Security Guide – How to protect your digital assets

As the popularity of crypto grows, so does the level of activity of cybercriminals who seek to steal it in any way possible, by launching phishing attacks, finding vulnerabilities in the source code, or impersonating people who work for companies to obtain confidential user information such as private keys, passwords, and more.

The biggest challenge in securing your crypto is considering the variety of attack vectors and layers of protection that are necessary to truly ensure your funds are safe. There are three primary layers of security to consider when protecting cryptocurrency funds:

• Network: Are your private keys cryptographically secure? Is the blockchain secure from a network attack (like a 51% attack)?

• Application: Does a third party (exchange or app) control your crypto? How do they store their funds? How is your account login secured?

• Real World: Are you vulnerable to offline attacks? Is your computer/ device secure and encrypted? Is your phone/2FA account safe from attacks? Have you provided recovery instructions to your beneficiaries in the event you die?

Navigating all of these issues can be very challenging, but the good news is there are a growing number of practices and tools designed to help users secure their crypto. There are two crucial practices that every user should familiarize themselves with: self-custody and cold storage, which we explained above.

As a crypto holder and investor, keeping your crypto safe is all you should care about and what your primary job should be. If you understand the risks and learn how to control them, you are set to succeed. Securing your crypto is not complicated but requires a bit of knowledge about how crypto wallets work and how they are used to store your assets.

Being sloppy with passwords or sensitive information could get you hacked or become another casualty of phishing. Most people who lost their crypto shared/exposed their private key (something that should never be done) or if they kept their crypto on exchanges, they used the same passwords for too long on many accounts and maybe they didn’t have 2FA enabled as well.

So what should you do? Let’s take it step by step:

Email is something that everyone has, otherwise you can’t register anywhere on the internet. Email is one of the most important accounts that you must protect very well, and yet most people don’t. What should you do for your emails?

• Email Providers: Use any reputable email provider with 2FA available (e.g. gmail, outlook, protonmail)

• Two-factor authentication (2FA): This is probably the most important thing. Activating 2FA on your email accounts is crucial so nobody can access it even if they got your password.

• The ideal would be to create an email specifically for crypto, and not use the regular email you are using for everything else and you are signing up on websites that can leak your data.

• Look out for Phishing emails. Attackers pray on your emotions, you see this email and start to freak out and click the link without even thinking.

QUICK TIPS FOR EMAILS:

• Don’t trust email links.

• Double check the address bar of login pages.

• Many crypto exchanges allow an anti-phish banner that displays a code with their emails that you set.

• You can check haveibeenpwned.com to see what data breaches your email has been a part of. If your email shows up and passwords are listed on the data that was compromised, assume the worst and change the password and never use it again, along with any other accounts that use that password.

TWO-FACTOR AUTHENTICATION (2FA):

• Enable 2FA on everything possible (Email, Exchanges, social media and every account or app that has any sensitive information).

• Do NOT use SMS authentication. Always use 2FA Apps like Google Auth (with SMS disabled). SIM swap attacks are very common and this method is vulnerable.

• Backup codes: When you activate 2FA on any account you should have the ability to generate backup codes, these are used in case you lose access to your phone or authenticator app (accidentally delete it or anything), you should treat these like your crypto private key / recovery phrases. It’s the only way to recover them.

• DO NOT take pictures of your QR codes, if you screenshot it, might end up syncing somewhere you don’t want it to and if it ever gets compromised they have the ability to continually receive your 2FA code.

CRYPTO WALLETS:

• DO NOT store your crypto on exchanges, especially significant amounts. Always own your keys and be your own bank. Hardware wallets are the most secure wallets.

• Cold wallets (hardware wallets) will always be more secure than any hot wallets as they aren’t connected to the internet.

• Verify the details you are confirming on your hardware wallet device. The wallet app interacting with your cold wallet device could be compromised (especially if you haven’t updated the firmware to the latest version), but you would still be safe using it, as long as you verify each action on the cold wallet device, and reject the transaction if anything seems off. There is known malware which replaces crypto addresses with an address owned by someone else. Before sending a transaction always check if the receiving address is correct.

PRIVATE KEYS - THE MOST IMPORTANT THING:

• Always write down your private keys both on paper and things like steel capsules or titanium backup solutions that are waterproof, fireproof, corrosion-proof, hackerproof, and bulletproof. Ledger.com sells all these so you can buy directly from their website. Another great solution would be Safe Haven’s Inheriti.com, the first and only decentralized inheritance and backup platform.

• NEVER write/save them online or on devices like phones or PC or on cloud and anything that ca access the internet.

• Private keys should always remain private and known only by you. NEVER share them with anyone or type them on any website that promises you giveaways etc.Any website or anyone who asks for your private keys or to send crypto first for something bigger in return is a scam. No exceptions.

Actual hacks in the crypto world are rare, and the most common ways to steal cryptocurrencies are phishing and fraud. Often, users themselves provide private information, not suspecting that there is an intruder in front of them. For example, you can’t “hack” cold wallets, only if you give out your private keys and fall victim to a phishing scam or you have saved your private keys online and hackers steal your information.

Security isn’t a chore, it’s an opportunity. We often find good security measures to be a burden, but the better mindset to have is one where you view security as an opportunity to bring yourself peace of mind in an uncertain and turbulent world. Whatever you choose, think critically about your threats and ensure that you aren’t the reason that your cryptocurrencies suddenly vanish. Stay safe.