Crypto security guide: how to keep your crypto safe

Find out how to keep your crypto safe with our handy checklist guide to the basics of crypto security.

WRITTEN BY
Daniel Taylor
Daniel is our Lead Content Marketer at Zumo
23/8/2021
2 mins

When you first get into crypto, one of the first things on your mind is probably: how do I keep my money safe?

Like any activity online - particularly where your finances are involved - there’s stuff you should be doing, stuff you definitely shouldn’t be doing and just general good practices for storing your crypto that will help you keep yourself as protected as possible.

Read this cryptocurrency security guide for a basic understanding of crypto security, why it matters and the practical security checklist you can go through to make sure you’re maximising your crypto safety.


What are the main crypto security risks?

Talking about crypto specifically, you can think of cryptocurrency security threats in three main categories: accounts, scams and hacks. 

Either you can lose/compromise the account details and private keys that give you access to your crypto in the first place; or you can get scammed out of your crypto due to human error; or you can get hacked and lose your money due to a technical breach.


Custodial vs non-custodial crypto storage

Before we continue, a quick aside on an important point. Cryptocurrency differs from other financial holdings in that you can choose to hold your funds yourself - be your own bank, effectively. This is what is known as a non-custodial solution

With a custodial solution on the other hand, you entrust your crypto to a third-party, whether that’s an exchange, centralised service provider or other investment platform. They then shoulder the security responsibility for safeguarding that money.

Which option suits you best will depend on your individual preferences, and the degree of personal control you want to have over your crypto. Either way, this guide provides some useful pointers on the underlying security best practices. 



CTA.png



Cryptocurrency security risk 1: compromised accounts and private keys

The access to your crypto, whether it’s kept by you or your chosen platform, is the private key. Whoever has your private key (or the wallet ‘seed phrase’ or ‘backup phrase’ from which the private keys are derived) controls your money, and keeping it safe is the first rule of cryptocurrency security.

There’s only ever going to be 21,000,000 Bitcoin, and reportedly 4,000,000 of those are lost forever because users have forgotten the private keys that would allow them to recover them. Private key security essentially boils down to two things: making sure you have them reliably backed up and making sure nobody else gets their hands on them. The same goes for any other account details or further security layers such as passcodes or 2-factor authentication that control the access to your account.

If you’re interested in learning more about private keys specifically, we’ve put together a detailed guide on keeping your private keys safe in our blog post here … otherwise, here are the main do’s and don’ts of account and private key security.



Never share your account passwords or private keys with anybody else, whatever the reasonBack up any private key and other sensitive account data offline, in a safe and secure placeAdd extra layers of account security such as passcode, touch ID or 2FA authentication whenever you canOnly ever use platforms you trust and feel comfortable with
Cryptocurrency security risk 1: compromised accounts and private keys
checklist


Cryptocurrency security risk 2: scams and scammers

Social media impersonators, fake support email, scam giveaways, plain too good to be true opportunities: unfortunately there are no shortage of scams and scammers out there, and you need to take care not to be caught out by increasingly sophisticated crypto scams. 

More fortunately, however, most of these situations can be avoided by following a few simple best practices, and avoiding unnecessary risk. If you want a more detailed rundown of what to look out for, and how Zumo works to protect you, you can check out our staying safe from scammers guide here. Otherwise, here are some golden rules for protecting yourself from the potential crypto scams.


Above all, remember rule number 1 of cryptocurrency security: never share your passwords or private key



Never respond to an unknown individual or organisation’s request to send them crypto fundsBe sceptical of any unsolicited approach. If you have any doubts, contact the company directly via its listed channelsAvoid taking unnecessary risks for the promise of huge gain, particularly if it sounds too good to be trueAlways do your own research
Cryptocurrency security risk 2: scams and scammers
checklist


Cryptocurrency security risk 3: Hacks and technical breach

Finally, it pays to consider the more technical aspects of your security. For individual users holding their own keys, this is in fact likely to play far less of a role than the social engineering and plain old human fallibility we’ve discussed so far - but becomes much more important wherever money is kept with third parties as part of any larger collection of funds, such as centralised exchanges. Such large actors have their own dedicated measures in place to guard against attack, and assume the responsibility from you for protecting your money, but on the flipside you lose the direct personal possession and control of your crypto, and have to put your trust in someone else.

Assuming you are the custodian of your crypto yourself, the main risks come from the device you’re using to manage your crypto, and can include exploits of specific device weaknesses, keystroke loggers and ransomware attacks. How much action you take to protect yourself will depend on your tolerance for risk and how much you are prepared to inconvenience yourself in the name of security. As a minimum you should ensure that the device you’re using to manage your money is kept up to date with all the latest security upgrades, that you’re using a robust browser and that you have a decent antivirus program.

If you want to take it further, you can take extra precautions: using a separate sign-up email purely for financial accounts; putting aside a whole device just for your financial transactions; and, if you are using mobile, considering a SIM-free device that you connect to a secured WiFi network only when you are making transactions. One of the most secure options of all remains a hardware wallet - a small USB-like device designed purely to hold your crypto keys, and which remains entirely offline and unconnected until the moment you want to make a transaction. 



Always keep your devices up to date with the latest security updates Use a trusted browser with in-built privacy and security protection  Make sure you are using good antivirus software For extra security, consider setting aside an offline device purely for crypto transactions
Cryptocurrency security risk 3: Hacks and technical breach Checklist


Closing thoughts

There’s no one-size-fits-all approach when it comes to cryptocurrency security. Your approach to long-term holdings will be different from your approach to funds you are actively trading, and your tolerance for risk will be different from mine. Whatever you choose to do, though, it is worth remembering the basic rules of cryptocurrency security and, ultimately, the merits of diversification. Exploring a range of storage solutions, and how you spread your money between them to find the security solution that’s best for you, can be a good way of offsetting the security risk of any one individual platform and giving yourself extra flexibility in how you want to manage your money.

On that note, we hope you’ve enjoyed this crypto security overview and checklist guide. If you’re interested in a platform to manage your crypto that offers a blend of security and convenience, the Zumo mobile app offers users the security of a non-custodial wallet combined with the simplicity and usability of a mobile app.

You can find out more, and download the app for both Apple and Android devices, via the Google Play or Apple App Store.


More from the blog 👇

Zumo introduces BSV with £10,000 worth giveaway
Zumo helps support WasteAid on Earth Day