Key Takeaways
- With the increasing popularity and adoption of cryptocurrency and NFTs, hackers are finding new and improved ways to steal your valuable assets.
- Taking your crypto security seriously is crucial to not getting hacked. All crypto users should adopt strong security habits to keep their tokens safe.
- Phemex, one of the industry’s leading exchanges, applies a high level of security to protect users’ assets.
Share this article
Far too often we hear stories of people losing their crypto to hacks, phishing attempts or by simply losing access to their wallets. This article will describe a set of strong security habits to help users keep their tokens safe for a lifetime.
Not Your Keys, Not Your Crypto
Self-custody is crucial as it means that the only person who can access your account and the assets within them is no one other than you.
Any time you create a wallet, you generate a private key, along with a corresponding public key.
Public keys work as the holder’s address, visible to anyone to receive tokens (just like anyone can share their email address to receive messages). At the same time, the private key is needed to access the funds held in the public address and determine the actual ownership of the assets. Think of the private key as the password to access your email account.
Since private keys are typically made of a long string of characters, seed phrases are used as a user-friendly substitute for cryptocurrency wallets. Your seed phrase is your private key in a different format and consists of 12–24 random words generated by your wallet when you set it up. Seed phrases are also known as mnemonic or recovery phrases.
The owner of a wallet should never share their seed phrase with anyone else. In the case they lose it, most of the time, their cryptocurrency is lost forever. Any third party who gets access to a wallet’s seed phrase would gain control over the assets.
Getting Out of the Comfort Zone
The main threats for crypto users will generally come through their wallets or exchanges. The following is a set of recommended tips and best practices to guarantee the safety of your valuable tokens.
Backing up your private keys: always write down the seed phrase and store it in a safe spot from which (only) you can retrieve it. Do not back up your keys in the cloud or email them to yourself, as servers can get easily hacked.
Use a hardware wallet (cold storage): Cold wallets are air-gapped devices that store your private keys and are never connected to the internet. Cold wallets are ideal for long-term storage and almost impossible to hack.
Network safety: Don’t be that guy that gets their crypto stolen at Chipotle. Use a VPN when using a public internet connection. Check your home router frequently, as you never know if your neighbors are trying to sneak through your connection.
Secure your email: If an attacker compromises your email account, they can quickly recover or change passwords to access your exchange account. One easy tip is to remove all backup emails and phone numbers used for verification. Instead, enable two-factor authentication (2FA). You can also use a physical hardware device, also called a security key, so hackers need to steal the device to compromise an account.
Consider using an encrypted email such as Protonmail. Beware of phishing emails and other messages of suspicious origin, especially those that contain links or attachments.
Use unique passwords: this applies to every single exchange you use. An easy solution is to use a password manager such as 1Password or LastPass and change your master password often. In addition, you can use a random password generator to create strong passwords that include combinations of numbers, uppercase and lowercase letters, and special characters.
Browse the web safely: beware of malicious browser extensions, and don’t save passwords in your browser. Bookmark the crypto sites you often use to avoid fake websites that look similar to the real ones, and use privacy-focused browsers like Brave.
Beware of SIM swaps: a SIM swap is a malicious action through which the hacker intends to switch the cell service of their victim to a SIM card in their possession. The hacker uses social engineering skills to fool the cell service company and pretend to be the victim. The hacker then gains access to any services or accounts with SMS or email recovery. To avoid SIM swaps, set up a 6 to 8-digit PIN through your service provider that must be input to do anything with your account.
Exchange-specific safety: use time-locked vaults with a time limit to process a withdrawal. It is recommended that you “safelist” addresses to make sure only wallets you control can receive your funds. This way if your account is compromised it will buy you precious time to regain control of the account.
Minimizing the risks of getting hacked will give you peace of mind. You may not care as much now, but major gains can easily vanish if storage security is not taken seriously. Self-custody is what crypto was built for.
If you plan to stack up your favorite tokens for the next bull run, consider trying Phemex, one of the leading exchanges in the industry. Phemex has never been hacked. Phemex has implemented a set of robust security practices to guarantee the protection of their user’s digital assets.