There are many mistakes you can make, which will compromise your crypto security. This means that there’s a strong chance that you could one day lose your crypto or worse. So in my video today, I’m going to be taking you through some of my top security tips, those that are simple to implement and can save you from potential losses in the future. This folks is a video that you just cannot afford to miss before we progress. Lest i forget, there is something i need to stress.
There will be no financial advice today, as education and information is my only forte doing your own research is the only way to stay ahead in the crypto game. Now, with that out of the way, i’d like to say hey to those new here today, my name’s guy and i’m the reason why the coin bureau is relied on by so many time after time, news reviews, overviews, market moves and market blues too. So if that’s something that’s up your street, then it would be mighty neat if you gave that subscribe button a beat. You may also want to repeat that and hit that bell as well. So youtube will give you a yell when my next video is about to cast its spell.
And finally just so you know, i’ve broken up the video timeline below. If you feel i’m going too slow, then it’s fine to jump to different sections of the show, but watching the whole way through helps the view time grow. Okay, that’s quite enough sound and fury, let’s dive in to some crypto security. Let’S start this list with perhaps the most obvious security tip. Now this is one that’s generally accepted, but rarely practiced, because so many people find it just a little too inconvenient, and that is password use if you’re setting up a wallet exchange, account lending platform or anything web related, even if not crypto, be sure to use an Extra strong password, a password that has no relation to you or dates relevant to you or those around you.
You have no idea how sophisticated hacking tools are. These days, hackers have access to tools that are able to very easily crack passwords with brute force attacks. Often they use a list of commonly used passwords that can be easily bought on the dark web, usually password lists that come from well-known data breaches. There is a strong chance that your password could be among the millions that they can fire in the hope of landing. A lucky shot heck.
It’S also pretty likely that your details were present in a data breach back in the day, meaning some bad people out there have your password. That means that they can potentially access your account, especially if you make this second schoolboy error and that’s reusing passwords now i’ll admit i am still sometimes tempted to do this. It’S just such a hassle to store numerous different passwords and set them up for different accounts. Time is so short these days and we never think that it will happen to us, but it has, and it does so if you want to be extra secure with your passwords, then you’re going to want to use extra, strong and unique passwords for all your different Accounts now these passwords can be generated using online tools and i’ve linked to a few below now something that a lot of people have asked me for my view on is password managers. Well, they can be a useful tool, especially if you’re using multiple strong passwords for numerous different accounts and logins, but there are risks that come with them, of course, the main one being that they are a single point of failure.
If someone is able to get access to your password manager, then they can get the keys to your entire kingdom. So if you’re going to be using password managers make sure to only use the desktop versions of them, i.e, not cloud or browser-based. Also, i would highly advise against storing any wallet seed words here or hardware wallet pins more on those in a bit. I would also do your own research on these password managers and make sure that, if you’re going to be using one for your less sensitive passwords, you enable two-factor authentication of some kind, and this neatly brings me on to my next top tip.
Yes, you should always set up two-factor authentication. This includes for your exchange, accounts, emails, bank accounts and even social media, etc, etc. I’D also suggest that you use a phone-based 2fa and not an email one in case your email is compromised. Now, when i say phone based, i mean, via the use of an authenticator app like microsoft, authenticator, google, authenticator or authy the one phone based two-factor authentication method that you should, however, avoid is an sms based one. This is because of a pretty common attack, vector called a sim swap.
Basically, this is when a hacker or other nerdy well is able to gain access to your phone number through your phone or network provider. They trick them into moving the number over to a phone that they control and they can then use this in order to change all your passwords gain access to your emails and eventually your crypto stash. This has happened too many times to count and some have been able to steal upwards of a hundred million dollars pretty crazy. So just don’t use sms-based authentication, it’s not worth the risk, get an authenticator app instead. Now, if you want to take your two-factor authentication to the next level, then you can use what is called a security key.
This is basically a usb device that you can sync with your online accounts. These could be your email accounts like google, etc, or your exchange accounts. Therefore, in order to log into your account, you’ll need to physically have access to one of these devices. Now everyone on the coin bureau team uses them and they are perhaps the gold standard in 2fa security. I personally use the google security key, but i see that these have been out of stock for a while, basically supply chain problems really have become a feature of life.
These days, haven’t they anyway, another one that i’ve seen being recommend constantly. Is the ub key i’ve? Not personally used it, but if it does what it says on the tin, then it should be a-okay. So that’s two-factor authentication, quite the gold standard for securing accounts right. Let’S now kick our security up.
Another notch. My next tip is to have different email addresses, based on how important the service is that you’re signing up for now. I know this can be quite a pain and an inconvenience, but there is a very good reason for this. That’S because, in the event that your email is ever leaked in a data breach, the hackers won’t have the actual email that you use for your banking or exchanges, etc. So, for example, you can use a simple gmail email account for all your personal stuff, like newsletters, social media, online shopping, etc.
These are the databases that are more likely to be breached. Therefore, if they are breached and your email is leaked, it won’t help those who have it as it’s, not the email that you’ve used for those exchanges and other high value honeypots. Now a recent example of all this was the ledger: hardware wallet data breach from last year, in that the hackers got their greasy mitts on the email addresses of countless users. These could easily have been used to try and gain access to exchange accounts, mainly because they knew the users held crypto. However, if it was a different email from the one the user had for their exchange accounts, then the hackers would have struggled to log in then for your main, secure account.
You can use another email service provider, one, that’s, perhaps more secure and private than gmail. Protonmail is a good one, but there are many others now. If you want to take this email account solution one step further, then you can also do what i do and that is to have a different email address for each of the exchanges that i sign in with. I then have all of these email addresses auto forward. Those emails to my main account, so why would i do this?
Well that way, if one of the emails for those exchange accounts at all lands up in the wrong hands, then the hackers are not able to attempt a takeover of other exchange accounts. I keep the separate email addresses isolated from one another, and if one of the emails ever lands up in a breach of any kind, then i can just discard it and get a new email set up with the account now, of course, i do realize that this Might sound like overkill, but it’s a system i’ve got used to, and moreover, this exchange email point ties in to my next top tip and that is to have more than one exchange account. Now. There are a number of reasons for this, both from a security as well as a practical perspective. Firstly, if you have your hot coins split across a number of different exchange accounts, then there is yet again one less point of failure.
These points of failure are not only related to the risk of potential hacks on exchanges, but also in those periods when the exchanges go down, as they often do. I’M sure that you’ve experienced times when you can’t log into your account just when the markets are going ape now. Those of course are exactly the times that you might want to buy the dip or take some profit. It’S incredibly frustrating, if you can’t log into your. Only exchange account to do that.
It’S not only about having more than one exchange account, though. It’S also about making sure that the exchanges that you’re using are safe and reputable while there are a lot of reputable exchanges out there. There are also plenty of bucket shop exchanges, too exchanges that could either lose access to your coins or your documents, both pretty damaging. Now i actually have a video that takes you through some of my best exchange picks for the year, and you can find that in the top right anyways beyond just the security aspect of having more than one exchange account. It’S worth noting that different exchanges often support different cryptocurrencies.
You won’t often find that hot new altcoin on the exchange you prefer so a backup exchange is a great way to hedge against that now, even if you may have your crypto split across numerous exchanges, you should never leave the bulk of your crypto on any exchange. Account – and this brings me on to my next tip – and that is to self-custody your crypto now by that i mean you, withdraw the crypto from the exchanges and you store it in an offline wallet. The main benefit of this is that you fully control your crypto. Just as satoshi intended now, of course, you also bear the responsibility for keeping it safe, but that’s why you have to make sure you employ other security measures that i’ll be talking about later on. Now there are a lot of offline wallets out there, that you can use pc browser and mobile, all free, of course, and i’ve done a video on the best ones which i’ll leave a link to in the description.
Now, although these offline wallets are great, they just aren’t the gold standard when it comes to offline security. If you want that, then you’re going to want to cold store your coins, basically storing your coins disconnected from the internet or air gapped. This can be done in a number of ways with offline wallets or paper wallets, but it’s complicated and not 100 fail-safe. That’S why i highly recommend that you get yourself a hardware device. These are physical, wallets that store your private keys on them and are connected to your pc through a usb cable.
The main benefit of these devices is that your private key is never exposed to the internet. This means that, even if someone was to install malware on your pc, they could not exfiltrate private keys, and even if someone is to get their hands on your device, they still can’t get hold of those private keys, because the wallet is encrypted and protected. With a pin code, if you want to sign transactions, you will have to first enter that pin code. Now i store 95 of my crypto wealth on these devices, and i have several of them just for extra precaution. Apart from the security aspect, these devices are also incredibly user friendly and there are several different types, brands and models available.
I won’t go into each of them here, but if you want my list of the top hardware wallets as well as those that i personally use feel free to watch my video all about it, that’s in the usual spot, something else that’s really beneficial about these hardware. Wallets, though, is that they have integrations with a whole host of third-party wallets and software. This is especially the case if you’re a defy user who has a web3 wallet, for example, i’m a big fan of metamask, and i use it regularly as my web3 wallet through bridges and integrations with most hardware wallets. I can still store my keys in an uber, secure environment while doing my defy dabbling now. My next security tip is something that is tied to both offline and hardware wallets, and that is backups.
Whenever you set up a new wallet, you generate what are called backup seed words. These basically allow you to recover the wallet in case you ever lose access to the wallets or forget your passwords mnemonic seed. Words are basically a collection of words that have to be entered in a specific order and they’re usually given to you when you first set up that wallet. This is why it’s incredibly important how you take down those seed words and how you store them. The most important thing to note here is that, when you’re setting up your wallets and getting your words given to you, do not under any circumstances save digital copies of them, don’t copy and paste them onto your pc, don’t store them in a password manager.
The best thing to do is to write them down with a pen on a piece of paper. If you buy a hardware wallet, then it usually comes with its own seed cards. For you to write down those all important words and once you’ve written them down, then be sure to store them in a very safe location. Know that if anyone has access to these seed words, then they can restore any bip 39 compatible wallet. It also won’t take a thief very long to figure out these seed.
Words are related to crypto if they get their hands on them. So if you’re sure that you can find a place in your house, that’s safe enough to store them then go ahead. However, i personally prefer to use a safe deposit box. Yes, i do have to trust that nothing will happen to this box, but it does remove some of the risks of personally storing these at home. Of course, you may be concerned about the long-term integrity of paper.
It can be burned in a fire destroyed in a flood or even innocently thrown away by an overzealous other half doing a spring clean. This has happened. Happily, there are steel seed cards that you can buy to mitigate against the fragility of paper. I’Ll leave a link to a number of them in the description, but there is one thing that you can do that will really take your security to the next level and that is to require multiple seeds through something called a shamir secret sharing scheme. Now i will admit that this can be overkill and it really depends on how much crypto you’re storing and how comfortable you feel with your contingency planning, but it is a seed, backup method.
We use here at the coin bureau. So what is it? Well, it’s similar to a multi-stick setup for a multi-signature wallet where you need a certain threshold number of signers to sign a transaction before it’s sent out. Similarly, with the shamir secret sharing scheme, you need a certain threshold of seed words in order to restore the wallet. For example, you can use a 203 setup where two of the three seed words can restore the device, a three of five and eight of eleven.
Whatever works for you, then you can store these seeds in different places or hand them to different people, who you trust, it’s essential contingency planning. Now, if you need a guide on how to set up your seed words like this, don’t you fret uncle guy. Has you covered with a video in the top right now? One more thing that i will say on seed management is that you should never ever put your seed words online. If there’s ever a wallet update that asks you to re-enter your seed words, then don’t the only time that these seed words will be required is when you are actually restoring a wallet and in the case of a hardware wallet it’s done on the device.
So be sure to keep that in mind. Okay, so that’s the overview of seed management, it’s time for my next tip, don’t download dodgy links and keep your pc virus free. Now. This is pretty obvious for general security, but i think it’s something that’s even more important for those of us who use cryptocurrency. This is because there are a number of ways in which viruses and malware can be installed on your pc, those that are able to either exfiltrate keys from offline wallets or to key log.
Your keystrokes there’s also malware that i’ve seen that’s able to take over the ram and replace the wallet address that you may have copied and pasted. Then, of course, there’s also the risk that you download an incorrect version of a wallet or worse. Yet you download a fake wallet, that’s designed to fish your private keys or seeds. These are surprisingly common and have happened with mobile web and desktop wallets either the hackers will direct you to a fraudulent site or they manage to get the app or download officially listed in app stores. For example, i recall a fake metamask wallet being listed in the chrome web store.
Another example was a fake cardano deadliest wallet that was listed in the google play store earlier this year, crazy, how they managed to get it listed, but that’s neither here nor there. So if you’re looking to download a wallet from a project or other developer, make sure you go right to the official download link, i never search for the app in google or in any app store. That’S because that’s where the scammers can upload their false apps they’re. Also able to manipulate reviews and ratings to make it look as if there’s nothing to worry about, and sometimes in google, the scammers will run ads on fake websites in order to trick you into thinking that it’s the official website yet another reason why i personally never Click on google ads in general, and it’s not just about once you’ve downloaded the official wallet. You also have to be very careful when it comes to downloading updates to the software.
Sometimes an update is pushed with bugs or worse now. This is something i do with all software in general, i like to wait and see if there are any reported issues with the update before updating myself. However, it’s even more important with crypto, as there is money involved, hackers could either gain access to the website and install a poisoned update or they can trick you into downloading a fake update. I recall this happening to one unlucky, electrum user, who was duped into downloading a false update to the wallet the poor chap lost over 1400 btc in the hack ouch, so just disable those automatic updates for now now. This does not mean that you should not update or ignore some of the updates that are pushed.
There are many occasions in which there’s a critical security update, that’s pushed which you need to download. So i recommend you follow the socials of the wallet provider in case they have a critical update. Also, when you see that a new update is ready to be installed, you can read about it. First double check how critical it is and whether it’s okay to wait. Finally, i think it’s just general best practice to keep your pc clean of any nefarious junk the internet spews out, if you haven’t already install some antivirus software, no personal preference here, just as long as it’s not mcafee, hey well he’s still with us, mr mcafee himself.
Would agree? Oh one more thing that i have to say on this is to be very careful with remote access software, basically software that allows someone else to access your computer. This includes the likes of teamviewer, etc, always be careful with permissions and, if possible, don’t use these programs on devices that have your wallets on them. Now security doesn’t only come in the form of access to your crypto, but also being able to track your crypto and that’s the topic of my next tip. When it comes to getting crypto sent to your wallet.
I would highly suggest that you don’t only use one wallet address, that’s because the more that you use this, the more likely someone is to create an online profile of who you are and what crypto you hold. As i’m sure you are aware, the blockchain is completely transparent and anyone can track where crypto is being sent. In fact, there’s an entire industry. That’S been set up in order to track crypto transactions. More about that, in the description, all that someone needs to do in order to track down someone who owns a lot of crypto is to link their wallet address to them.
Personally, this is not that hard to do these days, especially if you’re submitting kyc on your exchange accounts, which most exchanges require these days, and if people are able to identify that you’re, a hidden crypto whale and they know where you live. It could present some problems down the line. Apart from this, though, you also don’t want to have all your eggs in one basket, it’s best to have numerous different wallets generated with different external addresses for each. This is what i do for my personal storage. Now i know that this can sometimes be an annoyance having multiple different addresses and having to change these around for the new exchange accounts that you create.
Now the purest cypherpunks among us will say that you should generate a new address for each transaction. Now i realize that this is overkill and i certainly don’t bother with it myself. However, for really large sums of crypto that you want to store cold, then this could be a good option. I personally use one-time and unique addresses for all of my ethereum nfts, given the nature of a unique non-fungible token, it’s a lot easier to identify exactly who is behind said wallet. Quite simply, privacy is important because when things are not private, security could one day also be compromised on to my next tip, though – and this is all to do with sending crypto if you are going to be sending crypto to an address, make doubly and triply sure That the address you have pasted is indeed the correct one.
This is because it’s very easy to paste an incorrect one, they’re generally just a string of numbers and letters and if you’re operating in haste, it could be very easy to mistake, one for the other. For example, back in my noobish crypto days, i once accidentally sent five eth to the wrong address. I meant to send it to my exchange account, but accidentally send it to my friends exchange account. I did ask him for it back, but he blocked me so john. If you’re watching this, i haven’t forgotten pal, i digress.
The point is that these mistakes do happen and i could easily have avoided that mistake by merely double checking those addresses. Now, beyond that, there’s a risk from clipboard hijacking software, especially if you’ve neglected to use proper antivirus software. It’S also pretty easy to paste the wrong address which could see your crypto destroyed or lost forever, while wallets generally run checks on addresses. This is not the case. If you’re sending to an address on another chain that uses a similar address, type examples here include ethereum layer, twos and bsc for eth and bitcoin cash for bitcoin, etc, etc.
This brings me on to another top tip that i have when it comes to sending crypto and that’s to do test transactions. How often you should do this and whether you think it’s necessary is entirely up to you. I don’t do it for every transaction i’m making, but i certainly do send a small test when there is a considerable amount of crypto being transferred. Yes, this may increase the gas costs, but if the size of the transfer warrants it, i certainly don’t mind paying a tiny bit more for that insurance. Okay time for the next security tip – and this is a mistake that i see far too many people making.
No one – i repeat, no one – has to know how much crypto you hold just because you hold a digital asset does not mean that people won’t try and rob you of it as if it was any other item of value ever heard of the five dollar wrench Attack, it’s perhaps one of the most effective ways to extract private keys. It’S a literal, brute force attack. This has happened to so many people in the past, like in this story from 2018, when a user here in the uk was forced at gunpoint to hand over his crypto or just a few months ago. This man in spain was tortured and robbed for his crypto. If you let too many people know that you own crypto, then the results can be predictable, and i know what you’re thinking i can still flex online right.
No one knows who i am and they won’t be able to find me. Well, you have no idea how much a skilled cyber sleuth can find out about you if they’re determined enough. Your digital footprint is bigger than you think, forum, post history, social media tags and geolocation, reverse image, searches, etc, etc. So yeah, i know it can sometimes be tough not to do that flex, especially in the age of social media and these very rare profile, pick nfts, etc, etc. But the reality is that this online flex could cause some serious problems for you, irl anywho, there’s one more top tip for you and it’s the only certainty in this whole list.
We are all going to die. Sorry didn’t mean to kill the mood then, but it is a fact of life, and, what’s important from this angle, is to make sure that your next of kin can easily access your crypto. This is especially the case if you store your crypto using some of the methods that i suggested earlier: protocols such as cold storage and safe deposit boxes, etc. You should also be aware of the fact that your next of kin may not be as tech savvy as you are. The last thing you want is to have a situation where, in their grieving state, they have to turn to an untrustworthy source to gain access to your crypto.
That’S why it’s incredibly important to leave a detailed breakdown of where your wallets and seeds are stored, how to access them and what crypto you have exactly. It’S perhaps best to leave these instructions in a secure place that can only be accessed in the event of your untimely demise. Perhaps you want to leave the instructions in your will so long as you’re sure it’ll be kept in a secure place. Of course, this actually feeds into another use case for those multiple seed setups that i talked about earlier. You can give sets of seeds to your family members and one to the executor of your estate that way they can only access the wallets and restore them.
When both sets of seeds have been used, it’s a great way to extend the benefit of those wallets and build in a contingency to your coin storage. When it comes to your exchange accounts, these should generally be easier to access for your next of kin. Given the the exchange controls, the crypto in the account they’re more likely to hand over ownership of it, if stipulated in a will, however, to be on the safe side, i would still give them as much information as possible to access these if they can seriously guys. I know it’s a topic that we don’t want to think about and we tend to make the assumption that we have many more years to live, but accidents happen and life is fragile. It reminds me of that story about mercea popescu, an early bitcoin adopter with a purported bitcoin fortune of two billion dollars.
He drowned in an accident in costa rica. Earlier this year he was 41.There are rumors that his 2 billion bitcoin fortune can’t be accessed, lost forever and never to be recovered. You don’t know what your crypto fortune will be worth in 5, 10 or 20 years, and you don’t want that fortune to die with you, especially when your loved ones could have shared in that wealth and that’s it for my list of top security tips. I know it was a long one, but i really do hope that they were able to help you.
I will say, though, that some of these may be overkill and what you end up doing really depends on how much crypto you have and how much you’re willing to spend to protect it. Just as long as you appreciate that taking full control of your finances means taking full responsibility too, and as uncle ben once told peter parker with great power comes great responsibility, and now i’m keen to hear your feedback folks. Do you have any questions for me or are there any security tips that i may have missed? Let me know in the comments down below oh and while you’re down there, i have some other goodies for you, my socials page. This has links to all the other places that you can follow me off.
The tube most of these are verified by blue ticks and include my telegram channel my twitter, my instagram and tiktok and, of course, my email newsletter, where i share a breakdown of my personal portfolio, as well as a breakdown of some upcoming videos. Oh and if you’ve been eyeing, this magical little number right here. Well, you can bag it in my merch store, also linked to below there’s a whole lot of other merch there, including teas beanies and more all sales, go to help supporting the channel and making sure that i can keep it ad free. And finally, if you found this video fire, then fire up the likes, don’t forget to subscribe, to make sure you’re in line to receive my latest crypto vibes, oh and hit that bell as well. We don’t want it to get lonely.
That’S it for today, my fellow crypto fans. This is guy bidding you goodbye.