How to keep your crypto secure

The top 5 ways to keep your crypto investments safe

Introduction

Crypto security is a hot topic as scammers around the world took home a record $14 billion in cryptocurrency in 2021, thanks in large part to the rise of DeFi. Between 2020 and 2021, losses from crypto-related crime rose 79%, and theft increased 516% to $3.2 billion – CNBC.

When we think about the topic of security, we can consider the following:

Know what a secure investment looks like.
Safely store your passwords/seed phrases.
Understand the difference between exchanges and wallets.
Choose secure wallets.
Know how to identify scammy behavior.

Some recent hacks/scams from the crypto industry

Opensea phishing email.
Kucoin exchange hacked.
Solana blockchain hack.
Squid games rug pull.
NFT rug pulls: Frosties, Big daddy ape club, and Squiggles.

The basics

Two main ways to loose your money/investment.

Someone accesses your funds (stored on an exchange or in a wallet).
You make a bad investment.

For the information below, we’ll stay focused on Web 3 wallets, which require you to connect them to a decentralized application to perform an action, like buying or selling an asset eg. Connecting your Meta Mask wallet to Opensea to buy an NFT.

Any time you connect your wallet to an exchange, market place, application, or website you are giving the company access to see what is in your wallet. This isn’t necessarily bad, however, if someone has the ability to sign a transaction, you’re in trouble. A signature = an approval/authorization to transfer funds out of your wallet.

Now, you might be asking yourself, ‘how does someone obtain the ability to sign transactions on a wallet?’…the answer – through a password or by knowing your ‘Seed Phrase’, which grants the holder of this information the ability to restore the wallet on another device.

In web 3, our wallets are decentralized, meaning, there is no central authority to help you if someone hacks you. You are the custodian of your assets, and while this is incredibly powerful, with great power, comes great responsibility! Transactions can’t be reversed and once your assets are gone, they are typically gone forever.

Note: when you use centralized exchanges (coinbase, kraken, gemini) you are placing all of your trust in that exchange to hold your funds – this is akin to a bank holding your money. Exchanges can get hacked (and they have), however, when this happens, they’ll typically intervene where possible, and sometimes, offer refunds. You might be thinking that centralized exchanges are a safer bet compared to decentralized wallets, however, there are many cases where exchanges have been hacked, and unable to provide their users with refunds. Mt Gox (2011) was the biggest, and since then, there have been several more that are significant – see The 10 Biggest Crypto Exchange Hacks In History

At Clutch, we’re strong advocates of decentralized wallets, where you are the custodian of your own assets.

Another common way people get ‘scammed’ is when they invest in a bad project that never had any intention to build a project, but rather run off with investor money. In crypto, this is referred to as a ‘rug’ or ‘rug pull’.

1. Know what a secure investment looks like

When you invest in crypto projects, you’ll typically enter when the company is at one of the following stages:

They are pre-product and are launching a token to raise money so they can bootstrap their business or;
They have a working product with users and are now tokenizing their business model, or;
The business is mature, and their token is already trading on exchanges and between participants.

It can be hard knowing what a good project looks like, especially when businesses come in different shapes and sizes, and at different stages. To help you out, we’ve made a checklist of questions that can be asked/considered when looking into projects.

Is the project funded by venture capital (VC)? (venture capital funds will have their own due diligence process they adhere to before investing which can be seen as a good indicator that a project is legitimate).
Have the smart contracts been audited by credible providers? Some of the top auditors are Hacken, Openzepplin, and Certik.
Does the team have a plan/roadmap that shows their future direction and explains how they will develop the business?
Who is on the team? Are they doxxed? Do they have experience in what they are building?
What tokenomics model does the business have in place? Does it makes sense? How much was allocated to the team and on what terms do they have access to their tokens?
What is their social presence like? Is it organic? Have they bought followers?
What is their trading volume like- is it real or fake? (only used if the project has been live with a token in the market)
What is their communication strategy? Do they have public community spaces/weekly updates etc.

2. Safely store your seed phrases/passwords

Seed Phrase

Your seed phrase is a string of words that are generated from a cryptocurrency wallet provider at the time of establishment – this string of words is basically like the master password; It can be used to restore your wallet if you forget your standard password.

Password

Like a standard password, your wallet password is used to login to your wallet.

Note:

Never share your Seed Phrase or Password with anyone.
Store these details in a safe place, like LastPass, or locked notes on your phone.

Seed phrase and password management is important, especially in the context of wills. Ensure you have an adequate process around how this information is stored, and who has access to it.

3. Understand the difference between exchanges and wallets

When it comes to storing and transacting with crypto assets, users will have to choose between web 3 wallets (decentralized) or exchanges (centralized).

Note: It’s common to use both.

Exchanges are great at:

Offering customer support for lost passwords/access.
Vetting tokens before they are listed.
Proving users with an on/off ramp that allows you to easily move value between fiat and crypto assets.
Providing insurance on funds – FDIC up to $250K.

Wallets are great at:

Giving you control over your assets.
Offering a wide array of tokens for investment/trading
Proving users with an onramp to purchase crypto assets by using a credit card or bank account.

Both solutions have:

Adequate liquidity for trading/investing.
Different products like lending, savings accounts, prediction markets, and more.

The most important thing to note:

Exchanges do not give you autonomy over your crypto which is why people often opt to keep their investments in DeFi wallets where you are the full custodian of your assets.

4. Choose secure wallets

When deciding the type of wallet to use, consider the following:

Centralized v decentralized.
The type of blockchain the wallet works with.
Hot (online) v cold (offline).

Note:

Users will often transact/invest across multiple wallets, as spreading your assets can be seen as an effective risk mitigation strategy.
With respect to Web 3 wallets, ‘Burner wallets’ are commonly used, as you often have to connect to an application or website to perform an action, eg connecting to Opensea to buy or sell an NFT. Doing this with a wallet that has little to no assets in it is safer than doing it with your main wallet.

5. Know how to identify scammy behavior

Scammers are becoming more sophisticated so it’s important to understand what scammy behavior looks like.

Activities to look out for:

Social engineering.

Phishing emails asking you to connect your wallet.
Links sent to you in a direct message on Discord, Telegram, Twitter Instagram etc
Fake accounts pretending to be people, companies, and moderators.
People asking you to send your seed phrase or password.
Moderators of channels sending you direct messages asking you to perform an action.

Key Terms

Written By

Bec Jones

James Kouzinas