Top 9 Crypto Security Tips the Professionals Use

Quick Takes

• Spread your digital assets across different wallets, exchanges, etc.
• Maintain custody of your own digital assets (not your keys, not your coins)
• Use decentralized wallets and applications, and avoid centralized exchanges

Why Do I Need Crypto Security Tips?

You need crypto security tips because the fastest way to lose all of your money is to lose all of your coins.

You need crypto security tips because the fastest way to lose all of your money is to lose all of your coins.

In the few years that DeFi has been around, there have been over $10B in losses on scams and cyber-attacks. Companies aren't doing better in this crypto winter, as more and more crypto exchanges are freezing withdrawals without warning. And while you might think that none of these put you at risk, sometimes the risk comes from yourself.

According to Chainalysis, 2 out of every 10 Bitcoins are forever lost on forgotten accounts (hence why there are so many “holders”). That was in 2020 when crypto adoption wasn't nearly where it is today.

The data shows how, every day, countless people lose money on crypto scams, hacks, suspended accounts, lost wallets, and unreliable stablecoins. So if you don't want to contribute to those statistics, it's time for a security check. Here are 10 security tips the pros use to make crypto investing (almost) risk-free.

How Secure Are Crypto Payments?

You see, crypto security is more than protecting against hackers. You may lose your coins because of an unreliable exchange, or because you didn't back up your private keys responsibly. A good security system means that no matter the economic events or mistakes that you make, your coins will be safe.

The safest system in all finance is, in theory, blockchain payments:

• There's no central authority moderating accounts or transactions.
• Only the holder of the seed phrase or private key can use the wallet.
• Payments are fast, worldwide available, and permanent. So there's no chargeback risk.
• Validators get rewards when acting for the network and penalties when against it.
• Hackers need a lot of money to attack networks used by millions of people.

However, there are widespread misconceptions about this security:

• Not all blockchains are created equal. Developers face dependency limitations, better known as the blockchain trilemma. If you try to, say, improve decentralization or security, you will lose in scalability. Different priorities create different blockchains, many of which are experimental and less safe.
• Paying in Bitcoin is NOT the same as paying on Bitcoin. There's a difference between paying with cryptocurrencies vs sending tokens within the blockchain directly. You're using the blockchain when you transfer from a wallet you own (private keys, seed phrase. AKA non-custodial). If you're sending crypto through third parties like Coinbase, they are using the blockchain, not you. So you won't have blockchain security.
• Crypto payments aren't anonymous. It's like looking inside anyone's bank account (except you don't know they are), from the current balance to the full transaction history. Few privacy projects achieve anonymity. Since most are 100% public, security experts might be able to link your wallet to your device and personal identity (especially through VPN and Internet providers that disclose it).

9 Crypto Security Tips The Pros Use

In short, crypto security is very relative to how you use cryptocurrencies. The following 10 security tips are ordered from highest to lowest priority. And if you follow them, your coins will be safer than in a bank.

#1 Diversification: Use More Wallets

Decentralization is the essence of blockchain, and it couldn't be more true for cyber-security. No matter how safe your system is, it's far from perfect. Programmers make mistakes, and so do we when storing crypto.

Chances are you're going to lose sometimes anyway, so why keep all your eggs in one basket? If you spread your risk, you won't have to lose sleep worrying about the 100 different ways of losing. Many risks are unpredictable, but you can decide how much to lose:

• Keep most of your coins on wallets that you own, not exchange accounts
• If having ten different balances is too much of a hassle, your best alternative are multi-signature wallets. It consists of one balance and a list of authorized devices or members, each with its own wallet. While any member can log into the multi-sig wallet, most actions require confirmations from 2 or more devices.

For example, you can create 5 Metamask accounts managed by you and connect them to a Gnosis Safe Vault. One condition might be 3 out 5 confirmations to send crypto outside the wallet. So you would sign into 3 of those wallets and click Confirm or Decline.

#2 Self-Custody: Use Decentralized Wallets and dApps

Most security incidents start with giving away control. And unless you're the only one who can access the wallet, you really can't do much to protect against threats. Trustworthy or not, third-party security creates a single point of failure.

If you can take over the central node, you can manipulate the entire network and breach thousands of user wallets.

Offline "cold" wallets are self-custodial, although not as practical. The best online alternative is Web3 wallet dApps (decentralized applications) like Metamask. It's built exclusively on the Ethereum network, which works like a computer server with no central nodes. (You can't take down the network by shutting down one data center. Ethereum itself doesn't own any servers.)

What happens if you keep most of your coins in custodial wallets? The company might decide to freeze your account, suspend withdrawals, or change terms without notice. And because exchanges manage millions of balances, they're the no.1 target for cyber-attackers.

#3 Decentralization: Avoid Centralized Blockchains

In crypto, decentralization goes hand-in-hand with security. Decentralized wallets are a good first step, but security consists of multiple layers. No matter how safe a dApp is, it can only be as secure as the underlying blockchain (network layer).

As beginners, we might see all cryptocurrencies as decentralized and safe. But if they were secure and efficient, then why would there be so many?

Decentralized blockchains have several validators, fair consensus mechanisms, and systems that prevent users from centralizing:

• Bitcoin has thousands of miners and uses a proof-of-work (PoW) model. It's low-entry and decentralized (whether it's worthwhile or not is a different story)
• Ethereum has over 10,000 validators and uses a proof-of-stake (PoS) model. While PoS tends to centralize more than PoW, it's not that problematic for Ethereum because of its network size.
• BNB Chain selects 21 to 40 validators at once and uses a PoS model variant. One of the most centralized blockchains.
• Solana might seem as decentralized as Ethereum. It has 3,000+ validators and uses a proof-of-history (PoH) model. But validating Solana is expensive, so these validators are actually devices owned by a few hundred users. Not very decentralized.
• Avalanche has 1,200+ nodes and uses a unique consensus model related to PoS. Even though dozens of validators are from AvaLabs (founder company), it's mostly decentralized and accessible for new validators.
• Tron selects 27 validators based on a Delegated PoS (DPoS) mechanism. Tron favors a few validators that stake the most coins, which makes it centralized. It's fast, cheap, and not nearly as safe as Ethereum.

These are the most popular blockchains with dApp ecosystems. So if you're going to store crypto, choose secure networks like Ethereum (Metamask), Avalanche (Avax Wallet), Bitcoin (Bitcoin Wallet), or Cardano (Yoroi). All smart-contract networks have at least one wallet dApp.

#4 Test Payments: Send Tiny Amounts Before Big Transactions

The costliest mistakes are sometimes the dumbest ones. It's not the first time someone sends crypto to the wrong address. Crypto.com lost $7.2M on a typo in August 2022.

While it's standard practice to copy and paste the address, it can still go wrong. Maybe you misclicked a letter, or you chose the wrong network, or the person misspelled the wallet address. When it comes to large amounts, it's worth spending extra fees on test payments.

Whether it's $1,000 or a $1M transaction, start with ~$20. If that payment goes through, then it's safe to send the big bucks. There won't be typos, as the only field you need to change is the amount.

If you don't want to do this every time, consider:

• Adding the wallet to your whitelist, so you can add the address automatically.

Linking your wallet address to a human-readable domain NFT. Yourname.eth is easy to remember and shows the same alphanumeric address.

#5 Liquidity: Use Stablecoins Instead Of Selling

You can only benefit from blockchain security as long as you stay in crypto. The moment you sell for fiat currencies, you're back to the old problems of banks, exchanges, and brokers. Traditional finance isn't decentralized, but DeFi platforms don't support fiat exchanges yet.

Whether you want to protect against volatility or buy goods and services, the best way to “sell” is to buy secure stablecoins. Stablecoins are programmed to always have the same price as the underlying currency. For example, USDL is an over-collateralized stablecoin that regulates its token supply, so 1 USDL is always redeemable for $1 worth of PLS.

If stablecoins are equivalent to electronic money, safer, and just as practical, why not use them instead? More and more businesses accept cryptocurrencies for payments, and eventually, you might be able to buy anything. Stablecoins also give you access to DeFi services (lending, staking, yield farming), which aren't as flexible and profitable as traditional finance (CeFi).

#6 Cold Storage: Create Offline Backups

If you have more crypto than you need, you might be tempted to trade larger amounts, take more risks, or overspend. As you grow your crypto portfolio, it becomes increasingly important to save and invest long-term. But if you're going to hold, there's no reason not to upgrade your security.

Cold storage refers to crypto wallets that you can only access with physical keys. A typical Web3 wallet has private keys hidden in the account settings (so anyone can find them if they have your device and password). But a cold wallet doesn't show them: you need a hardware key (e.g., Trezor, Ledger) or a specific device (e.g., Exodus for desktop, Mycelium for mobile), also called local storage.

A common misconception is to think of cold storage as offline wallets. Only private keys are offline, as all blockchains need the Internet to work. Because the actual balance is online, you can still benefit from features like cold staking and exchanging. If you use a physical Ledger device as the only way to unlock a Metamask wallet, that's a valid cold storage example.

However, cold storage is ineffective if you fail the basics of cyber-security.

#7 Cyber Security 101: Protect Accounts, Connections, And Devices

Think about how essential mobile phones have become for security. This one device allows you to update passwords, recover accounts, or change security requirements. It's not uncommon to save passwords on notes, screenshots, and password managers.

If someone can access your device or primary account, they can unlock everything else. Crypto security starts with basic cyber-security, both on the hardware and software side:

• Have passwords for everything that can reveal sensitive information. Ideally, use different codes and accounts for each.
• Avoid accessing that information when using public Internet connections
• Add biometric locks backed by offline passwords like a USB flash drive, 2FA code, or handwritten keys.
• If you want maximum device protection, consider RFID-blocking cases (fireproof and waterproof), AKA Faraday's Cage. These will block all electronic signals while you're not using the phone.
• If you suspect that a virus is hiding in your device, backup your files and make a factory reset.
• A safe cold-storage alternative is with another device that you don't use. e.g., An old second phone kept offline.

Ironically, it's easier to lock yourself out with a complex security system. So instead of using all these tips, choose the ones you can follow consistently.

#8 Awareness: Follow The Latest News In Crypto Security

Some mistakes are hard to see unless you make them first. But you don't have to lose money if you can learn from other's mistakes. One website to keep track of the news is Web3IsDoingGreat.com.

If you find that a crypto exchange was breached, it might happen to others you use. If some bad news affects the overall blockchain, then everything under it is at risk, from the dApp ecosystem to the price. For example, the previous UST crash motivated the audit of other stablecoins and the development of better ones.

#9 Update: Reevaluate Your Security

As confident as you might be about your crypto security, it can always be better. It's definitely not perfect, and it's better to find those flaws before a cyber-attacker does. Most security problems in blockchain are still undiscovered.

To update security, you can:

• Clear wallets and accounts you don't use.
• Create new ones and change passwords.
• Diversify cryptocurrencies, networks, and stablecoins.
• Open more accounts on companies providing crypto on and off-ramps.

FAQ

Are Crypto Payments Anonymous? Is Crypto Safer Than Cash?

Crypto payments are considered pseudo-anonymous, which means they are identifiable. You can look at the transaction history to identify the account balance, habitual sending addresses, and even IP addresses. Someone with network access (like Internet providers, governments, or intelligence agencies) can find out your identity. So crypto isn't safer than cash.

It might be if you trade crypto for cash in person.

Note that there are privacy coins that do achieve anonymity (like Monero) via mixnets, ring signatures, and other obfuscation methods.

Can Blockchains Be Shut Down?

Well, can the Internet be shut down? Arguably yes, if you can shut down every single telecom company, each with hundreds of data centers. Like the Internet, blockchains will be online as long as there's at least one provider. And because blockchain is online-based, shutting down the Internet would also paralyze all crypto.

Taking over thousands of nodes worldwide is no easy feat. It's expensive and not possible (permanently at least). So if you're using large networks like Ethereum, you can rest assured that it won't disappear overnight (whereas banks might if there's a considerable economic downturn).

Is Crypto Safer Than Banks?

Banks boast of their security with encrypted website back-end, tall buildings, and Government-backed insurance. The question isn't whether someone can steal it or not, but if they can protect your buying power. Banks only have so much liquidity (definitely not enough if everyone decides to cash out at once), and so does the FDIC (trillions of dollars currently uncovered). Not to mention currency devaluation.

If borrowers can't pay back their loans, central banks will order to print money to devalue that debt, reducing your buying power.

Most cryptocurrencies have a limited supply, and the most traded ones tend to gain price long-term. Blockchains are also autonomous, so there's no third party controlling when or how much money you can get out. But a bank can go out of business or reduce withdrawal limits to protect liquidity. Crypto is safer.