Powered by

 Gemini Logo

Sign in

Cryptopedia. Your trusted source for all things crypto.

Buy crypto

Topics

View all

Powered by

 Gemini Logo

Sign in

Buy crypto

A Security Checklist For New Crypto Investors

Here’s a cybersecurity checklist of everything you need to know to keep your crypto safe.

By Cryptopedia Staff

Updated June 28, 20226 min read

A Security Checklist For New Crypto Investors@2x

Summary

Keeping your crypto investments safe is one of the most important considerations for crypto newcomers, so we’ve compiled a security checklist of precautions you should take. This crypto security guide covers everything from keeping your crypto safe on centralized exchanges, to protecting your accounts from unauthorized logins, to transferring your assets to secure offline storage solutions.

Introduction to Blockchain Security

When beginning your journey with cryptocurrency, there are a handful of blockchain security tips you can follow to ensure a safe experience. Most of them entail the same common-sense practices that you would apply to any other web service. This means using unique passwords that you regularly update, keeping your login credentials safe and private, and using secure networks to access your crypto portfolios. As always, you should be wary of fake apps or websites, phishing attempts, and other scams designed to steal your digital assets, much in the same way you should be aware of scams targeting your traditional bank accounts or other online accounts.

That said, there are a few extra steps that you should consider in order to further safeguard your crypto assets. These include enabling two-factor authentication (2FA) for login, setting extra protections for sending or spending crypto, and even using ultra-secure cold wallet storage for your digital assets. In this article, we’ll cover all of these steps and provide further resources to help you start investing in cryptocurrency safely and securely. 

Crypto Security Checklist: Avoid Fake Sites and Apps

When you are beginning to invest in crypto, it’s important to keep a mental crypto security checklist and employ the same common sense and due diligence you would with any other web service. Unfortunately, there are many fake apps and websites that try to mimic today’s most trusted services. If you’re downloading a crypto exchange mobile app for example, be sure it’s an authentic application — popularity, reviews, authentic branding, and other indicators can provide critical contextual clues about an app’s authenticity. The same is true for visiting crypto websites and cryptocurrency exchanges on a desktop computer — be sure that the websites are legitimate. Fake and unregulated cryptocurrency exchanges often scam potential victims by posing as legitimate exchanges with similar-looking URLs, so be sure that the platforms you’re using are authentic.

Actively Manage Your Exchange Authentication Methods

Before setting up a user account with a crypto exchange, you should consider creating a new email address that’s unrelated to your other email addresses that you can use solely for engaging with crypto. Many users have only one email account, but this can pose a risk if a company that you’ve used your email address to sign up with is hacked, or if your email account password is hacked from anywhere else on the internet. Either of these possibilities could expose your sensitive information.

You should also take care to actively manage your login credentials. The average internet user has dozens of online accounts, many of which can be accessed using the same password. Therefore, it should be no surprise that more than a quarter of data breaches are caused by weak and repetitive passwords. Your exchange authentication methods (including as passwords) should be unique and not repeated on other online platforms. The process of creating strong, unique passwords can be significantly streamlined with the use of password managers, which offer an easy way to securely create, manage, and store passwords across multiple accounts.

Exchange Authentication via 2FA

Once you’ve set up an exchange account with a dedicated email address and a unique password, you should enable two-factor authentication — both for login, as well as for transferring assets. To gain entry to your account, 2FA typically requires that you enter a one-time passcode or an SMS code (from a text message) in addition to your own password. 2FA has become a crypto security staple, and provides a solid second layer of protection. With 2FA, you use your phone number or download an app, such as Authy or Google Authenticator, which you then connect to your account via QR code.

Once connected, a 2FA app generates a random code that expires every 60 seconds. The security of this method can only be compromised if an attacker gains access to both your password and the authenticator application on your device. Certain 2FA providers even allow users to control the devices that can access their 2FA. Allowing only one device to access the 2FA protects users in the event they are the victim of a SIM-swap attack. For this reason, a 2FA app that doesn’t rely on text messages is often recommended for exchange authentication.

One form of 2FA is a hardware security key, such as Yubikey, which you can plug into your computer via USB. These crypto security keys provide a strong level of protection by delivering hardware-backed, cryptographic proof of your identity. They ensure that only the holder of the physical hardware key can gain access to an associated account, even if an attacker has compromised your password or successfully executed a SIM-swap attack on your mobile device. This mitigates the risk posed by phishing, person-in-the-middle, and replay attacks that rely on stolen passwords or one-time password (OTP) codes.

Avoid Scams and Phishing Attempts

You’ll also need to make every effort to avoid common phishing scams. During a phishing scam, a malicious actor impersonates a credible authority figure or organization in an attempt to trick a victim into disclosing sensitive information or granting unauthorized access to their funds. The messaging in a phishing attack usually expresses some form of urgency, and can be delivered via misleading phone calls, text messages, advertisements, or emails — essentially any form of communication.

The most effective way to prevent phishing scams is to be exceedingly careful about who and what you engage with whenever you’re online. Pause and check the authenticity of every email sender’s contact, every hyperlinked URL, and any other identifying information for red flags before engaging, and skew towards caution when you’re unsure of what to do. Since phishing attacks are made possible entirely through human error, using tools such as two-factor authentication or a password manager can mitigate the risks of these attacks in the event an account password is compromised.

Wallet Authentication and Crypto Key Storage Best Practices

Once you’ve purchased cryptocurrency, you must decide whether to use a custodial or a non-custodial wallet to store your funds. With a non-custodial wallet, you have sole control of your private keys, which in turn control your cryptocurrency and prove the funds are yours. While there is no need to trust a third party when using a non-custodial wallet, this also means that you are solely responsible for not losing your keys and requires that you take your own precautions to protect your funds.

With a custodial wallet, another party controls your private keys and is responsible for crypto key storage. In other words, you’re trusting a third party to secure your funds and return them if you want to trade or send them somewhere else. While a custodial wallet lessens personal responsibility, it requires trust in the custodian that holds your funds, which is usually a cryptocurrency exchange.

You’ll also have to decide between a hot wallet and a cold wallet. Web-based wallets, mobile wallets, and desktop wallets are all typically hot wallets, meaning they are connected to the internet. Among them, web wallets are the least secure, though all crypto hot wallets are vulnerable to online attacks. A benefit to hot wallets is ease-of-use. Because they are always online, there’s no need to transition between offline and online to make a cryptocurrency transaction. That said, users who hold large amounts of cryptocurrency typically won’t keep significant amounts of crypto in hot wallets.

Generally, cold storage wallets are quite secure. Stealing from a cold wallet usually would require physical possession of the cold wallet, as well as any associated PINs or passwords that must be used to access the funds. Most hardware wallets are cold wallets and live on devices that look like a small to medium-sized USB stick. There are pros and cons to both crypto key storage options. Though a cold wallet is technically the more secure method, offline crypto cold storage can be significantly less “convenient” than a hot wallet — particularly for the less tech-savvy.

If you do elect to use a hardware wallet, you’ll need to set up a recovery phrase for wallet authentication, so that you can regenerate your wallet in the event that it becomes inaccessible.

Incorporate Whitelisting in Your Crypto Security Checklist

Whitelisting is a last-ditch line of defense in the case that your account becomes compromised. Whitelisting is an exchange authentication method by which you can pre-approve certain wallets and cryptocurrency addresses as verified accounts that you are able to send funds to; all other outgoing transfers are blocked. When you initially whitelist an address, you’ll need to securely sign into your exchange account with the appropriate login credentials, and complete any 2FA authorization should you have those settings enabled. In theory, if a hacker were able to log in to your account, they wouldn’t be able to send your funds to a wallet that they control because their address would not be whitelisted.

As a natively digital asset, cryptocurrency can be vulnerable to online attacks if the proper precautions aren’t taken. There is no single security measure that provides absolute protection from online risks. However, by using a combination of common sense, due diligence, and the above cybersecurity checklist, you can be well on your way to safely investing in this asset class.

Cryptopedia does not guarantee the reliability of the Site content and shall not be held liable for any errors, omissions, or inaccuracies. The opinions and views expressed in any Cryptopedia article are solely those of the author(s) and do not reflect the opinions of Gemini or its management. The information provided on the Site is for informational purposes only, and it does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice. A qualified professional should be consulted prior to making financial decisions. Please visit our Cryptopedia Site Policy to learn more.

Is this article helpful?

Yes

No

Topics in article
Up Next