# Security Guide
As crypto adoption grows, **cybercriminals** become more active β using phishing, malware, and impersonation to steal your assets.
To secure your crypto, you must consider **multiple attack vectors** and implement strong practices across three layers of security:
## π Three layers of security
### 𧱠1. Network Layer
* Are your **private keys cryptographically secure**?
* Is the **blockchain safe** from attacks (e.g. 51%)?
***
### 𧩠2. Application Layer
* Do you use **trusted apps or exchanges**?
* How are your funds stored?
* Is your **account login secured** with strong passwords and 2FA?
***
### π 3. Real-World Layer
* Are your devices **encrypted and secure**?
* Is your 2FA setup safe?
* Have you set up **inheritance or recovery** instructions in case of death?
{% hint style="info" %}
Your **#1 job** as a crypto holder: **Protect your funds.** Self-custody and cold storage are key.
{% endhint %}
***
## π¨ Common Mistakes That Lead to Loss
* Reusing weak passwords
* Skipping 2FA
* Sharing or exposing **private keys**
* Saving keys or passwords online
***
## π§ Email Security for Crypto
#### π Why Email Is Important
Your email is the **gateway** to all your crypto accounts. It must be locked down.
#### β
Best Practices:
* Use trusted providers: Gmail, Outlook, Protonmail
* **Always enable 2FA** on your email
* Create a **separate crypto-only email**
* Be wary of **phishing emails** that try to scare or trick you
#### β‘ Quick Tips:
* Never trust email links
* Double-check the domain of login pages
* Use anti-phishing banners if your exchange offers one
* Visit [haveibeenpwned.com](https://haveibeenpwned.com) to check for data breaches
***
## π Two-Factor Authentication (2FA)
#### π² What You Need to Know:
* Enable 2FA **everywhere** (email, exchange, wallet, social media)
* Use **authentication apps**, NOT SMS (SMS is vulnerable to SIM swaps)
#### π‘οΈ Backup Codes:
* Store them **offline and securely** - like your recovery phrase
* NEVER screenshot QR codes or save them online
***
## πΌ Crypto Wallet Safety
#### β
Best Practices:
* **Donβt store large amounts** on exchanges
* Use **hardware wallets** (cold wallets) for long-term storage
* **Verify all details** on your wallet screen before confirming
* Be cautious of malware that swaps addresses β **double check recipient address**
***
## π Private Keys: The Most Important Thing
* Write down your keys on **paper or metal backups** (fire/waterproof)
* NEVER save private keys:
* Online
* In your phone
* On cloud services
* Donβt share keys with **anyone**
* Beware of **giveaway scams** asking for keys
{% hint style="warning" %}
If someone asks for your private key β it's a scam. No exceptions.
{% endhint %}
***
## π§ Final Thoughts
> Hacks are **rare** β most losses are due to **user error**, phishing, or negligence.
Remember:
* Cold wallets are **unhackable** unless **you give away** your private keys
* Security is not a chore β it's your opportunity to have peace of mind
{% hint style="success" %}
Think critically. Stay informed. Protect your future.
{% endhint %}
***
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.anodos.finance/education/security-guide.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.