Best security practices for Crypto Holders you can follow to stay safe.

Best Security Practices for Crypto

Crypto is a very dangerous and adversarial place. If you are not careful, you risk having your valuable cryptocurrencies stolen from you. I have compiled some of the best practices you can follow to stay safe while holding your Crypto

Don’t reuse Passwords

Your password has most likely been compromised in security incidents from the hundreds of websites that you have signed up for. Always use unique passwords. If you want to see which websites have leaked your passwords previously, visit

Use a Password Manager

If you need to use a unique password for each website, how do you remember them all? Use a password manager like 1Password or LastPass to generate long, strong passwords. Remember only the master password and let the password manager do the rest.

Make use of 2FA for everything

You should use 2-factor authentication for every service that offers it. Don’t use SMS-based 2FA as it’s not secure. Use apps like Google Authenticator or Authy. If you use Authy, make sure you install it on another backup device and then disable multi-device.

Consider using Hardware-based 2FA

If you have the funds, consider upgrading to a hardware-based 2FA like Yubico, Google Titan, Thetis and others. This changes your 2FA from an app to a physical USB device that you will need to authenticate before logging in.

Make use of a Crypto Hardware Wallet

If you have crypto on MetaMask or other wallets, you MUST use a hardware wallet like Trezor or Ledger. Without using a hardware wallet, you are just waiting for a hacker to take away all your coins one day. Spend the money to invest in one.

Don’t install or uninstall all Chrome Extensions 

Chrome extensions are useful to help improve productivity but some extensions are rogue. They may have excessive permissions to read your data so unless you absolutely 100% trust the extension developer, uninstall them all. Not worth the risk.

Use separate browser profiles

If you must use a Chrome extension, then separate out your MetaMask extension to its own browser profile. You can create multiple profiles for all the different wallet extensions you need to use. This guide will help you.

Limit smart contract approvals

When you interact with smart contracts, don’t give unlimited token approvals. This allows the smart contract to drain all your tokens if it goes rogue. Here’s a step-by-step on how to set limits and revoke contracts.

Don’t Doxx Yourself

Whenever possible, use an exchange to send crypto funds to someone else. When you send funds from your wallet, you doxx your crypto balance and your entire transaction history (past & future). @FTX_Official allows zero-fee transfer with some FTT staking.

Secure your Mobile Phone

This is especially prevalent for US telcos where there have been many incidences of SIM-jacking. Follow this excellent guide from @krakenfx on how to secure your mobile number.

Avoid clicking on ads

Make it a habit to never click on ads – especially Google Search ads. Take a look at these phishing ads targeting blockchain and myetherwallet. I am worried that more scam ads will appear again now that Google has reversed the ban on crypto ads.

Always be careful of Giveaways, Tweets and DMs

There are tons of such scam giveaway tweets, DMs, Youtube ads, Facebook comments etc. It’s all over the place and very hard to moderate and police them all. Ignore them all. If it’s too good to be true, it probably is!

Never download or open files from strangers

You never know which file will end up installing a keylogger. Configure your Windows laptop to always show the file extension. Don’t open ZIP files from random strangers

Be careful with cold emails

Can you spot the scam in the email below? Notice how there is no dot in the “i” in Scammers have registered special characters representing crypto domains and it is very hard to spot. This is a scam email – don’t fall for it

I may have missed out on some other security best practices, so please do share them in the comments below and let’s make crypto safer for everyone.

Credit: Bobby Ong

Leave a Reply