April 30, 2025

Protecting Your Crypto Assets: Taking Your Security Into Your Own Hands

Learn tips on how to ensure your safety in the fourth part of our series: Protecting Your Crypto Assets.

Choosing the right wallet and the right exchange or money services business to trust are good steps towards securing your cryptocurrency, but it is important to remain aware of threats in order to actively avoid them.

In our last blog post, we reviewed what to look for and what to avoid in trading platforms and money services businesses. In Part Four of our Protecting Your Crypto Assets series, we recall steps to ensure the safety of your digital assets by taking your security into your own hands.

Safety From Within Your Wallet

Among the panoply of crypto wallet types with varying security advantages, it is important to pick the one (or the ones!) which best suits your needs. In Protecting Your Crypto Assets: A Review of Wallet Options, we learned that strategically using multiple wallets of different types in coordination can help you optimize the security of your crypto assets.

Make Sure to Use Official Websites and Software

After choosing your wallet, purchase it or download it from its official manufacturer, official website or official application. This is to ensure you aren’t using corrupted code, or a piece of hardware that has previously been tampered with. You should additionally bookmark official links to ensure you are continuously downloading your software and your updates from the most trustworthy sources.

Misspelled URLs of otherwise established crypto platforms are designed to trick you into logging into their fraudulent website. They then proceed to steal your credentials.

Make Sure to Use the Latest Version of Your Software

Be sure to remain up to date with any new firmware or software updates issued, whether it is hardware or a software wallet you own. Always verify the legitimacy of the update by cross-checking the verified social media profiles of the companies you do business with, as well as their official websites among your bookmarks.

Outdated versions of software can be vulnerable to phishing attacks. For example, Electrum wallet users have been prompted via a pop-up within the computer app to download a software update from an unauthorized party. While the pop-up redirected users to GitHub, the fact it appeared from within the app itself as an error message while the user was completing a transaction convinced many of its legitimacy. More than $22 million were lost to these Electrum phishing attacks.

In sum, be wary of external links and of slight changes in URLs. Download updates directly from the source and stay up to date with them to ensure maximum security within your wallet.

Keeping Your Seed Phrase Safe

Your seed phrase acts as your wallet’s master key. It can restore your wallet if your access is interrupted, but whoever gets ahold of it will have access to the private keys it safeguards. They will be able to access and manage your digital assets in your stead. Losing your seed phrase can make it impossible for you to recover the digital assets linked to your wallet.

Have Your Seed Phrase Written Down in a Safe Place

It is often recommended by wallet software during the randomized generation process of your seed phrase—composed of a sequence of 12 to 24 words—to write it down on a piece of paper. This is a simple and accessible option, although it is not exactly the safest. A piece of paper can easily be stolen, destroyed or lost among other things.

Instead, others take the time and money to engrave their seed phrase on a piece of metal. This ensures it is much harder to accidentally destroy or lose, but again, it can easily be stolen especially if it is recognized by a thief as being a seed phrase.

Consider Additional Safeguarding Tactics and Options

Another option for an additional layer of security for your seed phrase is Shamir’s Secret Sharing, which consists of splitting it into parts, and keeping these different parts in different locations. This means no one can hack into your wallet with a single fragment of your seed phrase. Doing it yourself on pieces of paper could be tricky, though: if you forget where you hid them, you may be unable to recover your wallet if you lose access to it. Shamir’s Secret Sharing can be integrated within certain hardware wallets using smart contracts.

Some wallets also allow you to create an extension word. A 13th or 25th word of your choosing at initialisation would be required, along with your seed phrase, to recover your wallet. This serves as a form of two-factor authentication. Remember to keep them in separate places, in such a way that a person who finds one or the other is not able to bypass two-factor authentication.

In any case, it is important to keep your seed phrase in a safe place, out of sight, but not out of mind so you are able to access it whenever needed. You can additionally make multiple copies, hidden in different places, in order to be prepared to act if you end up losing or accidentally destroying one copy.

While having multiple copies does increase the opportunities of one of them being found, it is also important to not leave yourself stranded in the event your seed phrase is destroyed. What matters most is to hide them well, in different safes, for example.

Keep Your Seed Phrase Offline

Never input your seed phrase in your computer or your phone, whether it is by typing it out or by taking a picture of it. Both are connected to the Internet and both can be compromised by fraudulent actors. 

If a hacker gains access to your computer or to your phone, they would be able to search all of your files for keywords or even recognize the pattern of the protocol used to generate your unique seed phrase, BIP 39. Malicious actors can also try to trick you into inputting your seed phrase into a fake software. Only ever input your seed phrase in your wallet software when you are actively and carefully launching a recovery process.

To summarize, keep your seed phrase written down someplace safe but that you can remember and access if needed. You can use Shamir’s Secret Sharing to split your seed phrase into fragments you can hide in different places or create an extension word if those are options your wallet provider offers. Remember to keep your seed phrase offline in any case.

Keeping Your Password Safe

Create a Secure Password

Keeping your wallet password—not to be confused with your seed phrase, used to recover your wallet if you lose your password—safe is similar to keeping any other password safe. Treat it as you would your bank account password or your debit card NIP.

When creating your password, either choose something you can remember or something you can safekeep. You can also consider passkeys, which are automatically generated and kept in storage in your device using cryptography. Often linked to biometric data, they are harder to break through and replicate than a password.

Use a unique password for your wallet—ideally, you should already be applying this for all your different accounts. Google Password Manager is a good option to help you keep track of all of your different passwords, but be careful not to input your seed phrase in it, as it is connected to the Internet. YubiKeys are also a good option to consider.

Stay Aware of Possible Threats

Stay aware of data leaks. Google Password Manager can alert you if your password has been compromised. If this is the case, be prompt to react and change it. Enable two-factor authentication and use the Google Authenticator app on a trusted device to verify your identity. SMSs can be intercepted as seen in SIM swap scams. It is also best to use an antivirus to detect and eliminate any threats on your devices that could try to steal your personal information and passwords.

To recap, create a strong password and use tools in order to remember them and protect them from potential threats.

Beware of scammers

Scammers take full advantage of crypto being decentralized and relatively private. While ensuring you take your business to a legitimate and trustworthy company is essential, safeguarding your funds while navigating the crypto world does not stop there. Phishing has cost 300,000 people about $52 million dollars in 2022.

Always Check If You Are Using the Right Website or Software

Sometimes, scam crypto websites mirror legitimate ones only with small differences in their domain name. This is known as “typosquatting”. These scam website links may be sent to you via email, or even found in your web browser if you input the domain name with a subtle mistake. From there, fraudulent actors will steal any information you input as you log into your “account” or your “wallet”. One way you can ensure you are always using the official website is to always access it through your bookmarks.

Recall the Electrum case we discussed earlier in which a fraudulent update was displayed as a pop-up from within the computer software.

You should also ensure, by verifying its wallet address on the blockchain explorer, that the smart contracts there are verified. Scammers have been known to take advantage of the increasing popularity of smart contracts to trick crypto users into authorizing fraudulent code into their wallets.

Remain Cautious Whenever Someone Reaches Out

Attacks by fraudulent actors are not always obscure technical ploys. Scammers may try to contact you directly, or they might, on the other hand, advertise themselves as a financial advisor capable of making you rich in simple steps, which will include buying cryptocurrency and sending it to their account as an initial “investment”. This “investment” will not be returned to you.

Rug pull scams have even cost knowledgeable crypto investors. They refer to scams in which a legitimate-looking crypto project builds itself up with the investments of enthusiasts, before being abandoned by its developers. Investors lose their investment, often siphoned away by the scammers. 

Scammers may also reach out saying they have evidence against you they will use to destroy your reputation if you do not comply and send them cryptocurrency. This is blackmail and more often than not a false threat.

On the other hand, scammers are also active on dating apps. Be wary of anyone online asking you to send them cryptocurrency, especially if you are not familiar with the workings of the crypto world. Take the time to read up on the matter first.

Remain Cautious of Unsolicited Transactions on Your Account

When you already have an account, be wary of unsolicited transactions. Scammers send very small amounts of cryptocurrency to numerous wallets in the hopes you interact with it. They may leave messages linked to these unsolicited transactions containing external links. These operations are known as dusting attacks, with “dust” referring to these small amounts of cryptocurrency—so small they can easily be overlooked. The goal of scammers’ with this is to trace your interactions in order to de-anonymize your wallet to later target you with social engineering attacks. The best thing you can do is to ignore these tiny transactions.

If you are prompted by your wallet app to sign something or to grant permission to something you do not quite understand, it is best to simply deny it. In recent months, Bybit multi-signature wallet holders fell victim to fraudulent actors taking advantage of multi-signature blind transaction approvals. They signed off on a malicious transaction that appeared routine, costing Bybit $1.46 billion worth of Ethereum. Although you may not have such a complex wallet configuration, the same principle applies to ensure your safety: only sign off on transactions or authorizations for which you understand the purpose. Always double-check transaction details like wallet address and amounts—remember that transactions are irreversible.

When it comes to scammers, it is always best to err on the side of caution. Always make sure you are using the official website or software. Understand what you are getting into and remain wary of anyone who reaches out to you—stay careful with those you reach out for first too! Check for suspicious activities throughout your accounts and do not interact with unknown links and unsolicited transactions on your wallet address.

In conclusion, ensuring your safety when you delve into the world of crypto and financial decentralization is an active process. At every step of the process, remain alert and vigilant, and take the time to increase your knowledge about cryptocurrency and blockchain to stay up-to-date with innovations and current affairs. Sign up for our newsletter for more content like our Protecting Your Crypto Assets series.

Frequently Asked Questions

Why Shouldn’t You Ever Input Your Seed Phrase in a Device That Can Be Connected to the Internet?

Your seed phrase should never be inputted anywhere that is connected to the Internet because it exposes it to potential online threats, including hacks or malware. Keep your seed phrase stored offline for maximum security.

What Is The Best Type of Crypto Wallet?

Cold wallets are generally more safe while hot wallets and custodial wallets are more convenient and user-friendly. Self-custodial wallets, on the other hand, guarantees you autonomy over your holdings. Using a combination of types of wallets balances the advantages and the disadvantages of each.

What to Do If You Receive an Unsolicited Transaction? 

If you are faced with a dusting attack, it is best to ignore the transaction and not to interact with any link that may be attached to the transaction. Their goal is to de-anonymize your wallet address in order to later on target you with a social engineering attack.

Symona Lam
Political Science Content Writer @ EZO
Related Posts
March 11, 2025

Moving Forward: The Bybit Heist

The Bybit heist in February sent shockwaves through the crypto community. Here’s what we know about it and what we must keep in mind moving forward.

Others
October 22, 2024

Small Businesses, Big Impact: Addressing the Finance Gap in MENA

SMEs are the lifeblood of global economies, yet many face a severe finance gap that hinders their growth, particularly in MENA where small businesses struggle to access bank loans. Fintech solutions offer a promising path to bridge this gap, leveraging widespread smartphone adoption to provide new financing opportunities for underserved entrepreneurs.

Learning
January 29, 2025

The Future of Payments via Stablecoins

Stablecoins have the potential to revolutionise global payments by reducing fees, increasing speed and improving security.

Learning
Be the First to Know!

Subscribe to get exclusive updates and early access when we launch in your country.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.