If you’re unfamiliar with the crypto world, it can certainly seem like investing in cryptocurrency puts you at a higher risk of getting hacked and having your money stolen. When you consider that the cryptocurrency world is still unregulated, it can seem like it’s difficult to practice safe crypto investing and protect your investments from thieves.
After all, major scams make the news all the time, such as hackers stealing $196 million worth of crypto from the BitMart exchange in December 2021, or when the Poly Network exchange was hacked and thieves made off with $600 million worth of crypto.
However, it’s important to keep in mind that blockchain technology itself is incredibly secure and resistant to attacks. While hacks and scams certainly do happen, if you take certain precautions and do your research before investing in crypto or joining a particular exchange, then you can help lower your risk of becoming a victim of an attack.
1. Install antivirus software
A basic security measure that you probably already do is to have antivirus software installed on all your devices. This will help protect you from any malware that could be hiding behind things that you download to your computer.
Even if you’re downloading something from a legitimate company’s website, it’s still possible for malware to be hiding within it. In addition, antivirus software can help protect you in the event you accidentally click on any phishing links in your email.
- Simple to install
- Already commonly-used
- There are options with affordable subscriptions
- Won’t protect against SIM card swapping
- There’s still a potential to come across phishing/social engineering scams
2. Use a virtual private network
Use a virtual private network (VPN) to help you maintain data security and privacy online, especially when you’re on a public WiFi network. Without a VPN, potential hackers can gain access to your data and browsing habits.
So if you’re making crypto transactions on an unsecured, public WiFi network, you risk having this data exposed.
A VPN works by masking your device’s IP address so that your internet connection is secure and your browsing and online movements can’t be tracked by thieves.
- Easy to install
- Most antivirus software companies also offer VPNs
- Relatively affordable
- Won’t protect against SIM card swapping
- There’s still a potential to come across phishing/social engineering scams
- Helps boost security but doesn’t directly protect your crypto
3. Never click on links in your email, even if they appear to be legitimate
Social engineering scams are different scams where the hackers pose as legitimate representatives from an official company and ask for your personal information. Phishing is just one type of social engineering scam.
While you probably already know not to click on any links you find in suspicious-looking emails or text messages, the social engineering scams used by cybercriminals today can be much more complex.
For example, say you keep your crypto on an exchange. It’s entirely possible for a criminal to “spoof” the company’s actual email address, send you a link asking you to log in to your account, and then spoof the actual website and login page.
The spoofing could look so real that there is no way to tell the difference between the fake website and the real one. And once you enter your account information, your crypto is pretty much gone.
Not to mention, if you use your email address as your login, then the hackers can use that to get access to other accounts as well.
So what do you do in this scenario? The best thing to do is NOT click on any links sent over email, even if they appear to be from the actual company. Instead, go directly to the company site and log in from there.
- Avoiding links will ensure you don’t fall victim to phishing scams
- Hackers won’t be able to access your login info
- Doesn’t directly protect your coins from crypto theft
4. Use a password generator
The next tip for safe crypto investing is also another obvious safety measure: don’t reuse your passwords! And more importantly, when creating a new password for your account on a crypto exchange, use a password generator to make sure your password is sufficiently complex, with letters, numbers, and special characters.
- Makes it more difficult for hackers to identify your password
- Criminals can’t use the same password for different accounts
- An important first layer of security to prevent crypto theft, but still doesn’t offer ultimate protection or authentication
5. Use two-factor authentication
The next layer of security after your password is making sure you have two-factor authentication (2FA), or even multi-factor authentication (MFA). However, SMS 2FA—the kind that sends a text message to your cell phone with the code—is not sufficient and can leave you vulnerable to attack. The same goes for email.
Instead, the next best option is to use an authentication app, such as Google Authenticator. Even better, if you want the ultimate level of protection you can purchase a hardware authentication device. Because this device is offline, there is no way for the code to be stolen.
- Makes it impossible for hackers to log in to your account with just your email and password, they will also need to get the code
- Still vulnerable to SIM swapping
6. Take your crypto off of exchanges!
Any crypto enthusiast will likely tell you: take your coins off of exchanges if you want to minimize the risk of crypto theft! And if you have a large investment, you should definitely take this advice.
There are many options for software (hot) and hardware (cold) wallets. Software wallets can be used on your desktop or as an app on your mobile device. Many of them typically have built-in exchanges and allow for staking and other rewards opportunities. However, they come with their own fees.
For the ultimate protection, a hardware wallet will be your best bet. These are offline, physical devices that store your crypto more securely than any online option.
But even still, there are extra measures for safe crypto investing you should follow to make sure you’re protecting your hardware wallet, which we’ll get into next!
- Wallets are harder for cybercriminals to get into compared to exchanges
- Gives you direct ownership of your crypto
- Cold wallets are the best option for avoiding crypto theft (but even still you need to be careful)
- It’s more convenient to leave your crypto on the exchange if you’re doing a lot of trading
- Hardware wallets can be on the pricier side, so it may not be worth it to purchase one unless you have a larger investment
7. Use multiple wallets and exchanges
You’ve probably heard you shouldn’t keep all your eggs in one basket when it comes to diversifying your investment portfolio. However, the same holds true for where you keep those investments.
For the ultimate protection, spread out your investments across multiple wallets and/or exchanges. This way, if one ends up compromised, the rest of your investments will still be safe.
- If one wallet or exchange is hacked, the rest of your investments will be safe
- Keeping track of multiple platforms, passwords, private keys, and transactions is less convenient and can be hard to organize
8. Keep your private key and recovery phrase non-digital
Ok, so what keeps hardware wallets from being completely hack-proof? If you have an offline device, what more could you need to do to ensure you’re practicing safe crypto investing?
Well, when you open a wallet, whether hot or cold, you will be given a private key and recovery phrase (also known as a recovery seed).
It’s critical that you don’t lose either of these because you will need them in the event you lose your wallet. So if your wallet ends up stolen, your crypto will still be safe because hackers won’t be able to do anything without the private key or recovery phrase.
So, what’s the problem with this? Most people find it convenient to take a photo of their private key and recovery phrase and store it on their device for quick access, or even store it in a text file.
So if hackers get access to your device, for example through a SIM swap, then they can access this photo and then use the information to get into your hardware wallet. When that happens, your crypto is as good as gone.
And even if you delete the photo from your device, it can still make it to your cloud storage, which hackers would also have access to in a SIM swap. We’ll get more into what a SIM swap is next.
For this reason, you should only ever write down this crucial information and keep it as a hard copy—no digital versions at all. And then, keep that hardcopy in a secure location where you won’t lose or forget it.
- Cybercriminals could not hack their way to your private key or recovery phrase information, they would need to physically steal it from a physical location
- You’ll need to ensure you keep this written information in a secure physical location where you can’t lose or forget it. If you lose it, you’ll never be able to access your crypto again.
9. Use fake phone numbers to avoid SIM card swapping
So, what is SIM card swapping? This scam involves criminals gathering as much information as they can on you, whether through phishing or just researching you online, and then approaching your mobile carrier and posing as you to ask for a new SIM card or help switching to a new mobile device.
If they successfully do this, then they control your phone number on their own device. This effectively gives them access to all of your accounts, because from there they can reset your passwords, take over your 2FA apps, and lock you out of your accounts.
The solution to preventing this kind of crypto theft is to keep your mobile carrier number separate, and instead use fake phone numbers and fake email addresses when setting up your crypto exchanges, wallets, and authentication apps. There are plenty of apps out there that can help you get fake numbers to use.
- Even if hackers get access to your mobile carrier number, they still won’t be able to access your crypto accounts, or any other accounts attached to a different phone number
- If you have multiple exchanges and wallets, using different numbers and email addresses for all of them will give you maximum protection and make it nearly impossible for hackers to find the correct number
- Less convenient having to keep track of multiple phone numbers and email addresses
What does the future of safe crypto investing look like?
In 2020, the Ledger hardware wallet suffered an attack from thieves who stole their customers’ data. While the customers’ crypto and wallets remained safe, the hackers made off with their addresses and shipping information.
This only goes to show that you should never assume you’re completely safe from hackers, because even crypto exchanges and wallets have work to do to make sure they protect their customers’ data.
You should always make sure you’re doing all that you can to protect your investments, including researching the reputation of the exchange or wallet you’re considering using.
As the crypto market continues to grow and more people become interested in investing, hackers will keep trying to target those who don’t have a good understanding of cryptocurrency. Use these nine security and authentication tips to help you practice safe crypto investing and avoid becoming a victim of crypto theft.
About the Author
Michael Hearne
About Decentral Publishing
Decentral Publishing is dedicated to producing content through our blog, eBooks, and docu-series to help our readers deepen their knowledge of cryptocurrency and related topics. Do you have a fresh perspective or any other topics worth discussing? Keep the conversation going with us online at: Facebook, Twitter, Instagram, and LinkedIn.