BTC -1.69%
$62,268.92
ETH -0.64%
$2,440.04
SOL -2.06%
$144.00
PEPE -7.22%
$0.0000095
SHIB -4.84%
$0.000017
BNB 1.75%
$583.29
DOGE -4.42%
$0.10
XRP -1.43%
$0.53
Pepe Unchained ($PEPU)
The Hottest Presale

Is Your Crypto Safe? Guide to Securing Your Cryptocurrency

Last updated:
Author
Author
Tayler McCracken
About Author

Tayler McCracken is the Head of Content at 99Bitcoins, a leading publication that provides cryptocurrency education. With over 7 years of experience as a writer, analyst, researcher, and editor across...

Last updated:
Why Trust Cryptonews
With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

In the crypto world, there are two key statements to remember: “It’s not about how much you make, it’s about how much you keep” and “Not your keys, not your coins.”

The past few years have been brutal, with plenty of project failures and collapses that left people with devastating losses and painful lessons learned. Keeping these sayings at the forefront of your thoughts while navigating the crypto world may be the difference between life-changing wealth and losing everything.

We’ve witnessed firsthand how quickly things can turn south. Whether we analyze the Anchor Protocol collapse, Celsius bankruptcy, FTX insolvency, Mt.Gox hack, the security breach of Binance, KuCoin, HTX (the list goes on and on, take your pick), we have literally hundreds of examples that highlight the simple fact that If you don’t hold your own keys or follow responsible cryptocurrency security hygiene, you could end up losing everything.

Despite the risks, many of us have managed to keep our assets safe and secure. If you want to learn how to protect your crypto, read until the end of this article.

How Safe is Cryptocurrency?


This is one of the top questions we get asked all the time, and for good reason. It seems that every other week there’s news of another hack, scam, or some fancy new exploit in the crypto world. It’s easy to get a bit nervous, right?

Let’s think of crypto security like this: Imagine owning a high-security house with top-notch locks and a state-of-the-art security system. You even have a gate, motion sensors, a moat with a drawbridge, and the whole 9 yards. But, if you leave the door and gate open, the drawbridge down, AND forget to arm the security system, all that security is useless. The same goes for crypto. Even with the best wallet and protection, if you’re careless with your keys and recovery phrase, or you are lax on your cyber security hygiene, you’re risking your crypto assets.

Cryptocurrency is as safe as you make it. Unfortunately, there is a trade-off between security and convenience. The more secure you make your crypto and your transaction processes, the more inconvenient it will be, so it’s all about finding the balance that works for you.

Imagine if you owned physical gold and you kept it in an underground bunker secured by an eye scanner, guard dogs, armed guards, had to cite secret passwords and pass secret handshakes with the guards then do some acrobatics to make it through one of those cool laser grids like you see in the movies. That might be worthwhile if you were storing millions in gold bars, but having to do all that to access a gold coin worth $25 bucks wouldn’t be worth the security measures. In the same line of thought, storing $500k worth of gold in your underwear drawer, while convenient and easy to access, isn’t exactly the most secure method and wouldn’t cut it.

Crypto is the same. You can lock it down tighter than Fort Knox or you can literally store your private keys in your underwear drawer and keep your life savings in a browser extension wallet (not recommended). That’s not very secure, but talk about easy access!

This article will explore both sides of the security spectrum to help you find the balance. Stick to solid cybersecurity practices, and you’ll be fine.

Now, most of the problems people run into with crypto tend to fall into a few key categories:

  • Scams: We’ve all heard the saying: if it sounds too good to be true, it probably is. That applies big time in the crypto world. Don’t get suckered into chasing crazy returns or trusting sketchy strangers online. Keep your greed in check, and you’ll already be ahead of the game.
  • Centralization: This one’s a classic. When you leave your digital assets sitting on an exchange, you’re essentially trusting someone else to hold your money. If that exchange gets hacked or goes under, well, there goes your crypto. That’s why self-custody is so important, it’s the only way you can truly have full control over your funds.
  • Lost Private Keys/Seed Phrase: This is the #1 golden rule of self-custody: Never lose your recovery phrase! Treat it like the treasure map to your fortune and store it somewhere safe, secret, and offline. If that phrase gets lost, no treasure hunter in the world can recover it for you. A big chunk of this article will focus on making sure you lock down that all-important phrase properly.
  • Viruses and Malware: If you’re storing your seed phrases on your computer or, even worse, in a cloud service like Google Drive or iCloud, you are asking for trouble. Hackers love nothing more than rummaging through your files, looking for those precious recovery phrases and private keys. There is an endless list of viruses and malware that can search the files on your computer, so storing private keys/seed phrases on a computer isn’t the safest option. Even if you have good anti-virus software, remember that hackers are almost always one step ahead of protection software.

Your best defense? A hardware wallet with the recovery phrase never being entered anywhere online. Keep your crypto offline and it stays out of the hands of anyone with malicious intent and an internet connection.

Hacks: Stashing your secret recovery phrase in the cloud is a bit like hiding your house key under the doormat, everyone knows to look there. Hackers (and yes, even government agencies) have been known to gain access to cloud storage, snatch up recovery phrases, and steal (or seize) user’s crypto. Phishing attacks are on the rise too, so it’s a good idea to steer clear of cloud storage for anything crypto-related. There are also stories of people losing crypto via iCloud hacks, LastPass Password Manager hacks, and ransomware can infect Google Drive, so NEVER store your recovery phrases online.

Agents obtained authority to access cloud storage files to obtain private keys to access the wallet of criminals. Cloud storage is not a good place to store private information. Image Source: justice.gov

Crypto Addresses: These things can be a nightmare, long, complicated strings of letters and numbers that are easy to mess up. And here’s the kicker: if you accidentally send your crypto to the wrong address, it’s gone forever. Yep, there’s no crypto customer service to call for a refund.

Here is a look at an Ethereum wallet address. It isn’t very “human readable”, user-friendly, or memorable. It’s easy to make mistakes when dealing with long strings of letters and numbers.

There is also malware out there called a clipboard hijacker that can swap crypto destination addresses when you copy and paste them, so double-check everything like your assets depend on it (because they do). It is always a good idea to use the copy/paste function to ensure the address is pasted without errors, but still, always double-check after pasting to make sure the pasted address wasn’t swapped with an address belonging to a hacker.

Fake Crypto Apps: Believe it or not, hackers have gotten pretty crafty with creating scam apps that look exactly like the real deal, complete with fake reviews and thousands of downloads. Once you download one of these sneaky imposters and transfer your funds, poof, your crypto is gone. The best defense? Only download finance and crypto apps from the original company website or use their app store navigation links instead of searching in Google Play and the Apple App Store as this is how users accidentally download malicious apps.

Use Google/App Store Links or Download Directly From the Company Site Instead of Searching in Google Play or the App Store as They May be Malicious Apps. Image Source: Exodus

DeFi Protocols: Decentralized finance (DeFi) is an exciting frontier, but it’s still the Wild West out there. Many DeFi projects haven’t gone through proper audits, which means there’s a higher chance of vulnerabilities and exploits. Every year sees a slew of hacks as some projects rush development without crossing their T’s and dotting their I’s. We will cover how to verify DeFi audits and security checks in a later section.

The Number and Severity of Crypto Hacks Have Seen a Sharp Increase. Image Source: Chainalysis

Sure, these are some pretty serious risks, but it’s not all doom and gloom. As long as you’re aware of the potential pitfalls and follow the best practices we’ll cover in the next sections, you’ll be well-equipped to navigate the crypto space with confidence. Keep calm, stay sharp, and your assets will stay safe.

Different Methods of Storing Crypto


Protecting your crypto is about finding the right balance between security and convenience. You could make it super secure, but then accessing your funds would be a huge hassle. If you choose to go overboard with firewalls and encryption, trying to access your funds can feel like you are in a Mission Impossible movie. Pretty unnecessary if you are only trying to move $10 worth of USDT.

It takes a bit of trial and error for users to find their ideal setup, ensuring their crypto is safe but still easy to access. It helps to think of crypto in a similar way to how you handle regular cash. You wouldn’t carry your whole life savings in your pocket or lock the $5 dollar bill you are planning on using for coffee today in a high-security vault. Most people keep what they need in the immediate future handy, then store the rest securely. Apply that approach to your crypto as a basic first step and best practice.

There are a few ways to store your crypto assets, and the easier the option, the less secure it tends to be. Let’s break each down:

Keeping Crypto on an Exchange: Convenient but Risky

Many people leave their crypto on the same crypto exchange where they bought it from. Aside from active traders, this habit is due to a lack of understanding, lack of confidence in self-custody, or laziness. This method means someone else is holding your crypto on your behalf, which isn’t ideal. You wouldn’t give a $50 dollar note to a stranger for safekeeping, so why trust an exchange to hold your crypto?

Exchanges can get hacked or freeze accounts, leaving your funds at risk. Keeping your crypto on an exchange means you are holding an IOU instead of actual crypto. If the exchange gets hacked or mismanages funds, recovering your money might not be possible. Unfortunately, there have been dozens of exchange hacks and we’ve seen exchanges collapse overnight, disappearing with customer funds (such as the FTX collapse in 2022), so if you think it can’t happen to you, think again.

Crypto Exchange Hacks are Quite Common. Image Source: The Cryptonomist

Hackers target big exchanges as they present a honey pot worth millions, so holding your own crypto makes you less of a target. If you are smart about it, a hacker is unlikely to know that you hold crypto and even if they suspect it is so, they are much less likely to target an individual as we are small fish compared to a major crypto exchange.

That said, there are exceptions to the rule “Never Keep Crypto on an Exchange”. Sometimes it makes sense and is even necessary to keep your crypto on an exchange in instances such as:

  • Some tokens such as the Binance BNB Coin and KuCoin’s KCS token offer perks such as trading fee discounts and access to perks, features, and functions for keeping them on the exchange.
  • Day traders need quick access to funds so active traders leave crypto on an exchange.
  • For users planning on selling soon or timing the sale with a major event, it can be a good idea to get those funds on an exchange early to ensure preparedness as exchanges can sometimes go down and blockchain transactions can get delayed during peak times.
  • Staking or earning rewards may require keeping funds on an exchange, though it’s riskier than self-custody.

Many crusty old crypto veterans will exclaim that everyone should learn about and become comfortable with self-custody and keep hold of their own coins instead of trusting a custodial solution such as a crypto exchange, and while I would agree (in a perfect world), there are some exceptions to this assertion (in my opinion).

If you’re someone who is prone to forgetfulness and disorganization or is constantly on the move with no secure storage locations, keeping funds on an exchange might be more practical and even safer, though you need to be aware of the risks. Taking control over your own funds is a big responsibility as you will learn as you read on, and not everyone is up for the obligation.

Alternatively, you can also consider using professional custodial services like Coinbase Custody or Gemini, but make sure they’re reputable before entrusting anyone with your funds.

Using a Software Wallet: A Sweet Spot Between Security and Convenience:

A software wallet (also known as a hot wallet) is a great balance if you’re looking for something secure but still easy to use. You can download one of these wallets for free on your phone or computer, and the best part? You hold the keys, which means you’re 100% in control of your crypto.

Best Wallet is one of the most popular free mobile crypto wallets on the market. Image Source: bestwallet.com

However, because these wallets are installed on devices that connect to the internet, they do come with risks. The internet is a hacker’s playground, and any device connected to it, whether through Wi-Fi, Bluetooth, or mobile data, can be a potential target. Malware and viruses can sneak in and swipe your private keys or recovery phrase if you’re not careful. So, while these wallets are convenient, especially for making everyday purchases on the go or connecting to DApps or DeFi protocols, they require some extra precautions. Don’t worry, we’ll cover how to lock down your software wallet like a pro later on.

Using a Hardware Wallet: Best Choice for High Security

Now, if you’re all about security and willing to trade some convenience for peace of mind, a hardware wallet (a.k.a. a cold wallet) is the option chosen by most crypto veterans and security experts. These little gadgets keep your private keys offline, which means they’re completely out of reach from online hackers. Most of them don’t even have Bluetooth or NFC, so no data goes in or out, meaning there are no potential attack vectors for hackers. When you’re ready to make a transaction, just plug it into your computer or connect it to your phone, and you’re good to go, your keys never leave the device.

A Look at Popular Hardware Wallets Made by Trezor and Ledger. Image Source: Shutterstock

Transaction signing also happens on the hardware wallet itself, never coming into contact with an online device, and acts like a sort of 2FA.

The downside? Hardware wallets aren’t the most convenient option. You have to dig them out of their hiding places and plug them in every time you want to make a transaction, and you definitely don’t want to be carrying them around for your daily purchases. As it is good practice to keep these well hidden and secure, hardware wallets are best used like a vault for your long-term holdings.

This is where using a mix of hardware and software wallets is a good idea. Not only are you diversifying your risk by keeping funds in different wallets, but also, just as you take your “walking around” cash out of an ATM before a night out, you can transfer smaller amounts of crypto from your hardware wallet to a software wallet for crypto use on the go or to interact with DApps and DeFi protocols.

Hot Wallets vs. Cold Wallets: You might have heard these terms thrown around. A “hot wallet” is any wallet connected to the internet, while a “cold wallet” is completely offline. It’s also important to remember that a crypto wallet doesn’t actually store your coins. Your crypto stays on the blockchain, the wallet just holds the keys needed to access it. That’s how your recovery phrase is able to bring back your assets, even if you lose or break your wallet.

Paper Wallets: Ultra-Secure but Impractical

Paper wallets are the original secure method for storing crypto. User keys are printed on a piece of paper, which is immune to hacks. However, they’re not very user-friendly and you’re dealing with the fragility of paper. You can’t use paper wallets for transactions, and they’re less practical compared to modern hardware wallets, which can interface with web3 apps and DApps. Unless you’re a cypherpunk and have no need for frequent transactions, paper wallets probably aren’t on your radar.

Crypto Paper Wallets Are Secure, but Less Practical. Image Source: Shutterstock

To Sum Up:

For those who don’t frequently handle crypto transactions, hold large amounts, and are in it for the long haul, a hardware wallet is the most optimal choice. Many users spread their assets across multiple wallets to avoid risk. A common strategy is to keep most funds in a hardware wallet, like a secure vault, and use a software wallet for daily transactions, staking, and DeFi interactions. Only keep funds on an exchange that you are actively trading, what you need to unlock benefits & perks, and when you’re ready to sell. As soon as you buy your crypto at an exchange, the best practice is to immediately withdraw to a self-custodial wallet.

Use Multiple Wallets


If you are going to take one thing away from this guide, let it be this. Using multiple wallets, including “kamikaze” wallets, is a great way to diversify and minimize your risk. If you are holding a large number of funds, I recommend keeping them split between two hardware wallets. These hardware wallets should NEVER come into contact with online DApps or DeFi protocols. Consider choices such as Trezor, NGRAVE, BC Vault, Cypherock, and Tangem. These are all wallets I have personally used and battle-tested extensively.

As most software wallets cost nothing, you may as well have 2-3 mobile wallets (on the same device is fine) or split across different mobile devices if you have them, then spread crypto between them. My recommendations are Best Wallet, Trust Wallet, Exodus, and Zengo.

Zengo is One of the Only Wallets That Does Not Use a Seed Phrase, Making it a Strong Security Diversification Choice. Image Source: Zengo

Zengo is a wallet everyone should use in my opinion because not only is it free, but is one of the only wallets available to retail users that utilizes Multi-Party Computation (MPC) security to remove the need for a recovery phrase. MPC security is trusted by major crypto custodians such as Coinbase and Fireblocks, so if it is good enough for institutional-grade security, it is good enough for me. This is a completely different backup and recovery approach to the traditional BIP-32 Hierarchical Deterministic wallets, which is how over 98% of the wallets on the market operate, so this adds another layer of security diversification in case one security approach may prove to be flawed in the future.

Finally, for browser extension wallets, this is where what I refer to as “kamikaze” wallets come into play. These are also free, so may as well have as many of these as you want. The most popular browser extension wallets are Metamask for Ethereum and EVM-compatible chains, Phantom wallet for the Solana ecosystem, and Rabby, which is a Metamask alternative. You may need to use different browser extension wallets depending on the blockchain you are hoping to interact with.

I have multiple browsers on my computer, different profiles for Brave browser, Google Chrome, Microsoft Edge, and Opera. Each browser has a different browser extension wallet.

Why the complex setup?

Because navigating DApps and DeFi protocols is like walking through a minefield. The more brand new, non-battle tested, and degenerate protocols you interact with or airdrops you chase, it is only a matter of time until you hit one that is malicious, click on a phishing link, interact with a DApp that gets hacked, or turns out to be a rug pull. Here is a hypothetical setup showcasing how I use my browser extension wallets.

Brave Browser Profile #1 Metamask– This is where I have most of the funds I expose to DeFi. This wallet ONLY interacts with battle-tested DeFi protocols like Aave or Uniswap. This wallet remains fairly secure as I don’t use it for risky practices, so it is suitable for staking larger amounts of crypto as well. Tip: Use a site like DeFiLlama to get legitimate links to DeFi protocols to avoid phishing sites.

Brave Browser Profile #1 Phantom Wallet – Only interacts with the most secure and blue-chip DeFi protocols and DApps on Solana such as Jupiter or Raydium. This wallet also remains secure enough for staking.

Brave Browser Profile #2 Metamask – This wallet only holds the amount I wish to use for Liquidity Providing and yield farming. That is this wallet’s only purpose, no staking, no airdrop hunting. This way, should this wallet be compromised, I am not risking the funds I am using for staking or lending in my other wallets.

Chrome Browser Metamask (Kamikaze Wallet) – This wallet carries no crypto aside from the few dollars worth that I may need for transaction fees. The more into experimental DeFi protocols and airdrops you get, the more you will be required to click on links to “claim” airdrops or connect your wallet to all sorts of questionable sites. I would never expose a wallet to these extremely risky activities that holds substantial amounts, but I also don’t want to miss out on the new frontier of DeFi or what might be legitimate airdrops or token rewards. If you choose to engage in these activities, you will encounter hundreds of NFT purchase offers, airdrops, Twitter campaigns, claimable rewards, and more, many of which will be scams. So by having a kamikaze wallet that holds no funds, you can go and try and collect as many rewards as you want. If any funds, NFTs, or airdrop rewards ever get deposited into this wallet, transfer them to one of your more secure wallets immediately.

Alright, that wraps up crypto storage. Next, let’s dive into some common pitfalls and, more importantly, how to avoid them.

How to Avoid Common Risks


We’ve covered some pitfalls to avoid and safe crypto storage options, now let’s get into some best practices.

Keep Your Crypto Safe from Scams

This one’s pretty straightforward, if something feels off or you’re promised sky-high returns that seem too good to be true, you’ve got a flashing red warning sign. Always trust your gut in these situations! I won’t dive too deep here as we have a great Guide to Avoiding Crypto Scams that can help you out, an article on How to Avoid Rug Pulls, and a Bitcoin Scam Test for further reading, I highly recommend checking those out.

It is also important to get familiar with tools and resources before you decide to venture into the world of DeFi. One of the primary advantages of blockchain technology is transparency. A common saying in crypto is “Don’t trust, verify”. This refers to the transparency of crypto and that there is no need to have to trust anyone. Savvy crypto users can use resources to verify the legitimacy of projects and smart contracts for themselves and avoid many scams.

One of my favorite tools for navigating the DeFi world is DappRadar. It’s super handy for tracking DeFi, NFT, and gaming projects, plus it helps you find legit decentralized apps (DApps). For me, it’s simple; if a DApp or protocol isn’t verified on DappRadar, I won’t connect a wallet to it.

Another very important tool is De.Fi. This is the world’s largest crypto smart contract audit database, anti-virus, smart contract scanner, shield, and more.

De.Fi is a Must-Use Tool For Anyone Navigating the World of DApps and DeFi

De.Fi enables users to check the authenticity of smart contracts and verify the results of blockchain security audits before interacting with them. I highly recommend getting familiar with this tool and if you make a point to scan every smart contract address with this tool, check your wallet’s security periodically, and use the scanner and shield function, you can save yourself a world of painful losses and avoid malicious protocols and smart contracts.

I have been dabbling in DeFi since 2017 and have never fallen victim to any DeFi losses, but I know hundreds of people who have. When I investigate how losses happened to others, the majority of the time the victim did not go through the simple step of verifying the smart contract or transaction they were signing using a site like De.Fi, or they used an experimental DeFi protocol that was not properly audited. It’s an extra step, sure, but an important one.

Avoiding Centralization Risks

To steer clear of this risk, the golden rule is to self-custody your crypto using a secure wallet. The second you leave your assets on an exchange, lending platform, or any third-party service, you’re essentially giving someone else control over your funds. By choosing self-custody, you’re taking one of the most important steps to keep your crypto safe.

In 2022, the crypto industry suffered multiple significant black eyes. Not only did the FTX exchange collapse, causing millions of users to lose their funds, but lending platforms Celsius, BlockFi, and Voyager also declared bankruptcy, resulting in billions worth of losses.

We already discussed why keeping funds on an exchange is a risk, but what about those lending platforms? Those lending platforms offered users a decent return on their crypto for depositing them. The business model was supposed to be simple: Users deposit their crypto (lending it to the company), and the company then lends that crypto to other users at a higher interest rate and pays depositors a 2-15% return on their assets.

This sounded great in theory, and millions of users deposited their entire crypto stash to these lending companies as they were chasing returns. I was also enticed by the 5% return on Bitcoin they were offering, and I was one of the unfortunate millions who lost crypto when Celsius declared bankruptcy.

Fortunately, I understood the risk of trusting a third party with my assets so only exposed less than 1% of my total crypto portfolio to Celsius, while others did not have such foresight and lost everything.

I agree that it is difficult to have your assets “collecting dust” in a wallet when they could be earning yield, but you always need to weigh up the risks vs the returns before entrusting a third party. Before I deposited Bitcoin on Celsius, I considered the following analysis:

“If I expect Bitcoin to go up 40-80% per year consistently, and if it is going to reach hundreds of thousands in valuation as many expect, is it worth risking that amount of upside potential for the 5% ROI offered by the lender?”

The answer is an obvious no, so I decided to risk about 0.7% of my crypto to earn the 5% while keeping the rest secure in a hardware wallet. If you believe that the cryptocurrency you hold has long-term upside potential, is it worth risking losing it all for a yearly return offered by a centralized platform?

Another thing to watch out for is the centralization of certain blockchain projects themselves. Some blockchain networks like Polygon and Solana have core teams behind them, giving them a degree of centralization. These teams can be targeted by government regulators and law enforcement agencies, and the future of the project is tied to the success of the project teams, and as we all know, humans are fallible creatures. It is similar to when you buy Apple stock, buying stock is a vote of confidence in the competency and future success of the CEO and Apple employees.

When you invest in a blockchain project whose development is primarily driven by a registered company or entity, the same principles apply. This is in contrast to cryptocurrencies such as Bitcoin, which operates with no central team and never had an initial coin offering (ICO), which gives it what’s called a “fair launch.” The problem with projects that had token sales is that they could be seen as securities, and we all know what happened with XRP. ICOs also mean there are early investors which could influence the direction of a crypto project and lead to increased sales pressure as early investors take profit.

Then there are other aspects of crypto centralization that are also important to understand to stay safe and diversified in crypto.

Map Showing Bitcoin Node Distribution Around the World. Image Source: Bitnodes.io

Cryptocurrency networks themselves also have various forms of centralization risks to be aware of. The following distribution and centralization factors should be considered:

Node Distribution

As you can see in the map above, Bitcoin is lauded as being the most decentralized cryptocurrency in the world from a node perspective. There are average folks like you and me running full Bitcoin nodes all over the world. This significantly enhances the robustness of a crypto network. If you find a project you like and there are only a small handful of nodes all in one location, that poses higher risks. You can find this information you for yourself by doing a simple search “(name of coin) node distribution map”.

Miner Location

For Proof of Work cryptocurrencies, as with nodes, miner distribution is also important. If all the miners are concentrated in one country, that cryptocurrency is opened up to regulatory risks from governments of a particular jurisdiction. Miner concentration can also lead to a 51% attack, which has happened to Ethereum Classic multiple times due to the network not being sufficiently decentralized.

Number of Validators, Validator Distribution, and Validator Clients

For proof of stake in cryptocurrencies like Ethereum, Solana, Avalanche, Cardano, and many others, validators take the place of miners. Using a site like beaconcha.in shows the number of active validators on Ethereum.

A Look at a Healthy Increase of Ethereum Validators. Image Source: beaconcha.in

Keeping things as simple as possible, the higher the number of validators, the better. Anyone can be a validator, assuming they meet the minimum threshold requirements for that network. The more validators and the more dispersed they are around the world contribute to the robustness, security, and decentralization of a network. However, many don’t understand the difference between a Validator and a Validator Client, and the latter is important.

Validator Clients are typically run by companies and these clients run software that can make attestations about the state of a blockchain. One of the largest criticisms against Solana in recent years was that there was only a single Validator Client, operated by Solana Labs themselves, poising a significant centralization and single point of failure risk. Fortunately, Firedancer, developed by Jump Crypto, has recently become another Validator Client for Solana, placing Ethereum and Solana both in the camp alongside Cardano and Bitcoin for being sufficiently decentralized and boosting security.

Staking Distribution

This is an important risk to highlight for networks such as Ethereum. Ethereum has a prohibitively high cost to become a validator as very few can afford to hold the 32 ETH needed to become one. This leads to a large concentration of staked Ethereum ending up in pools maintained by these operators. These operators are primarily companies like Coinbase, Binance, Kraken, and others. Lido alone holds 28% of staked Ethereum, so if one of these validators suffers a security breach or malfunctions, it could cause significant damage to the ecosystem for that asset.

Eth Stakers Orderd By Amount Staked. Image Source: Dune Analytics

The best way to mitigate this risk is to not stake all of your Ethereum with one provider and consider not even staking all of your ETH. Many crypto users will only stake 10-50% of their ETH holdings while keeping the rest secure in a hardware wallet.

Concentration of Token Holders

This one is pretty straightforward. Sites like CoinGecko are great for showing token distribution among holders, which is important to avoid the risk of you being left holding the bag if early investors or the project team itself decides to dump their tokens on the market.

Solana Token Allocation as per CoinGecko

If you are considering buying a cryptocurrency and over 80% of the supply is held by investors, seed sales, founding sales, and the team, that could be a huge red flag that the project will experience significant selling pressure as those token holders could use retail investors as “exit liquidity” and dump their tokens on the market.

This is also a good time to bring up token vesting schedules and token unlocks. Many crypto projects release a percentage of their tokens to the market bit by bit before the total supply is in circulation. A great place to check for this info is token.unlocks.app.

A Token Vesting Schedule as Shown by Token Unlocks.

If you are interested in buying a cryptocurrency, it is a good idea to check to see if there are any major unlocks coming up as the flood of new coins coming onto the the market can create selling pressure and can significantly lower the price per coin. This is a good strategy both for buying coins at a discount and making sure you aren’t buying into a coin just as a flood of new supply hits the market.

Nakamoto Coefficient, Shannon Entropy, and Gini Coefficient

If you really want to geek out on decentralization metrics and avoid centralization risk seeking to understand what the most decentralized cryptocurrencies are, you can take a look at the Nakamoto Coefficient, Shannon Entropy, and the Gini Coefficient, all available on the Edinburgh Decentralization Index.

A Look at the Gini Coefficient. Image Source: Edinburgh Decentralization Index

The EDI tracks the decentralization of various cryptocurrencies based on multiple different metrics. I won’t go into all of them here as the link above provides adequate explanation. The common theme is that Bitcoin, Cardano, Ethereum, Litecoin, Dogecoin, Bitcoin Cash, and Tezos are widely considered the most decentralized cryptocurrencies by many metrics.

Protecting Your Crypto From Viruses and Malware

One of the best defenses against a virus or malware infection is using a hardware wallet. If you’re storing your seed phrases on your computer, you’re playing with fire. An infected device can lead to disaster, as hackers can easily steal your private keys. The beauty of a hardware wallet is that it can safely be used on an infected computer with no additional risk since your keys stay offline. Still, keeping your computer clean with good cybersecurity habits is always a smart move. Don’t worry, we’ll dive deeper into that in the cybersecurity section.

Guarding Your Hardware Wallet Against Hacks

If a hacker gains remote access to your computer or phone, and you’ve got a software wallet in play, your private keys and recovery phrase could be up for grabs. That’s why a hardware wallet is the gold standard, it keeps your keys completely offline and beyond the reach of any online attacker.

While no one has successfully hacked a hardware wallet remotely, there have been a few rare cases where hackers used a technique called power glitching to break into a hardware wallet that they had physical control of.

Kraken Labs Successfully Hacks Into a Physical Trezor Device Using Volt Glitching Technique. Image Source: Kraken Blog

Many first-generation hardware wallets like Trezor, Ledger, and ELLIPAL were found to be vulnerable to these physical attacks. Trezor and ELLIPAL have released the Trezor Safe 3 and Safe 5 and ELLIPAL released the Titan 2.0, to mitigate this voltage glitching hack. These types of hacks are unlikely as they require a sophisticated hacker finding your hardware wallet and then setting them up to glitch the voltage, but it is still a good idea to make sure your hardware wallets are well hidden.

In the cybersecurity section, we’ll cover even more tips on protecting your assets from hacks.

How to Avoid Sending Your Crypto to the Wrong Address

One of the most thrilling (and nerve-wracking) things about crypto is that transactions are irreversible. Unlike with money, in crypto there are no banks or intermediaries who can conduct chargebacks, reverse transactions, automatically take funds from an account, freeze accounts, halt, or censor transactions. But the flip side of that is that once you hit send, there’s no “oops” button to bring it back. If it goes to the wrong address, your only hope is that the person on the other end is feeling generous enough to return it, which is highly unlikely. There is no customer support to bail you out so you’ve got to be extra careful every time you send.

Here’s how to make sure your funds end up where they belong:

  • Copy and Paste the Address (or Use a QR Code): Always, always copy and paste the destination address, or better yet, scan a QR code if that’s an option as it is with some wallets. This way, you avoid typing errors. Double-check that there aren’t any sneaky spaces hiding before or after the address when you paste it in.
  • Double-Check After Pasting: Even when you copy and paste, take a second to verify the address. Clipboard hijacking malware is real and can swap out your intended address for a hacker’s. A quick glance to verify the address can save you a world of trouble.
  • Get a Crypto Domain: Consider investing in a crypto domain like “yourname.eth.” It’s a much easier and safer way to send funds, and you don’t have to worry about remembering long strings of characters or falling victim to clipboard malware.
  • Pick the Right Network: This is where many new crypto users slip up. When you’re withdrawing from an exchange like Binance, you’ll often have to choose a network. Don’t just guess or go for the cheapest one, make sure it matches what the receiving wallet or platform supports. Otherwise, your funds could disappear into the crypto void.
  • Destination Tags/Memos Matter: Some cryptos, like XRP and XLM, require an extra step, a destination tag, or memo. Many centralized platforms also ask for a tag, memo, or verification number. Skip this step, and your funds could be lost forever. Always check if you need to add one, and don’t forget to include it! If you are unsure, reach out to the support team for the exchange, wallet, or platform.

By following these steps, you’ll ensure your crypto ends up at the right destination.

How to Avoid Getting Tricked by Fake Crypto Apps

Nothing stings more than thinking you’ve done everything right, only to realize you’ve downloaded a fake crypto app and your funds are gone. It’s a total gut punch, and unfortunately, it’s a trap that many users fall into. These counterfeit apps are scarily convincing, they look just like the real deal, complete with fake reviews and ratings to make them seem legit.

Android Authority

So, how do you protect yourself? The golden rule is: Never download crypto apps by searching through the app store. Instead, always grab the direct download link from the project’s official website or whitepaper. It’s your safest bet for avoiding the fakes.

When it comes to DApps or DeFi platforms, phishing websites are another very common pitfall. Scammers create URLs that look almost identical to the official ones, tricking users into entering their information. To dodge this, always grab the URL straight from the project’s whitepaper or documentation, or from a trusted site like DeFiLlama or DappRadar, and then bookmark it so you don’t have to worry next time. A handy browser extension like Phishfort can also help by flagging known phishing sites.

This Fake Uniswap Site that Looked Similar to the Original Resulted in a Phishing Scam Affecting Users. Image Source: pcrisk.com

Here are some quick tips to avoid crypto phishing attacks:

  • Be skeptical of emails, especially if they contain attachments or links. Don’t click on links in emails, instead, if you are unsure, contact the sender to verify or navigate to the platform directly via URL.
  • Don’t click on links or download attachments from sources you don’t trust.
  • Keep your operating system and software up to date and use good antivirus and link checker like the free one offered by Malware Bites.
  • Enable two-factor authentication when available.
  • NEVER give your recovery phrase or private key to anyone. A common scam is someone pretends to work for customer service for a company and says they need your recovery phrase or private keys. This will 100% always be a scam. Another common phishing scam will be alerting a user that they need to enter their recovery phrase to access a DApp or collect an airdrop or reward. This will also always be a scam.
  • Use a reputable cryptocurrency exchange and wallet.
  • Don’t download browser extensions from untrustworthy sources.
  • Use a VPN when connecting to the internet.
  • Always verify the URL you are visiting before connecting a wallet or signing a transaction.

How to Protect Your Crypto from DeFi Protocol Exploits

I get it, the temptation to dive headfirst into the latest DeFi project promising the next big thing can be tough to resist. But when it comes to your crypto, patience can be the difference between keeping or losing your crypto assets.

Over the past year, we’ve seen more DeFi and wormhole hacks than we care to count. Most of these happened because developers rushed to release projects without fully testing or auditing them. It’s like building a house without checking if the foundation is solid, sounds like a recipe for disaster, right? That’s why blockchain audits are crucial. The top-tier DeFi platforms like 1Inch, Aave, and Compound take this seriously, and you should too.

Here is a look at all the security audits that have been done on the popular DEX Aggregator 1Inch. This is a sterling example of a protocol that takes security seriously:

The smartest way to keep your crypto safe in DeFi is to stick with battle-tested, long-standing DApps that have had multiple audits performed. Check for audits completed by reputable companies such as Hacken, OpenZepplin, PeckShield, Certik, Ackee Blockchain, Consensys, ChainSecurity, Slowmist, and MixBytes as these are among the top blockchain auditors in the industry. A reputable project should have links to their audits on their GitHub page, whitepaper, or website. If you cannot find audit results, that is a big red flag.

Now that we’ve covered the safest ways to store your crypto and avoid common pitfalls, it’s time to dig into cybersecurity and learn some crypto hygiene best practices.

How to Keep Your Crypto Safe


As we’ve covered, if you’re storing your private keys and recovery phrases on a device riddled with viruses or malware, you’re setting yourself up for a very bad day. And if you’re letting hackers roam around your network unchecked, it’s not going to end well either.

Just like with storing crypto, there are different levels of computer and network security, and we’re about to break them down in a way that makes sense. Now, I’ll be upfront with you, our highest level of security (Phase 3) is no joke. It’s quite a hassle and probably more than most people are willing to do. But don’t worry! You don’t have to be a cyber geek hacker pro to keep your crypto safe. The more steps you follow, the more secure you’ll be, and even basic precautions can go a long way.

Phase 1 Crypto Security: Your First Line of Defense

If you’re going to follow just one set of crypto security rules, make it this one! Not only will it keep your digital assets safe, but it’ll also improve your overall online security, think of it as a security upgrade for your whole life, from passwords to banking info.

These basic security measures are non-negotiable. Skip them, and you might as well be handing your passwords and crypto over to your nosy neighbor.

  • Guard Your Recovery Phrase Like It’s Treasure: Your 12 or 24-word secret recovery phrase is the master key to your wallet. It’s the one thing standing between you and certain disaster. Lose it or let it fall into the wrong hands and all your funds are gone. And just so we’re clear, even the company that made your wallet can’t help you recover it. If you lose that phrase, game over.
  • Put It On Paper (Yes, Really): Don’t just stash that recovery phrase in your memory. Write it down, old-school style, on a piece of paper. Better yet, use a fancy fire and flood-proof metal engraving plate like the Trezor Keep to make sure it’s safe from the elements. Keep two copies in different secret spots so if one disappears in a disaster, you’ve got a backup.
  • Handle with Care: When setting up your wallet, do it in peace, no distractions! Write down your recovery phrase exactly as shown on your screen, because one little mistake could mean big problems later as you will be unable to recover your crypto.

Expert Tip: When you set your wallet up and write your recovery phrase down, write your Bitcoin or Ethereum receiving address down on a piece of paper. Then factory reset your hardware wallet or uninstall your software wallet from your device. Redownload the wallet app or re-initialize your hardware wallet. Instead of setting up a new wallet, recover your previous wallet using your recovery phrase and check to see if the Bitcoin/Ethereum address matches. This guarantees you backed up your wallet correctly. You would not believe how many times we’ve heard someone say “I could have sworn I backed my wallet up correctly” and ended up losing everything as one single typo can result in permanently lost funds.

  • Keep It Safe and Secure: Only you, and maybe your most trusted confidants, should know where your recovery phrase is stored. The last thing you want is for it to fall into the wrong hands. Some wallets such as Trezor and Cypherock support Shamir Secret Sharing, which allows users to split their recovery phrases up and keep portions in different locations or store them with loved ones without having to trust that they won’t steal the funds. Shamir Secret Sharing and Multi-Sig are two of the best protections against the single point of failure risk that exists with recovery phrase management.
  • No Digital Copies Allowed: Never, and I mean never, enter your recovery phrase online. Scammers will try to trick you into entering it on fake sites or apps. Real crypto services will never ask for it. If someone does, run! Nearly every crypto wallet you buy or download will show a message like this, and these companies mean it:
Various Wallet Companies Emphasizing that Nobody (other than scammers) Will Ask for Your Recovery Phrase.

Beware of Fake Support Scams

Here’s a scam that’s been making the rounds: scammers hang out on popular chat platforms like Discord, Reddit, and Telegram, pretending to be customer support for crypto wallets. They lurk in the shadows, waiting for someone to ask a question in the community. Then, boom, they slide into your DMs, acting like a helpful support member. They’ll ask for your recovery phrase or private key, claiming it’s to “help resolve your issue.” No legitimate support agent will ever ask for your recovery phrase. If you give up this phrase, it’s almost guaranteed they will steal your crypto, so just block the message and move on.

Password-Protect Everything

If you’re still using “password123” for your crypto wallet, we need to have a chat. Protect your hardware and software wallets with something only you know (and no, your birth year or “1234” won’t cut it). If someone gets their hands on your device and guesses the password, they can waltz right in and steal your crypto.

Secure Your Devices

It’s not just about your crypto wallet, your phone and computer need to be secure as well. Make sure they’re locked down with passwords, pins, and biometrics. You want that extra layer of security so if your device ever gets misplaced or falls into the wrong hands, they will have a harder time getting into it. Set it to lock automatically after a few idle minutes so if someone does nab your phone and run, hopefully, it will lock before they have a chance to get into any of your apps.

Most crypto wallets also support setting a password or PIN in addition to your device, definitely enable this feature so if someone swipes your phone from your hand they still won’t be able to access your financial apps.

If you ever lose your computer or mobile device, don’t panic! You can use tools like Google’s Find My Device or Apple’s Find My to track it down. And if things go south and you can’t recover it, you can remotely wipe your data for peace of mind. Super handy, right?

Keep Everything up to Date

Regular updates are essential for both your operating system and crypto apps. Security patches get released often, like Exodus Wallet dropping updates every couple of weeks, so make sure you’re on the latest version. Using a jailbroken device? Not a great idea. That’s like leaving your front door wide open, hackers can walk right in! Never install crypto apps on a phone that has been jailbroken.

Use a Secondary Computer or Mobile for Crypto

Many crypto users, including yours truly, have separate devices for crypto vs non-crypto use. The laptop and mobile phone I use for day-to-day activities are not the same ones I use for my crypto and financial apps. I want to be able to click on cat videos and open attachments without worrying that one wrong move can swipe my funds, so one phone is for daily browsing care-free, while the other one is only used for financial and crypto activities.

The devices I use for crypto and finance are turned off 95% of the time and I never use them on public wifi, without a VPN, or for anything other than crypto and financial transactions. This way I can be sure that I am not risking my funds because I want to watch that weird video my friend just sent me on social media. I use my “burner” phone for that.

Avoid Sketchy Websites

I know, now I sound like your dad lecturing you about internet safety, but it’s important! If you’re into downloading or streaming (I’m not judging), be mindful of where you click. Pop-ups, shady links, pirated material, and clicking on those messages from “local singles in your area” are prime ways for malware to sneak onto your device. If you aren’t going to be using a separate computer then it is best to avoid clicking on anything that looks suspicious. I also annoy my friends because before I click on anything sent from someone I always ask “Hey, did you mean to send me this?” to make sure their account wasn’t hacked and is now spamming their contact list. You would not believe how many times I receive the response “No… I was hacked, don’t click that link!”

Think Twice Before Opening Attachments.

If someone sends you an email that looks suspicious, don’t open it. Shoot them a quick message and ask if they meant to send it. Better safe than sorry! Malware Bites free link checker is a good tool to scan any attachment or link before clicking on it.

Pro tip: Want to check if your passwords or phone numbers have been caught up in any hacks? Head over to the free website haveibeenpwned and check if your data has been involved in any known data breaches. If you’ve been compromised, update your passwords right away. Also, before clicking on any suspicious links, paste them into virustotal.com to see if they’re hiding anything shady. And don’t forget, your antivirus software probably lets you right-click on downloads or links to scan them for viruses before you open them. I use this feature daily.

That wraps up the basic but crucial steps you can take to secure your devices and your crypto. Now, let’s level up that security game!

Phase 2 Crypto Security: Strengthening Your Shield

Alright, let’s take your crypto security game up a notch. This phase mixes in some advanced security tips that are definitely worth your time.

Start with a Hardware Wallet

If you’re serious about protecting your funds, it’s time to get yourself a hardware wallet. Think of it like putting your savings in a vault, not under your pillow. And remember, bragging about your crypto wins on social media isn’t the best idea. You don’t want to put a target on your back, the fewer people who know about your crypto, the better. Have you seen this guy who wore a mask to collect his lottery winnings? Think like him!

Use Two-Factor Authentication (2FA)

Another essential move is setting up two-factor authentication (2FA) wherever possible. This means that even if a hacker somehow gets your login details, they won’t be able to break in unless they have access to your phone or 2FA device. Apps like Google Authenticator, Authy, or YubiKey are solid choices.

Important Tip: Steer clear of using SMS for 2FA, SIM swapping attacks are a real thing, and they’re not fun. These attacks have led to millions in lost crypto. 2FA like Google Authenticator provide significantly better security than relying on SMS messages.

Upgrade Your Password Strategy

Now, let’s talk about passwords. If you’re still using the same one for every account, it’s time for a change. Do yourself a favor and get a password manager like NordPass or 1Password. They generate and save strong, unique passwords for you so you don’t have to remember them. It takes a bit of effort to set up and swap out all of your old passwords, but once it’s done, you’ll wonder how you ever lived without it.

Protect Your Connection with a VPN and Firewall

If you ever use public WiFi, a VPN and firewall are must-haves. Using unsecured WiFi is like trying to have a private conversation in public, never knowing who may be listening in. A VPN will encrypt your data, while a firewall blocks any unwanted traffic from sneaking into your network. It’s a simple but effective combo to keep your online activities safe. When it comes to VPNs, you get what you pay for so this is one time I recommend using a paid one over shoddy free versions. (Trust me, I’ve tried dozens of VPNs and have not found a good free one that is dependable). ExpressVPN and NordVPN are solid picks that won’t break the bank, costing just a few dollars per month.

Boost Your Browser Security

Let’s not forget your browser. There are some great browser extensions that can boost your security, like Phishfort, which flags phishing websites, and uBlock Origin, which blocks intrusive ads and pop-ups that could carry malware. These tools are free, so why not make use of them?

Note that uBlock Origin extension has been discontinued for many browsers as privacy browsers such as Brave, Opera, Avast Secure Browser and others already have this pop-up blocker functionality built-in, you just need to turn it on.

Don’t Skip on Antivirus and Anti-Malware Software

And, of course, no security setup is complete without solid antivirus and anti-malware programs. These protect your computer from getting fried by a virus, keeping it running smoothly for longer. My top recommendation is Webroot, it’s trusted by major institutions and even has a cool feature that lets you roll back infected files to their pre-virus state. For anti-malware, Malwarebytes is a reliable option to keep your system squeaky clean.

Phase 3 Crypto Security: Locking Down For Ultimate Protection

If you’re ready to go all-in on making your online presence as secure as Fort Knox, then these next moves are for you. If you’ve applied the steps from the previous two phases, you’re already about 90-95% of the way there. But for those of you who want to make sure your crypto is untouchable, this final level is where things get serious. Note that these steps may be impractical for many users and could be more of a hindrance to accessing your crypto than it is worth.

Supercharge Your Passwords

We’ve already talked about using a password manager, but let’s take it a step further. Make your passwords even stronger by removing the last 2-4 characters from your most important ones in the manager and remembering them instead. This way, even if someone breaks into your password manager, they’re missing that crucial piece. But be careful, you don’t want to forget them! Sometimes going overboard on security can make you your own worst enemy.

Strengthen Your Network

Your home network is like the foundation of your digital security, and unfortunately, most people overlook it. Start by enabling WPA2 encryption on your WiFi (or WPA if WPA2 isn’t available) and avoid WEP, it’s basically like leaving your front door unlocked.

Make sure your WiFi password is strong (your password manager can help with that!). And while you’re at it, turn off WiFi Protected Setup (WPS), it’s convenient, but it’s also an open invitation for hackers.

Keep your router’s firmware up to date and check your router logs regularly to spot any suspicious activity. Each router has a different setup, but a quick peek at the logs now and then can save you from a nasty surprise and alert you if someone has been skulking around uninvited.

Create Separate Networks

You wouldn’t mix your work files with your family vacation photos, so why mix your crypto activity with your daily activity? Set up different networks (or SSIDs) on your router: one for your personal devices, one for guests, and one dedicated to your crypto dealings. Each one should have its own unique, strong password.

Encrypt Your Hard Drive

This one’s a must. Encrypting your hard drive ensures that all the data on your computer is safe even if it gets lost or stolen. Just make sure the password you choose is something you won’t forget because if you forget your hard drive encryption password, it is highly unlikely anyone will be able to help you gain access.

Add a Tor to Your VPN

If you’re ready for the ultimate privacy boost, consider using Tor alongside your VPN. Tor is an open-source privacy tool that lets you browse the web anonymously. Think of it as adding a secret layer of invisibility to your online activity. You can easily use it with the Brave browser, which has a built-in private window feature that includes Tor.

How To Enable a Private Window with Tor on Brave Browser

Just keep in mind that it can slow down your connection, so it’s best used for high-security tasks like crypto transactions.

So, Is Crypto Actually Safe?


Crypto use is as safe as you are willing to make it. We just took an in-depth look at crypto security, if you’re feeling a bit overwhelmed, don’t stress, you don’t need to implement everything immediately. Think of securing your crypto like building a house: start with the foundation (phase 1) and gradually strengthen it over time.

Feel free to bookmark this guide and return to it as you continue to improve your crypto security. Adopting even just a few of these tips will give you a strong advantage, helping you avoid common mistakes and stay secure.

At CryptoNews, we’re dedicated to helping everyone safely navigate the crypto landscape. If you found this guide helpful, why not share it with someone who could use a security boost too? The more people who take crypto safety seriously, the stronger and safer our community becomes.