This cryptocurrency security checklist is Cryptosec’s compiled version of things you should and should not do, concerning bitcoin and cryptocurrencies; put together from all the guides published on this site.

Wallets

DOs

  • Store your recovery seed offline. May it be on pieces of paper or on a steel sheet, and store them somewhere no-one else but you has access to.
  • Store majority of your funds on a secure wallet. If you own a decent amount of coins, store your funds on a reputable hardware wallet like a Ledger or a Trezor, or a securely-made paper wallet.
  • Use reputable wallet software. If you’re using a software wallet, as much as possible, only use wallet software like Electrum that are open-source and have known to be reputable.
  • Be aware of the bitcoin and crypto scams. That way, it significantly lessens the chances of you falling for them.

DON’Ts

  • Don’t use a paper wallet. Unless you are 100% confident that you can create one in a safe and secure manner via an air-gapped device.
  • Don’t save your recovery seed digitally. Not on a .txt file, a word document, on your email, on your mobile phone’s notes app, or anywhere digital.
  • Don’t give away your recovery seed. Some airdrop scams require you to hand over your wallet’s recovery seed for you to be eligible for the airdrop. Giving away your private key(s) is pretty much like giving away access to your funds.
  • As much as possible, prevent talking about bitcoin or cryptocurrencies to strangers. If a malicious individual gets the knowledge of you owning cryptocurrencies, you might get hit with the $5 wrench attack.

Exchanges

DOs

  • Use 2 Factor Authentication on your accounts. Your accounts having 2FA makes your accounts significantly harder to hack.
  • Use secure and complex passwords on your exchange accounts. Preferably 40 characters, with both uppercase and lowercase letters, and with special characters. We heavily suggest using password managers like KeePass2 and Bitwarden to generate and store your passwords.
  • Frequently check your browser’s address bar. To make sure you’re on the correct URL; to prevent being phished and to prevent unintentionally downloading malicious software.
  • Be aware of the bitcoin and crypto scams. That way, it significantly lessens the chances of you falling for them.

Don’ts

  • Don’t click on bitcoin or crypto-related ads on Google or any other search engine. There’s a decent chance that a certain link you see in your search result is a phishing link that could potentially steal your funds. Alternatively, manually type in the exchange’s URL on your browser’s address bar, or bookmark the exchange’s URL on your browser instead.
  •  Don’t re-use passwords on exchanges or any other website. If a certain website’s account database gets hacked and leaked and you have an account on that certain website, hackers can try to use your leaked account’s credentials to login to your exchange accounts.
  • Don’t leave funds on exchanges if you don’t trade. Unless you frequently use your funds to trade, store your funds on a reputable hardware wallet like a Ledger or a Trezor, or a securely-made paper wallet.

“There are only two types of companies: those that have been hacked, and those that will be.”

-Robert Mueller, FBI Director

For more detailed articles concerning bitcoin and cryptocurrency security in general, check out our articles on the home page here.