This cryptocurrency security checklist is Cryptosec’s compiled version of things you should and should not do, concerning bitcoin and cryptocurrencies; put together from all the guides published on this site.

Updated: March 23, 2019


  • only store your private key(s) on pieces of paper or on a CryptoSteel, and store them somewhere no-one else but you has access to.
  • store majority of your funds on a reputable hardware wallet or a securely-made paper wallet.
  • only use a paper wallet if you’re 100% confident that you can make one in a secure manner.
  • store only small amounts of your crypto on your hot wallets(exchanges, software wallets, web wallets, etc).
  • use Google 2 Factor Authentication on your exchange accounts. Your accounts having 2FA makes your accounts significantly harder to hack.
  • use secure and complex passwords on all of your exchange accounts; preferrably 40 characters, with both uppercase and lowercase letters, and with special characters(e.g. x*uyIqwGjBhLWd$xx%i&&US5z7BxcPSGTjW4g3o6). We heavily suggest using password managers like KeePass2 and Bitwarden to generate and store your passwords.
  • make sure that you frequently check your browser’s address bar, to make sure you’re on the correct URL; to prevent being phished and to prevent accidentally downloading malicious software.


  • do not save your private key(s) and account passwords on a .txt file, a word document, on your email, on your mobile phone’s notes app, or anywhere digital.
  • do not store significant amounts of crypto on your hot wallets, pretty much anywhere that you don’t have control over the private key(s) and that could potentially be stolen by hackers.
  • do not give away your private key(s) to crypto airdrops or to anyone else in general. Giving away your private key(s) is pretty much like giving away access to your funds.
  • do not give away your personal information to airdrops, as they can use your personal information for malicious purposes.
  • do notclick on bitcoin or crypto-related ads on Google or any other search engine. There’s a good chance that a certain link you see in your search result is a phishing link that could potentially steal your funds.
  • do not re-use passwords on exchanges or any other website in general.

“There are only two types of companies: those that have been hacked, and those that will be.”

-Robert Mueller, FBI Director

Educate yourself. One of the best countermeasure against hackers and scammers is knowledge.