In this guide I want to show you what are some key tips that you should follow in order to minimise the risk of being hacked. The crypto market gives us this whole new concept of decentralization, but this also means that you are in charge of the security of your own money and this can be a very daunting task, especially if you have not done this before and you have always placed your trust in institutions, such as banks or governmental authorities.
You will have to use an email address when opening a new account on any of the exchange platforms. It would be recommended that you create a dedicated email address which would be used exclusively for this purpose. Gmail addresses are usually quite good for this purpose.
When signing up to different channels in the community, such as Slack, Discord or Telegram, use a different email address as these platforms are sometimes hacked quite easily and you don’t want anyone to have access to your trading email address.
Check whether your email address has been compromised using HaveIBeenPwned – this would show if your email address ended up in some dodgy database or if it was leaked from any of the channels.
Also, do not click on any links or emails that you get from ICOs or other companies that you haven’t been involved in. Most of them are scams or phishing links that will get your wallet hacked in the end.
Password & private key security
Ideally you could use a password manager like LastPass and change your master password regularly. Use a long, complex password for this and store it in a few places where it is secure and only you have access to it, preferably offline.
Use the password manager to generate secure passwords which you would use on your trading email address and exchange platforms.
If your trading email address is compromised in any way, change its password immediately.
In the same way you want to keep your passwords safe, some of the wallets online you can use will give you a private key, such as MyEtherWallet. Do not store this private key on your computer and do not share it with anyone! Try and keep it on a printed piece of paper that is securely stored at home or somewhere where you feel it’s safe.
Use 2-FA (two factor authentication)
Enable 2-FA for every single account where you can enable it – trading email address, exchange platforms, password manager. Ideally use a separate phone for your 2FA that is secure and that you cannot lose (keep it at home). Run Google Authenticator or Authy on it.
Security of exchange platforms
There are loads of exchange platforms out there and loads of platforms where you can buy cryptocurrency. Be careful when it comes to using these. Try and stick to the well known, high-profile ones which have a good reputation in the community – Bitfinex, Bittrex, Binance, GDAX, Coinbase, Kraken, EtherDelta.
Another aspect is that you should not keep your funds on an exchange platform. Do not rely on these exchange platforms as some sort of banking company where your funds are completely safe because they are not – they sometimes get hacked or suffer DDoS attack and you do not want to keep your funds at risk.
Whenever performing a transfer of funds between different platforms (either depositing or withdrawing funds from a platform), always double check the addresses involved and make sure they belong to you and that they are correct. You do not want to send your funds to a different address because they cannot be recovered!
Best option – buy a hardware wallet
The best option to store all your funds safely is a hardware wallet, such as Ledger Nano S or Trezor.
I personally use Ledger Nano S as it is very easy to set up, bug-free and fairly cheap as well. Most importantly, it keeps your funds safe by storing all your private keys offline and only you can have access to these keys since you’re the only one who knows the PIN required to access the Ledger. You can read my guide on how to set it up here.
When it comes to setting up your hardware wallet, make sure you store your recovery sheet safely. This is a backup list of 24 words for the Ledger Nano S which is essential for recovering your funds in case your hardware wallet gets stolen or lost. Do not store this recovery sheet on your computer, your phone or any device that has access to internet.