When you first get into crypto, one of the first things on your mind is probably: how do I keep my money safe?
Like any activity online - particularly where your finances are involved - there’s stuff you should be doing, stuff you definitely shouldn’t be doing and just general good practices for storing your crypto that will help you keep yourself as protected as possible.
Read this cryptocurrency security guide for a basic understanding of crypto security, why it matters and the practical security checklist you can go through to make sure you’re maximising your crypto safety.
What are the main crypto security risks?
Talking about crypto specifically, you can think of cryptocurrency security threats in three main categories: accounts, scams and hacks.
Either you can lose/compromise the account details and private keys that give you access to your crypto in the first place; or you can get scammed out of your crypto due to human error; or you can get hacked and lose your money due to a technical breach.
Custodial vs non-custodial crypto storage
Before we continue, a quick aside on an important point. Cryptocurrency differs from other financial holdings in that you can choose to hold your funds yourself - be your own bank, effectively. This is what is known as a non-custodial solution.
With a custodial solution on the other hand, you entrust your crypto to a third-party, whether that’s an exchange, centralised service provider or other investment platform. They then shoulder the security responsibility for safeguarding that money.
Which option suits you best will depend on your individual preferences, and the degree of personal control you want to have over your crypto. Either way, this guide provides some useful pointers on the underlying security best practices.
Cryptocurrency security risk 1: compromised accounts and private keys
The access to your crypto, whether it’s kept by you or your chosen platform, is the private key. Whoever has your private key (or the wallet ‘seed phrase’ or ‘backup phrase’ from which the private keys are derived) controls your money, and keeping it safe is the first rule of cryptocurrency security.
There’s only ever going to be 21,000,000 Bitcoin, and reportedly 4,000,000 of those are lost forever because users have forgotten the private keys that would allow them to recover them. Private key security essentially boils down to two things: making sure you have them reliably backed up and making sure nobody else gets their hands on them. The same goes for any other account details or further security layers such as passcodes or 2-factor authentication that control the access to your account.
If you’re interested in learning more about private keys specifically, we’ve put together a detailed guide on keeping your private keys safe in our blog post here … otherwise, here are the main do’s and don’ts of account and private key security.
Cryptocurrency security risk 2: scams and scammers
Social media impersonators, fake support email, scam giveaways, plain too good to be true opportunities: unfortunately there are no shortage of scams and scammers out there, and you need to take care not to be caught out by increasingly sophisticated crypto scams.
More fortunately, however, most of these situations can be avoided by following a few simple best practices, and avoiding unnecessary risk. If you want a more detailed rundown of what to look out for, and how Zumo works to protect you, you can check out our staying safe from scammers guide here. Otherwise, here are some golden rules for protecting yourself from the potential crypto scams.
Above all, remember rule number 1 of cryptocurrency security: never share your passwords or private key
Cryptocurrency security risk 3: Hacks and technical breach
Finally, it pays to consider the more technical aspects of your security. For individual users holding their own keys, this is in fact likely to play far less of a role than the social engineering and plain old human fallibility we’ve discussed so far - but becomes much more important wherever money is kept with third parties as part of any larger collection of funds, such as centralised exchanges. Such large actors have their own dedicated measures in place to guard against attack, and assume the responsibility from you for protecting your money, but on the flipside you lose the direct personal possession and control of your crypto, and have to put your trust in someone else.
Assuming you are the custodian of your crypto yourself, the main risks come from the device you’re using to manage your crypto, and can include exploits of specific device weaknesses, keystroke loggers and ransomware attacks. How much action you take to protect yourself will depend on your tolerance for risk and how much you are prepared to inconvenience yourself in the name of security. As a minimum you should ensure that the device you’re using to manage your money is kept up to date with all the latest security upgrades, that you’re using a robust browser and that you have a decent antivirus program.
If you want to take it further, you can take extra precautions: using a separate sign-up email purely for financial accounts; putting aside a whole device just for your financial transactions; and, if you are using mobile, considering a SIM-free device that you connect to a secured WiFi network only when you are making transactions. One of the most secure options of all remains a hardware wallet - a small USB-like device designed purely to hold your crypto keys, and which remains entirely offline and unconnected until the moment you want to make a transaction.
There’s no one-size-fits-all approach when it comes to cryptocurrency security. Your approach to long-term holdings will be different from your approach to funds you are actively trading, and your tolerance for risk will be different from mine. Whatever you choose to do, though, it is worth remembering the basic rules of cryptocurrency security and, ultimately, the merits of diversification. Exploring a range of storage solutions, and how you spread your money between them to find the security solution that’s best for you, can be a good way of offsetting the security risk of any one individual platform and giving yourself extra flexibility in how you want to manage your money.
On that note, we hope you’ve enjoyed this crypto security overview and checklist guide. If you’re interested in a platform to manage your crypto that offers a blend of security and convenience, the Zumo mobile app offers users the security of a non-custodial wallet combined with the simplicity and usability of a mobile app.