sites. In some circumstances, they may even be able to view your transactions.
That won’t necessarily allow them to steal your crypto, but a scammer may decide to pay a lot more attention to you if they see you making high-value crypto transactions or simply browsing crypto sites.
Using secure internet to log into your crypto accounts means more than avoiding public Wi-Fi networks and staying away from suspicious sites. If you do most of your crypto trading from home, you should set up a basic security infrastructure. This means making sure your internet is secure by testing your firewall for weaknesses and ensuring your anti-malware software is set up properly and up to date. It also means creating a strong password for your wireless router—most of them come with default passwords. Enable network encryption, disable network name broadcasting, and make sure to always keep your router software up to date. Find out more about setting up a home network securely here.
One of the best ways to protect your crypto is to use a hardware wallet, a USB device that can store your key vault. It is designed so your seed words cannot be moved out of the device unencrypted. A hardware wallet has no internet connection, so it’s extremely difficult for an attacker to infect it with malware.
Each time you transact using a hardware wallet, you have to connect it to your PC or mobile device through USB or Bluetooth. A signature is produced from within the wallet and sent to your internet-connected device, which allows you to carry out transactions without exposing your key to a possibly malware-infected device. Hardware wallets also have PIN codes, so the attacker would have difficulty obtaining your crypto even if your wallet is physically stolen. That said, if you lose your hardware wallet or it is stolen, then it’s advisable to transfer your crypto out of the wallet’s address as soon as you can.
The main disadvantages to hardware wallets are inconvenience and cost. Hardware wallet transactions often take longer than software ones, and depending on where you keep your wallet, you may have to take time getting it from wherever it’s stored. So, if you’re only storing a small amount of crypto, then you may not want to spend money on a hardware wallet. If you have a significant cryptocurrency holding, then it may be worth it.
A common scam used to steal crypto is to deceive a person into downloading a fake wallet or trick them into using a fake application. For example, scammers may offer fake versions of the popular Ethereum wallet, MetaMask. They might even advertise these fake wallets on Facebook or Google.
The best way to avoid this type of scam is to only download a wallet from the developer’s official website, which means avoiding click-through advertisements on search engines or social media sites. You may also want to avoid using searches in Google Play or the iOS App Store to find wallets, since these stores have been known unintentionally to display fake wallets near the top of search results. Most developers offer direct links to their mobile wallets from their official websites, so using a mobile app store search engine usually isn’t necessary anyway.
When you download wallet software and start to set it up, you are usually asked to back up your seed words. Also known as a ‘secret recovery phrase’ or ‘master key’, seed words are a series of words used to cryptographically derive all your account keys. You can use your seed words to recover your accounts if your device crashes. Anyone who has access to your seed words has access to every account tied to these words.
If you’re new to crypto or simply in a hurry, then you may be tempted to skip this step or simply take a screenshot to use as a backup. But this isn’t a good idea. A better approach is to write down your seed words on a physical piece of paper and store the paper in a safe place where it can’t be destroyed. If you’re worried about losing your physical copy, you can even write down your words on multiple pieces of paper and store them in different secret hiding spots. Some people use fireproof, waterproof safes for storing your seed words. The important point is to store them on a physical thing that can’t be erased.
If you use a browser-extension wallet, it will ask you for your crypto password frequently. If you close your browser and reopen it, it will ask for your password. If you step away for a few minutes, your wallet will close, and will ask for your password when you come back. But a browser-extension wallet such as Metamask, Coinbase wallet, or Brave wallet will ask for your seed words only the first time it is installed.
If you are browsing the web and come across a window that resembles your wallet and asks for your seed words, be aware that it could be a malicious website. The safest way to deal with this is to close the tab and clear your browser’s cache. If you think your wallet is malfunctioning, then you can uninstall it and reinstall it from a blank browser page. That should help ensure you are really interacting with your wallet and not a web app on a particular page.
Another way to avoid attention from scammers is to subscribe to a VPN service. A good VPN will encrypt your communications and hide your online activities from potential intruders, while hiding all cryptographic activities from your Internet Service Provider (ISP).
A risk with any kind of online transaction, including crypto transactions, is man-in-the-middle (MITM) attacks. A VPN can help prevent these attacks. In an MITM attack, the hacker breaks your connection with a website you are visiting and injects their own device between you and the site. They then pass on your data to the site you intend to interact with, making it appear that you are connected as normal. But now they can monitor everything you are doing.
The information a scammer gets may tip them off that you are a crypto user, which may lead to them using other methods to get to your crypto investments, such as showing you fake sites or convincing you to install a fake wallet. Using a VPN can provide useful protection.