1. Don’t tell people you have crypto
By telling people you have any cryptocurrency (especially online) you can become a target for theft. You’ll be subject to more potential threats like phsihing attacks and “investment opportunities.”
Solution: It’s easy to avoid this by not telling anyone you have any cryptocurrency. This also applies to showing off a crypto hardware wallet
2. Don’t keep any crypto apps or authenticator apps on your personal phone
Keeping your authenticator and crypto apps on your phone that you use everyday is like walking around with all your money in your pocket at all times. That’s very risky. If you lose your phone or someone steals it, your funds can potentially be lost.
Solution: Keep a dedicated phone at home. I have a 2FA phone that I keep at home and is always offline.
3. Split your crypto up “Don’t keep all your eggs in one basket”
Having all of your cryptocurrency in one place is incredibly risky. There’s a single point of failure where you could lose all your assets. Some people have gone all-in by investing their crypto into interest-earning platforms like BlockFi, Celsius Network or Nexo. I did a review on them and think BlockFi is one of the most trustworthy platforms, but there’s still the risk of your crypto being stolen from the platform. Even though insurance is available for these sites, the insurance only covers if the platform is hacked and not your individual account.
Solution: Diversify your risk by storing your cryptocurrency in multiple wallets and exchanges. If you complete advance verification for Coinbase, it’s pretty good because you need several layers of authorization to withdraw your Bitcoin while also having to wait 48 hours.
4. Don’t buy a ledger, it will get you killed.
Ledger is one of the worst businesses when it comes to storing your personal information. In fact, they shouldn’t even be doing that. Ledger has had 2 data leaks since 2020 which revealed their customers names, address, phone number and email address.
Hackers/Scammers have no way of identifying your wallet address and don’t know how much crypto you have. Basically any threats from them (even death threats) are weak attempts at getting you to give them your assets.
Solution: Uhh…Don’t buy a Ledger. Anyone recommending you a Ledger at this point has probably had little experience in cryptocurrency and really just wants to earn that 10% affiliate commission. Yes, affiliate commissions for most crypto hardware wallets are 10% so think about that.
5. Hardware wallets create additional risk and investment
As you may already know, crypto hardware wallets can be pretty pricey. The most expensive one I’ve seen is a Gray Corazon partnership with Trezor that sells for $999. It’s probably selling but it’s insulting that they think people would pay that much more for a shiny Trezor.
Hardware wallets are expensive and can create additional costs if you want to protect it properly. You’d actually need to leave it in a safety deposit box at the bank if you really want it to be protected. Otherwise you’d need to put your hardware wallet in a safe, fireproof bag, waterproof bag and then a faraday bag to protect from electricity. Additionally, you’d need a password protected USB key to hold your seed phrases.
Now let’s say your entire neighborhood burns down, collapses in an earthquake, or blows away like in the Iowa land hurricane. It will be incredibly dangerous to recover that safe with your hardware wallet. If you didn’t use a safe then the chances of recovering your hardware wallet are even slimmer.
Or let’s say your traveling. Do you bring your hardware wallet? What do you do if airport security sees it and questions what it is? If you say Bitcoin wallet you probably just put a HUGE target on your back.
Solution: You really don’t need a hardware wallet and you can generate a wallet for free. Your option is to use a wallet from Bitcoin.org or Ethereum.org. Yes, you will need a specific wallet for BTC and a specific wallet for Ethereum and all ERC20 tokens. You would still need to backup your seedphrase and wallet passwords which you can also do online (explained later in this post). Without a hardware wallet, you remove the risk of having to physically protect your hardware wallet at all times.
6. Use 2-Factor Authentication
Enable 2-Factor authentication on all your crypto accounts with an authenticator app. Phone numbers can be SIM swapped which is dangerous. A SIM swap is when an attacker pretends to be you and calls up your phone service saying “you lost your phone”. They then authenticate themselves as you through your personal information (which can be found online) and “you” want to restore your phone number on another device. This is possible because it’s VERY likely all of your personal information was leaked.
Solution: This just means using a text message to identify yourself isn’t perfect. You need to use an authenticator app with all of your online accounts when it comes to cryptocurrency. An authenticator app (I use Google Authenticator) generates a 6-digit code every 30 seconds. Each code is associated with the platform the code is for. You can even use an authenticator while offline.
I highly recommend getting a 2nd phone and using it to keep all of your 2-factor authentication codes. Keep that phone at home and keep it offline. This minimizes the risk of your phone getting lost or stolen.
7. SAVE your 2-Factor Authentication code
A lot of people new to cryptocurrency don’t save their 2FA QR codes. That’s a big mistake. In the event your phone is lost/stolen/damaged, there’s the possibility that you won’t be able to access your account.
Solution: You will need to take a screenshot of the 2FA QR code before using it. Yes, you have to save it somewhere safe. In the event you lose your phone with 2FA, you won’t be able to access your accounts unless you can restore your 2FA with that QR code you were first given.
2FA QR codes can be used on multiple phones without you knowing, so you want to make sure you store your 2FA QR codes securely. Never just store your 2FA QR codes online without any additional security. Here’s a few suggestions:
- Save your 2FA QR code as an image and rename the extension to [.exe] Then name the file something like StormWorm20210124.exe. You can rename the file extension back to a JPG (or any image file) to access the original photo.
- With your new file, you then want to password protect it using 7Zip. Use a super long password to avoid brute-force attacks. It can even be a simple password like “Password123!@#” then copy and paste that password 10x so the length of the password is now 140 characters.
- Then you can take that password-protected zip file and rename it again to something like “Sasserworm.exe”.
- Then you place your new file in a virtual encrypted disk from Veracrypt. You can create another password.
Alright a few of these points might start getting into overkill. As a low-tech easy solution, you could also modify your existing photos to contain your QR codes. This is a great tactic if you have thousands of photos. Here’s an example of me placing a QR code on a fried chicken truck. It’s not common for food trucks to have QR codes, but I would make the image small enough to barely use and remove the white background to make it much harder to identify. Just make sure after doing this that the QR code is still readable.
8. Send a scout
It’s kind of like a military strategy. You’re not going to send all your troops at once, you need to scout…To scout out the situation. The same idea works with crypto because if you send your coins to the wrong address or wallet type, you have completely lost those funds. There is no way to get that money back.
There is malware available that can recognize a cryptocurrency. The attack works like this:
- You copy your cryptocurrency address
- The malware recognizes the address and replaces the address in the clipboard
- You paste the address without realizing it’s a completely different address
- You send your money to the attacker with no chance of getting it back
Solution: Whenever sending cryptocurrency to another wallet or exchange, send a small test transaction first. This helps ensure you got the correct address and you know how long it will take for the coins to be transferred. Yes, this will result in a little more money due to transfer fees, but it will save you on stress, anxiety and the potential loss of your money.
9. Invest in Anti-virus software (or atleast a free one)
Even if you consider yourself moderately computer savvy, the likelihood of there being malware or spyware on your computer is very high. Especially if you have a PC. Macs are also subject to malware and spyware. This can cause the passwords and keys to your cryptocurrency to be stolen. There is even malware that can recognize a cryptocurrency address when copied to your computer clipboard and it replaces that address to a wallet owned by the hacker.
Solution: I highly recommend getting an anti-virus like Bitdefender (free version available). I’d say McAfee antivirus, but even John McAfee got hacked. Yeah, that’s the founders name. It’s not like I just said Jim Starbucks or Tim Apple.
Bitdefender Total Security Family Pack 2-years for 10 devices $29.99USD. If you’re currency on the website defaults to GBP, it’s £29.99 ($41USD). Set it to USD for Full Value. It’s literally cheaper to buy the 2-Year family pack from PCWORLD than buy the 1-year single computer license directly from the Bitdefender website for $39.98.
Bitdefender Total Security comes with a “basic” VPN package that allows you 200mb of secured browsing daily. You also won’t be able to select your location. As a VPN, Bitdefender is very stingy in their “Total Package.” For a VPN, I use Torguard.
Alternatively, you can get a Chromebook. Since the market of people that have one is very small compared to PC and Mac, hackers are targeting the bigger audience. Also, the Chrombook OS is very limited and you can’t secretly run software that’s not authorized by Google. Chromebooks also have a “powerwash” feature that allows you to factory reset your machine quickly if you want to your Chrombook to run like new (great feature if you think your computer may have become infected with something).
10. Avoid crypto scams
Would you give a stranger you’ve never met on the internet free money? Literally no one wants to actually give you free money (except Mr. Beast). Other people that “guarantee profit” for investments are always scams. If it ever sounds like easy money, put your guard up.
Solution: Stick to reputable exchanges, wallets and coins. There’s no regulation in cryptocurrency so “Coin Founders” can literally say whatever they want to trick you into investing. There’s no penalty to them for that. Also, the crypto market is super volatile and anyone who says what the price of a coin will be is just guessing. It’s clickbait.
11. Backup all your information online (secretly)
Backup all of your passwords, cryptocurrency wallet seedwords and authentication codes online. Hang on, I know you’ll say that’s dangerous and everyone says not to do that, but that’s if you don’t HIDE it. Having an online back up makes it very convenient for you to access and you won’t lose it.
Hide passwords in a photo
I’ll save all the other crazy ways for another time, but you can do something like this:
- Find your favorite photo or any photo that has a personal significance to you.
- Open that photo in Notepad++ (you’ll see a lot of crazy characters that don’t make sense to you)
- At the end of all that text, add your seedwords
- Copy some of the jumbled photo text and add it under your seedwords
Create Very Long Passwords with everyday files
Creating a super complicated password: You can use the MD5 of any file. I would suggest picking a photo that means a lot to you or using the MD5 of one of your old resumes. It’s best to use a PDF so it doesn’t accidentally get modified resulting in a different MD5. Then, paste your MD5 at least 5X and add some special characters. No one is brute-forcing that wallet.
Hide your 2FA QR Codes in Photos
Backing up your QR authenticator codes: You can do something similar for QR codes by placing them in an existing photo. Just make sure you use A DIFFERENT photo if you decide on using the MD5 of the photo as your password. By making any modification to a photo (size, compression, color, rotation) it will result in a different MD5.
This photo is a fried chicken bus which is something you’ll probably remember. I’ve added a QR code to wikipedia on the bumper. I’ve stored the photo on Flickr and you can run a test on it. Download the photo as “Original” and as “Large.” If you open both files up in Notepad++, only the original file size will contain my special message. Search for the text “Full Value Dan” and you’ll find the seed words to an EMPTY bitcoin wallet.
12. Don’t Trust Any Internet Links
Internet Browsing Tip: Use Bitdefender Trafficlight. It’s an extension you can add to most computer browsers. Basically it will tell you if a website is safe or if there are any potential security risks.
If you don’t want to add an extension to your browser you could check the site manually.Any time someone online recommends a website your guard should always be up. To verify the safety of a website before clicking on it, drop the URL into Google’s Safebrowsing feature.
Check if the the site is safe by typing this in before the website address: http://google.com/safebrowsing/diagnostic?site=
No TLDR. Go back up and read this post if you actually want to keep your cryptocurrency safe.