16 Tips To Protect Your Cryptocurrency From Getting Hacked [ in 2019 ]

With cryptocurrencies, there is no centralized authority responsible for your funds security while the dangers are aplenty:

Amount lost in cryptocurrency hacks

Feel free to share and use above infographic (We would appreciate if you give credits “Source: https://distill.io”)

  • Your wallet may be hacked.
  • Your PC may be captured by a virus designed to steal bitcoins.
  • You may make a mistake in a recipient’s wallet address and send money in the unknown direction with no chance to reverse a transaction.
  • You may forget to back up your hardware wallet, accidentally break it and lose your crypto savings.

Scared already? Fears aside, we are here to get your back covered. Forewarned is forearmed: protecting your cryptocurrencies is not that difficult if you know where to start. In this article, we are going to share some detailed tips on what you can do right now to ensure the full security of your precious bitcoins.

Tip #1: Add 2nd layer of security using 2FA.
Tip #2: Keep track of your wallet transactions to spot any suspicious activity.
Tip #3: Distribute your currencies among multiple wallets.
Tip #4: Delete all remote-access software.
Tip #5: Use the “advanced recovery phrase” to Store Multiple Backups of Seed Phrase.
Tip #6: Decrease your OS vulnerability using Linux.
Tip #7: Disable Auto-Updates for your wallet.
Tip #8: Remember these Do’s and Don’ts.
Tip #9: No Ads, No Phishing, No Malware.
Tip #10: Block invisible Trackers.
Tip #11: Secure mail service for crypto - ProtonMail.
Tip #12: Secure browsing with these extensions.
Tip #13: Secure and Encrypt your data using VPN.
Tip #14: Use Password Generators.
Tip #15: Have a Kill Switch - Setup Remote Wipe.
Tip #16: Keep track of latest developments and scams.

Tip #1. Add 2nd layer of security using 2FA.

Two-factor-authentication adds the second layer of security to your account. When enabled, you have to type a one-time 6-digit password that only you have access to. These passwords change every 30 seconds which gives hackers no chance to break into your account by trying random numbers.

If you have not already done this, do it right now:

Step 1. Install the Google Authenticator App on your mobile from your app store. Another reliable service that you can use is Authy.

Download Google Authenticator from Play store

Note that such services are more secure than SMS as telecommunication lines can be tracked by third-parties.

Step 2. Log in to your exchange and find the “Two Factor Authentication” section. Typically, it is located in the security settings.

Two Factor Authentication setup

Step 3. Scan the provided QR code in the authentication app on your phone to link it with your account.

That’s it. Now every time you log in, check the authentication app for a one-time code.

Two Factor Authentication on Mobile and Laptop

However, don’t think that 2FA is a magic pill that will guarantee you funds’ security, bypass workarounds exist and detailed instructions can be easily googled. In addition to your account on a crypto exchange, set up 2FA on all your online accounts that can be associated with your crypto savings in any way: your mailbox, your accounts on social media, Whatsapp, Telegram, etc.

Also, once the 2FA is enabled, make sure that it works properly before you upload any funds. The author of the article had a tough evening trying to access his account on Huobi until he found out what the bug was about. Google Authenticate works a bit asynchronously when linked to Huobi, and the only way to break through the 2FA is to type the sacramental code in a couple of seconds before it expires.

Tip #2. Keep track of your wallet transactions to spot any suspicious activity.

Set up a monitoring tool such as Distill on your wallet’s public address. This would notify you if any suspicious transaction occur.

Such a tool is a perfect addition to any long-term investor with a diversified portfolio.

If you have many different coins and tokens that you hold and don’t use for daily transactions, it will be very useful to receive notifications via email, SMS or Slack about any changes in your wallet. Such a tool will make regular checks on whether your funds are still in place and give you the peace of mind without having to log in to your wallet.

Step 1. Install Distill’s Web Monitor for your Browser (Available for Chrome, Firefox & Opera)

Download Distill extension

Step 2. Find your Public Address/Key from the wallet (This is the address/key that you use to receive cryptocurrency from someone). It generally looks like this “_35hK24tcLEWcgNA4JxpvbkNkoAcDGqQPsP_”

Find your public address or key

Step 3. Go to Blockchain.info and Enter your ‘Public Address/Key’ and press search or alternatively if it’s BTC wallet: https://www.blockchain.com/btc/address/{YOUR_PUBLIC_ADDRESS}

Enter your public addresss key

Step 4. Click on Distill’s Plugin icon (upper left of your browser) and ‘Select parts of page’

click on Distill's Plugin icon

Step 5. Click on the values of ‘No. of transactions’, ‘Total Received’ and ‘Final Balance’. Save your selections.

Save your selection

Step 6. Give your monitor a ‘Name’, select interval for monitoring and assign an action.

Distill dashboard

Note: You can track 25 webpages for FREE and receive email notifications on change. If you want more webpages or sms/app notifications, check the plans here.

That’s it. You will now get a notification if any transaction occurs on your wallet.

You can and probably should also set up a tracker on your exchange’s public wallet address (like this) to get notified about any major transactions.

Tip #3. Distribute your currencies among multiple wallets

We all know the wisdom of old about not putting all your eggs into one basket. Get yourself as many wallets as you can and split your funds amongst them. Thus, if your money is stolen from one of them, that will not be the end of the world.

It may be a challenge to purchase several cold wallets as they are far from cheap. But you don’t have to focus solely on them as other choices are aplenty.

Exchange Wallets (Only for what you plan to Trade)

An online exchange is the last place where you should want to store a big amount of crypto. An exchange is not a bank to sign an agreement in blood to protect your funds by all means.

With exchanges, you lose control over your money as you simply entrust it to the third-party. If a platform gets hacked, the chances that you will never see your funds again are pretty high. Mt.Gox in 2012; Bitfinex, and Bitstamp in 2015; Binance in 2018 - the list of scandalous thefts may go on forever.

crypto exchange hacks

Yes, many of them claim to store a significant portion of reserve funds on cold wallets that are (almost) as secure as an account in a Swiss bank. But who can check if what they say is true?

Bottom-Line: Don’t store significant sum in your exchange wallet. Only what you plan to sell in the short-term.

If you have a significant amount of crypto lying in exchange wallet, follow the below steps to distribute them right now:

Mobile Wallets (Only for what you plan to Spend)

Here are some of the many good mobile wallets: Mycelium, Breadwallet, Edge, BitPay.

Step 1. Install the Wallet App (say BitPay) on your mobile from your app store.

Install Wallet App

Step 2. Create a new wallet for the currency you wish to spend/receive

Create a wallet

Step 3. Transfer the amount of crypto you plan to spend from main source (your exchange)

Done! You can repeat these steps for as many wallets as you might want to create.

While most mobile apps designed for storing crypto represent hot wallets with a low level of security, recently, there was a new release from Samsung with a built-in cold wallet. Yes, such a wallet would be good protection from online hackers, but all the same it will not save you from a pocket thief.

Cold Wallets (For Everything Else)

A cold wallet/ hardware wallet is a physical electronic device, built for the sole purpose of securing crypto coins. It must be connected to your computer or phone before transfer of crypto can take place therefore keeping private keys separate from vulnerable, internet-connected devices. A Tech journalists lost $30,000 worth Ethereum because he stored his private keys on cloud and not in a hardware wallet. Don’t make this mistake.

The two most popular Bitcoin and cryptocurrency hardware wallet brands are:

P.S: If you did follow this tip and distributed your crypto, go back to Tip#1 and Tip#2 and re-do it. Do it right now!

Tip #4. Delete all remote-access software

Programs such as Zoom (Yes! Zoom), TeamViewer or Ammyy Admin have numerous security holes. Don’t Believe me, see some examples yourself.

Having such remote-access software can overwrite all safety precautions taken such as 2FA, since it gives attackers access to your entire computer with just a string of characters.

Bottom-line: Never install such software on your computer, especially not on one containing your private keys. And if you have one of them installed, DELETE/UNINSTALL them right now!

Tip #5 Use the “advanced recovery phrase” to Store Multiple Backups of Seed Phrase

When it comes to the security of your data, be it your passport scan or your lovely bitcoins, backup is something that may once save your day. Here’s how you can do it.

Step 1. Get your seed phrase.

Secure wallets provide you with a seed or mnemonic phrase during installation which can help you restore your funds in case your hard drive crashes or you need to recover your funds on another device for any other reason. You can find it in the security settings.

get your seed phrase

Step 2. Make several physical copies of your seed phrase.

Typically, seed phrases represent a mix of 12 or 24 words that are not related to each other. It’s a challenge to learn them all by heart unless you have a phenomenal memory, so you’d better write it down and make several copies to keep in different places.

Step 3. Distribute the copies across multiple locations.

Give one to your Mom for safekeeping, copy-paste it into your encrypted cell on AWS storage, put one more under your mattress. The more reserve copies you create and the more locations you find where to hide them, the safer your funds will be.

Step 4. Setup an ‘advance recovery phrase’ - This passphrase is essentially a password added to your 24-word recovery phrase.

  • To access passphrase-protected accounts, an attacker will need your recovery phrase as well as your secret passphrase.
  • Each different passphrase unlocks a unique set of accounts. You can use as many passphrases as you like.

    Enable passphrase encryption

Now if your device with bitcoins is crashed, all you need to do is to re-install your wallet somewhere else and type your mnemonic recovery phrase and passphrase at the first launch. All your precious coins will be there.

Tip #6. Decrease your OS vulnerability using Linux.

Linux-based systems are more secure than Windows by design. Initially created by geeks and for geeks, they are far from user-friendly which cuts down the significant portion of the audience and makes them less desirable for hackers.

To install a piece of software on Windows, users typically download executable files. Unless you download such a file from the official provider, you may never be sure that it is not infected.

When using Linux, the software is installed via a command-line interface from a public repository where all the viruses are immediately spotted by the restless community. This makes the chances to catch a virus negligible.

If you have never used Linux before, try a lightweight and user friendly Linux distribution (called “distros”), such as Ubuntu. If you are looking for the most secure OS on the planet right now, check out - Qube OS.

How to Install Linux? See the step-by-step guide here.

Note: Never download the ISO from unrecognized source (like torrents) as they will certainly be compromised.

Tip #7. Disable Auto-Updates for your wallet

Crypto wallets are periodically updated to stand against the latest security threats. Failing to update your wallet may expose your funds, that’s why you should closely monitor desktop and mobile wallets for new releases.

However, don’t rush to download the new version as soon as it is available and disable auto-updates. Sometimes new versions are released with bugs that are cleared off only after a heap of angry comments appears. Wait for 2-3 days and update the wallet only if all is quiet.

If you followed Tip #2, Setup a distill monitor on your wallet’s update page and you are sorted.

Tip #8. Remember these Do’s and Don’ts

1. Share the access to your funds with at least one person you can trust.

Not so long ago, the crypto community was struck by the news of QuadrigaCX founder’s death and the loss of all investors’ money (almost $200 million worth of crypto) as he was the only one who had access to the startup’s wallet. Some evil tongues were spreading gossips that it was a nice touch to exit scam and to go away with all the money, but the new proofs have smashed all these rumors.

Don’t be like QuadrigaCX founder. Let at least one person know how to restore your funds in case something bad happens to you.

2. Triple-check when making a transaction.

Crypto transactions are irreversible, and any small mistake in a recipient’s address will lead to money loss. Since crypto wallet addresses represent a huge mix of digits and numbers, making a mistake is not that difficult. Never type addresses manually, only copy and paste.

However, even this precaution is not always enough. There are some tricky crypto-stealing viruses that replace the wallet address with the one that belongs to a hacker. Even after you copy-paste the address, attentively check the first and the last few symbols and make sure that they correspond.

Another element you should pay attention to is the size of the transaction fee. Not so long ago, there was a peculiar piece of news on the web about someone paying the fee of 2100 ether only to send 0.1 ETH. Was it an intentional move to reward miners or was it a mistake that left the sender with nothing but a big regret? No one can say.

Example of high transaction fee

3. Keep your mouth shut.

Don’t share in public - how much crypto you own and where you store it. Envious ears are all around us, and such openness may end badly.

It may be tempting for a bitcoin investor who has woken up rich to share his joy with others, but it’s better not to attract anyone’s attention towards your sudden wealth.

4. Always double-check the address of an exchange before you log in.

There are numerous phishing websites designed to steal your login and password. Typically, they are designed exactly like reputable exchange platforms and have a similar address (e.g. bilttrex or binanse). Other phishers are designed exactly like browser wallets such as Metamask that pops up on top of your current page.

Don’t fall for such tricks. Always type the address of an exchange manually in the browser and ensure that your wallet appears only after you intentionally click on the app’s icon.

5. Beware of public WiFi-s.

Public WiFi-s are very dangerous since their hosts may set up their own rules that you will never be aware of. For example, they may redirect your browser to a phishing version of an exchange or a wallet. They may collect the data that you access on your smartphone or tablet including passwords.

If there is a dire need to access your crypto funds from a public WiFi, use a VPN. The browser Opera has a built-in free VPN that is available in the private mode. For smartphones and tablets, there are numerous apps such as Turbo VPN.

Tip #9. No Ads, No Phishing, No Malware

Most hackers use highly tempting phishing ads to get users to click on it and once the user clicks on it, the ad would install malware on your system. Since, it’s difficult to distinguish between a safe and malware infected ads, we recommend installing an ad blocker in your browser.

Phishing google ad

Here’s a list of ad blocker extensions we have personally used and would recommend too :

As a general rule, with or without an adblocker, it is advisable not to click on any advertisement. Ever!

Tip #10. Block invisible Trackers.

Crypto hackers use spy ads or set ‘invisible’ trackers to monitor your online activity without your permission.

To stay safe from such sneaky hackers, download Privacy Badger extension in your browser - Chrome / Firefox / Opera.

Download Privacy Badger

It blocks ads and tracking cookies that do not respect the ‘Do Not Track’ setting in a user’s web browser. Now, when you visit any site, in case it finds a tracker on the website, it will give a warning and block the tracker.

using privacy badger chrome extension

Tip #11. Secure mail service for crypto - ProtonMail

While most crypto-currency traders use Google or Yahoo email accounts to trade cryptocurrency, it might not be the best way.

According to the terms and conditions of Gmail, you grant permission to Google to read your email and track your activity even if you exit Gmail. Such tracking puts you and your login credentials, transactional history at a high risk of getting hacked.

Rather, a far safer option is to use ProtonMail for emails. ProtonMail does not read your email or track your activity in any form.

Tip #12. Secure browsing with these extensions

Phishing is one of the most common ways by which hackers can steal your cryptocurrency. Hackers create a phishing page which looks so tempting that you just find yourself clicking on it. They generally do this by creating a replica of crypto currency exchanges and once you click on it, you expose your private information which hackers can use to gain access to your sensitive online accounts.

To protect yourself from phishing attacks, do not click on websites that has HTTP instead of HTTPS in the address bar and if the website looks weird, just don’t click on it.

Also, download these extensions in your browser to know if the website is safe :

  • HTTPS Everywhere (Chrome / Firefox / Opera)

    HTTPS Everywhere automatically switches sites from insecure “http” to secure “https”. It will protect you against many forms of surveillance and account hijacking, and some forms of censorship. This helps encrypt communications with many major websites, making your browsing more secure.

  • Netcraft Extension (Chrome / Firefox / Opera)
    This extension allows you to see the risk rating of every site and protect against phishing attacks by showing you a rating given by existing users of the extensions i.e When members report a suspicious link, the extension prevents all users from accessing the site.
    Netcraft processes reports of fraudulent URLs from a diverse variety of sources and proactively searches for new fraudulent sites. A great feature of this extension is its ability to traps XSS and other suspicious URLs which contain characters highly likely to deceive.

  • Cookie AutoDelete (Chrome / Firefox)
    HTTP Cookie is data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Hackers use cookies to hijack and retrieve information such as passwords which could be stored by crypto-exchanges in forms of cookies.

To protect your data, you need to delete all cookies especially from crypto-related sites. You can do it automatically by installing an extension like Cookie AutoDelete. It will automatically delete the cookies stored by the website when you exit it.

Tip #13. Secure and Encrypt your data using your own VPN

VPNs will protect your data using military grade encryption and make it harder to track while trading. You may want to configure the VPN to only protect your crypto activities - if it is slowing down your internet)

When choosing a VPN, keep in mind:

  1. That it does not store user logs (as they can potentially be matched to your traffic)
  2. Free VPNs may fund themselves by selling your data, leak your identity or run ads that may be dangerous while trading )

We recommend using NordVPN or ExpressVPN. Check out their detailed tutorials on how to set it up for your OS. If you want to create your own VPN, you can do it in 5 minutes by following the details here.

Tip #14. Use Password Generators.

One of the most popular passwords specified by users of all devices globally is “123456”. The password “password” is the second in line, but it doesn’t make hackers’ lives any harder.

Avoid using passwords that consist of pure numbers as their combinations are limited and easily guessed. Avoid using passwords that consist of a single word, too, as it can be easily guessed with the help of a dictionary.

“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.” - Chris Pirillo

The best and the most secure password will consist of a random mix of digits, numbers and special symbols.

Use password generators such as LastPass and KeePass to generate a strong password for your exchange wallets and email account.

Alternatively, to make it easier to memorize, take a line from your favorite song, make every first letter of every word capital and change some letter to special symbols where it’s possible (e.g. S to $, o to 0, etc.).

Tip #15. Have a Kill Switch - Setup Remote Wipe.

Though cryptocurrency cannot be controlled by anybody unless the private keys are compromised, thefts of mobiles can occur. The thieves can log into your crypto exchange and gain access over your cryptocurrency.

This could lead to huge losses. Yet, most of us neglect taking measures to protect our cryptocurrency in such situations.

A simple solution, like activating a ‘kill switch’, can save your crypto if you mobile gets stolen. Once activated, ‘kill switch’ can wipe ALL of your data and lock your phone remotely. As a result, the thief no longer has access to your exchange wallet or any data on your mobile.

It’s possible to setup ‘kill switch’ function on both iOS and Android.

iOS :

Go to Settings -> iCloud -> Sign in with your Apple ID -> Turn on Find My iPhone.

If your phone is lost or stolen, to activate the kill switch:

Step 1. Visit https://www.icloud.com/#find

Step 2. Log in with your Apple ID and set your phone to “lost mode.”

Step 3. You will have the option to remotely wipe all your data and it will be locked.

Apple Remote wipe data

Android :

Step 1. Go to https://www.google.com/android/find and sign in to your Google Account.

Step 2. If you have more than one device, click the lost device at the top of the screen.

Step 3. If your lost device has more than one user profile, sign in with a Google Account that’s on the main profile. On the map, you’ll get info about where the device is.

Step 4. Select Erase. This will permanently delete all data on your device (but might not delete SD cards).

Google Find My Device

Tip #16. Keep track of latest developments and scams.

Tracking and filtering important cryptocurrency news is a big task but highly important. You need to constantly monitor the latest news that could affect your crypto wallet.

For example - Had people been aware about the attack on Electrum wallet in December 2018, the intensity of the attack could have been controlled. Though the Electrum detected and broadcasted about the attack, users continued downloading the fake wallet. This resulted in 250 BTC being stolen.

Therefore, monitoring current news and forums using a tool like Distill.io becomes important. Here’s how you can automatically monitor such news:

Step 1. Go to BitcoinTalk Important Announcements

Step 2. Click on Distill.io chrome extension to setup a Distill monitor on Full Page.

Set up Distill monitor on forum

Other than the above mentioned steps, you should also:

  1. Follow relevant Twitter accounts such as - Whale Alerts
  2. Setup Google alerts to email relevant articles that meet keywords including wallets you use, crypto you invest in and crypto exchanges you trade with.
  3. Subscribe to newsletters such as Trezor.

Summing up

Keeping your crypto funds secure may seem tricky at first glance. Why, there are so many dangers all around and no third-party to rely on!

But if you are keen on using a new system that stands aside from the highly centralized financial world, you should learn to protect your savings yourself. And although all these precautions may seem to be a bit complicated for less tech-savvy users, you will find that it’s not that hard as soon as you turn them into your daily habits.

What other tips on crypto security do you know? Did we miss out your favorite tips/tools?

Share your thoughts in the comments below!