It’s a sad fact that the higher the price of Bitcoin and other cryptocurrencies go, the more treacherous safeguarding your assets becomes.
Keep it on an exchange, and the wait is on for an exit scamming CEO or a hacker to abscond with your virtual assets, like with Quadriga and Cryptopia recently. Software wallets (desktop program/mobile app/browser-based) are no better. Look no further than the phishing attacks on Electrum this year.
Hardware Wallets- The safest way to store your Bitcoin
The safest way to keep your Bitcoin is on a hardware wallet that acts as a separate, offline layer of security. If you don’t have a hardware wallet like the CoolWallet S, Ledger or Trezor yet, we recommend you get one HERE.
Remember though: Your security is only as good as the steps you take to keep your private key or seed phrase concealed.
10 Ways to Keep Your Private Keys and Seed Phrase Safe on All Wallets
Note: Hardware wallets protect private keys
Most hardware wallet users don’t have to worry about hiding the private key, which is usually protected by the device at all times giving nobody, not even you, access to extract it. Not all hardware wallets are equal though. The most secure cold storage devices have a CC EAL5+ Secure Element microchip inside, like the CoolWallet S or Ledger Nano.
Therefore, for the purposes of this article, any reference to private keys below apply only to non-hardware wallets.
1. Buy or download DIRECT to avoid a compromised wallet
For hardware wallets:
Make sure your chosen wallet is trusted by a big community and that you’re either buying from the company directly or a trusted reseller. If not, you could end up the victim of a supply chain attack, where a malicious party has tampered with your device and installed malware before it gets to you.
For software wallets: (not recommended, as host devices can get compromised):
Scammers get even trickier. If you choose a software wallet like Electrum, Exodus or MyEtherWallet, make sure your computer or phone is malware-free, and that you install an authentic version from a direct source, not a modified, tweaked version. Also, be aware of fake apps on iOS and Android’s stores, like this MyEtherWallet app scam.
2. Never buy or accept a used hardware wallet
So you decided to buy a secondhand hardware wallet on eBay or Craigslist to save a few bucks. Or even better, that old college friend of yours has a Trezor or Ledger he says he doesn’t use anymore and you can have it for a couple of beers. DON’T.
Odds are that in 9/10 times, the hardware wallet is fine to use and hasn’t been compromised. However, it is possible to open a USB wallet and install phishing malware or transmitting components. It is also a possibility that your Trezor or Ledger has had its keys extracted, as this video proved last year.
The CoolWallet S offers a tamper-free alternative, as it is credit card-thin and uses compression technology to ensure that any modification attempt is immediately visible and therefore foiled.
3. Don’t use a pre-generated Key/Seed- It’s a SCAM!
A clever trick that scammers play on inexperienced crypto owners is to sell a hacked hardware wallet on eBay or Amazon. You will likely find a little card like this inside the package that contains your 24-word recovery seed.
Newsflash: It’s not your recovery seed. The hacker set this up, has a copy of the recovery seed and is waiting for you to deposit funds which he can then steal.
4. Never use any wallet set up by friends or family
Jesus and Judas. Kane and Abel. Julius Caesar and Brutus. Even Jon and Dani! Friends betray each other and there’s a black sheep in every family. Be very careful when accepting a wallet from people you know. Reason: See number 2 above.
Unless you can generate a unique key/seed and prove that your wallet is original and not tampered with (both software and hardware wallets), it’s better to err on the side of caution. It pays to be paranoid in crypto.
5. Set your wallet up ALONE
Alone means alone. Private. Solo. Don’t ask your wife or husband, the local tech bro or customer support to help you set up your wallet. Remember, 50% of marriages end in divorce in the US. Just kidding. but seriously. Trust no one. Just follow the simple steps you’ll get there, most wallets are easy to set up. Owning crypto is about taking personal ownership of your finances. It starts with setting up your wallet.
6. Keep your private key/ seed OFFLINE at all times
Write down your private key/seed (safest method)
OK. So you’ve now generated your private key/ recovery seed from an uncompromised wallet. Now, make sure you keep it OFFLINE at all times. .Any information that is connected to the Internet is accessible by someone over the Internet. Ask big exchanges like Binance, Cryptopia,
6.1 Never print your private key/ recovery seed
Printing out your recovery seed or private could leave a digital file on your computer.
6.2 NEVER take a photo of your private key or recovery seed
Remember the iCloud photo leak of celebrities’ most private images a few years back? When you take a photo of your private data and keep it on your phone or computer, you’re leaving your cryptocurrency portfolio at the mercy of your device’s security. Don’t do it.
6.3 NEVER store a copy on your PC, phone or the cloud
Any device that connects to the Internet can potentially be penetrated by hackers.
6.4 NEVER type your seed/ key on a computer or phone*
Sure no one’s watching? Your device might be compromised via keylogging malware. Avoid typing (that includes copy-paste) in your private key, *unless it’s a last resort in order to restore a lost or locked wallet.
7. NEVER share your key or seed with customer support staff
Just because someone says they work for a company, doesn’t mean they really do. Recently, scammers impersonated Ledger and MyEtherWallet Customer Support with a fake phone number, managing to steal funds from unsuspecting users.
IMPORTANT: No crypto wallet or exchange customer support staff should EVER ask you for your private key or recovery seed. If they do, get in touch with your wallet provider or exchange and immediately report the incident.
8. Don’t send info or funds on social media. EVER!
A sucker is born every day, and for every sucker, you’ll find a 1000 fake tweets or replies on Twitter, Facebook, Telegram Reddit and even Instagram just waiting to relieve them of their funds. Don’t be a sucker.
Never send crypto to receive more crypto, and NEVER reveal your private key or recovery seed to anyone on social media. It’s the oldest trick in the book and the most common in crypto. So why is it still so popular with scammers? Because it works! A new sucker, every day.
9. Keep your paper wallet seed safely hidden at all times
Sh*t happens. Still, take strong measures to ensure your recovery seed/ private key paper wallet stays dry and safe somewhere no one will find it. If you have a big portfolio, consider an “indestructible” metal seed wallet like Cryptosteel.
10. Use common sense.
Over $1.7 billion was stolen in 2018 from wallets and exchanges. Hackers and scammers are constantly evolving in their methods, and so should you. There are new scams every day. Trust your gut when it comes to using your private key or recovery seed, and don’t fall for tricks that promise you a reward or makes you panic enough to reveal it. If you’re not sure and if something feels off, do your own research and make double sure. Contact official customer support groups on Twitter or Telegram.
Revealing your private key to a scammer is like opening Pandora’s box, it can’t be undone. Educate yourself and stay safe by following these tips. It’s easier than you think. Godspeed!