Crypto is a very dangerous and adversarial place. If you are not careful, you risk having your valuable cryptocurrencies stolen from you. I have compiled some of the best practices you can follow to stay safe while holding your Crypto.
Don’t reuse Passwords
Your password has most likely been compromised in security incidents from the hundreds of websites that you have signed up for. Always use unique passwords. If you want to see which websites have leaked your passwords previously, visit https://haveibeenpwned.com.
Use a Password Manager
If you need to use a unique password for each website, how do you remember them all? Use a password manager like 1Password or LastPass to generate long, strong passwords. Remember only the master password and let the password manager do the rest.
Make use of 2FA for everything
You should use 2-factor authentication for every service that offers it. Don’t use SMS-based 2FA as it’s not secure. Use apps like Google Authenticator or Authy. If you use Authy, make sure you install it on another backup device and then disable multi-device.
Consider using Hardware-based 2FA
If you have the funds, consider upgrading to a hardware-based 2FA like Yubico, Google Titan, Thetis and others. This changes your 2FA from an app to a physical USB device that you will need to authenticate before logging in.
Make use of a Crypto Hardware Wallet
If you have crypto on MetaMask or other wallets, you MUST use a hardware wallet like Trezor or Ledger. Without using a hardware wallet, you are just waiting for a hacker to take away all your coins one day. Spend the money to invest in one.
Don’t install or uninstall all Chrome Extensions
Chrome extensions are useful to help improve productivity but some extensions are rogue. They may have excessive permissions to read your data so unless you absolutely 100% trust the extension developer, uninstall them all. Not worth the risk.
Use separate browser profiles
If you must use a Chrome extension, then separate out your MetaMask extension to its own browser profile. You can create multiple profiles for all the different wallet extensions you need to use. This guide will help you.
Limit smart contract approvals
When you interact with smart contracts, don’t give unlimited token approvals. This allows the smart contract to drain all your tokens if it goes rogue. Here’s a step-by-step on how to set limits and revoke contracts.
Don’t Doxx Yourself
Whenever possible, use an exchange to send crypto funds to someone else. When you send funds from your wallet, you doxx your crypto balance and your entire transaction history (past & future). @FTX_Official allows zero-fee transfer with some FTT staking.
Secure your Mobile Phone
Avoid clicking on ads
Make it a habit to never click on ads – especially Google Search ads. Take a look at these phishing ads targeting blockchain and myetherwallet. I am worried that more scam ads will appear again now that Google has reversed the ban on crypto ads.
Always be careful of Giveaways, Tweets and DMs
There are tons of such scam giveaway tweets, DMs, Youtube ads, Facebook comments etc. It’s all over the place and very hard to moderate and police them all. Ignore them all. If it’s too good to be true, it probably is!
Never download or open files from strangers
You never know which file will end up installing a keylogger. Configure your Windows laptop to always show the file extension. Don’t open ZIP files from random strangers
Be careful with cold emails
Can you spot the scam in the email below? Notice how there is no dot in the “i” in http://coingecko.com. Scammers have registered special characters representing crypto domains and it is very hard to spot. This is a scam email – don’t fall for it
I may have missed out on some other security best practices, so please do share them in the comments below and let’s make crypto safer for everyone.
Credit: Bobby Ong