Crypto is scary. Your capital is stored on a digital wallet, and if you perform the wrong sequence of actions, you can lose it all. You might execute a transaction on a malicious website, interact with a scammer, send funds to the wrong address, or even have an exchange run away with your crypto. But be it security or carelessness, you can always keep your crypto safer.
Today’s article explains how you should manage and store your cryptocurrencies for optimal security. I’ll walk you through some do’s and don'ts', and also provide you with a few safety tips for each type of cryptocurrency wallet.
What Is a Crypto Wallet?
A crypto wallet is a digital wallet based on blockchain technology that stores your digital assets on a decentralized ledger. Crypto wallets come in various formats. The most important distinction is cold and hot storage – also known as hardware wallets and software wallets.
Before you learn how to securely handle a crypto wallet, let’s first explore various types of cryptocurrency wallets, how they work, and how to use them.
Cold Storage & Hardware Wallets
Cold storage is a type of cryptocurrency storing method in which you store your assets on a physical wallet. Cold storage wallets usually come in the form of a small USB stick-sized device. Such wallets are offline and only connect to the internet once you physically connect your wallet to your computer or laptop.
Cold storage wallets are also known as hardware wallets. Popular hardware wallet brands include Trezor and Ledger. Both are the creme de la creme products in the hardware wallet industry and have a wonderful reputation for being safe and easy to use. Because of their security features, it is impossible for someone to steal your crypto unless they have your wallet in their hands. And even then, they need to know the PIN number.
Cold storage wallets are immune to many of today’s security concerns. Most investors only use these wallets to send funds directly to their exchange account or a hot storage wallet. Using hardware wallets in this way ensures that you never come in contact with malicious actors.
Hot Storage & Software Wallets
Now what about hot storage wallets? This is the less secure counterpart that comes in the form of a digital wallet on your mobile phone, desktop, or laptop. Hot wallets store seed phrases and other important information directly on the device on which they’re installed. Moreover, they’re almost always connected to the internet.
Hot wallets create room for various security concerns. If a malware infects your computer it will likely gain access to your wallet and transfer funds without your approval. Or perhaps you’ll interact with a DeFi dApp and approve a transaction on a website impersonating your dApp of choice, allowing the other person to exploit your wallet.
Hot wallets are also known as software wallets and they leave too much room for security concerns. So if you have the money, think about purchasing a hardware wallet instead. You can also combine hardware and software wallets to interact with the DeFi world by storing funds on the hardware wallet and requesting transactions on the software wallet – the latter of which acts as an interface for the Web3 world.
Classic examples of hot wallets include Exodus, Trust Wallet, and Coinomi. You can also check out non-custodial wallets that come in the form of a browser extension: Metamask (Ethereum) and Phantom (Solana).
A lot of investors store their capital on cryptocurrency exchanges. In fact, the industry’s most recent FTX fiasco has shown that too many of us store crypto on exchanges. And although exchange accounts offer us instant access to liquidity, they come with the con of exposing us to liquidity crises and exchange hacks.
An exchange wallet is a digital wallet connected to your exchange account. If you create an account on an exchange like Binance or Coinbase, you’ll discover that you have a unique asset for each cryptocurrency. You can deposit to these addresses in order to sell your crypto on the exchange or simply store it there.
Most exchanges store a large supply of their client holdings on multiple cold wallets. But since the exchange needs assets on-hand (for trading purposes), they also keep a portion of crypto on their own hot wallets. Certain exchanges such as Binance have an insurance fund that will protect you in the case of a hack or exploit.
The most popular exchanges are usually the safest ones, and they rarely experience hacks. So the obvious benefit to storing crypto on an exchange wallet is that you can instantly buy or sell crypto whenever you want. And if anything happens, the exchange might have you covered.
However, the downside to storing funds on exchanges is that you open yourself to the possibility of losing all your money. FTX was one of crypto’s top 5 exchanges and was considered to be one of the more liquid and secure trading platforms. But it turned out that their reputation was not as great as everyone thought, as the exchange misused client funds to cover personal losses made by the exchange’s executives.
My advice is to keep only a small portion of your capital on an exchange – especially if you actively trade. Store the rest of your crypto on a cold or hot wallet. You can even transfer assets between exchange and other wallets so that you always have custody over your own coins.
5 Do’s and Don'ts
Storing cryptocurrencies isn’t that difficult. In fact, I’d say that it’s rather hard to mismanage funds and expose yourself to any type of security risk. As long as you’re interacting with the right websites or dApps, and you’re not risking the chance of downloading a virus, you’re pretty much as secure as one can be.
Still, there are a few do’s and don'ts every crypto investor needs to know. Let’s explore a few and find out what makes storing crypto safe and what doesn’t.
1. Install Reputable Wallets
You should only dabble with reputable wallets that have a rich community and even richer customer feedback. Whether you’re interested in hardware or software wallets, always make sure that the developer behind the wallet has done a good job and has a good track record. Otherwise, you’re opening yourself to unwarranted risk.
For example, you can’t possibly go wrong with Trust Wallet or Exodus for software wallets. Both have been in the crypto game for quite a long time. Moreover, neither wallets had any serious exploits or security risks that lost investors money. There are thousands of reviews online for the aforementioned wallets and there are extensive records of the developer’s update logs.
You don’t have any of that when you go for something like ‘Internet Bit Coins Wallet 2.’ New and untested wallets are unsecure and are extremely risky for you to use. Never go for untested products no matter how much they’re advertised. I recommend always installing reputable wallets that guarantee user satisfaction.
2. Always Check Links
There’s a lot to do in crypto. You have airdrops, dApps, NFT collections, links for meme sites, DEX links for trading pairs, and so on. And because investors like to group up and talk about their crypto experiences, you’ll often end up in a situation where a friend or anonymous stranger shares a link for one of the aforementioned sites.
What can go wrong is that the shared link is not the official link used for the platform you want to visit. For example, we all know that the link for Solana’s biggest NFT marketplace is magiceden.io. But there are more than enough fake websites that pose as Magic Eden and try to steal your crypto.
In this example a malicious actor might have copied the layout of Magic Eden’s website and created a website registered under the link of magicceden.biz. The domain is wrong, and the name is wrong. If you’re in a rush and click the link without giving it a second look, you’ll definitely end up losing all your crypto. That’s why I recommend always checking links.
One neat trick I use is to search for a platform’s name on Twitter and find official links in the description of their account. Accounts of big crypto platforms are often verified, and it’s easy to know whether the account is real. You can use this link and safely search for what you were looking for. If someone shared a link of an OpenSea NFT collection you can simply go to OpenSea’s twitter, click their link, and search for the collection.
You can also keep bookmarks, store links in a notepad, or write down links somewhere else. But no matter what you do, never click on a link from a stranger before checking whether it is correct beforehand. You’ll save yourself from a lot of headaches by doing so.
3. Never Download Suspicious Files
Similar to links, you should never download suspicious files from the internet, be it from friends or from strangers. If someone sends you a file on Telegram asking you to check it out, ask them to first upload the file to a google drive where it’s automatically scanned for malware.
Alternatively, tech savvy investors can download the file on a virtual machine to test for viruses. Even if you have downloaded malware, the malware’s effects will be limited to your VM environment. But hey, you don’t have to bother with that as you probably won’t want to download the file in the first place.
Viruses are one of the easiest ways to lose control over your crypto wallet. You can end up with a virus by visiting suspicious sites, downloading the wrong files, or by pirating content. Always double check what you’re downloading and make sure not to download or install anything that a stranger sent you.
A bonus tip for Telegram users: turn off auto-download in your settings! A recent Crypto Twitter fiasco broke out when a user with a Telegram account received a suspicious file from a user he never interacted with before. The user had auto-download on, which meant that Telegram downloaded the suspicious file without asking for the user’s permission. The file ended up being a virus that helped the attacker gain control over the user’s computer.
4. Read Transactions
The strange world of DeFi allows us to interact with a lot of decentralized applications (dApps) that power all kinds of decentralized financial instruments. Sometimes a new dApp comes out and everyone’s eager to try it out because of its yields, for example. The site looks professional at first glance, but after trying to provide liquidity to the dApp you find out that the transaction does nowhere close to what the website’s frontend tells you.
A common problem with suspicious dApps is that their smart contracts do something completely different compared to what’s advertised. To prevent yourself from sending 100 ETH without even knowing, I recommend always checking the transaction and its actions before confirming the transaction.
You can take one step ahead by reading the dApp’s audits and confirming whether there are any exploits. And if there are no audits, you might want to read the platform’s smart contracts to find out if there is anything wrong. This might sound like a lot of work, but it’s better to be safe than sorry. Plus, you’ll prevent yourself from being scammed.
Malicious smart contracts are not common with time-tested dApps like Uniswap, AAVE, Maker, and so on. But you might find such applications when trying out new dApps that barely anyone has tested before. That’s why you need to pay attention in order to keep your crypto funds safe.
5. Turn Off Auto-Confirm
There’s a special feature in almost every non-custodial crypto wallet that makes life easier for DeFi investors: auto-confirm. The feature lets you auto-confirm transactions whenever you perform an action on a dApp, saving both time and effort.
Let’s say you want to join multiple liquidity pools. The auto-confirm feature lets you perform these actions without having to separately confirm each transaction. Makes things easier, doesn’t it? But hold up, I recommend you to turn that feature off for a bunch of reasons.
If someone sets up an exploit on the dApp, you’ll confirm the transaction before getting to find out what the transaction does. Remember what I said in the previous section? Yeah, you don’t want to confirm unfamiliar transactions. Never.
That’s why it’s better to click more and turn the auto-confirm feature off. In earlier versions of wallets like Phantom and Metamask the feature was global, meaning that you’d auto-approve transactions on any dApp. But now they have localized the feature, allowing you to leave the feature on only for trusted websites. However, I still advocate against using the feature as it may lead to unnecessary loss of funds.
If you want to learn even more about securely storing cryptocurrencies, I recommend reading the following articles: