A Simple Guide For Protecting Your Crypto

It’s been a big week for crypto: after the first two Bitcoin futures ETFs launched, Bitcoin and Solana hit new all-time highs and Ethereum came close to setting a new record of its own. But as crypto becomes more mainstream, cybercriminals who target crypto holders are getting more creative and persistent. Here is a simple guide for protecting your crypto and all the other valuable data you store online. Here are the takeaways.

• Use a password manager. Humans are really bad at remembering passwords, which is why too many of us choose simple phrases and repeat them across multiple websites. Password managers (like Nordpass, 1password and Dashlane) generate strong, secure passwords and store them for you — no memorization required. Use one. (Want to see if your passwords have been exposed by a known data breach? Check out haveibeenpwned.com.)

• Enable 2-factor authentication (2FA). 2FA can protect an account even if a hacker steals your password. There are several types of 2FA, ranging from less secure (SMS-based, where a verification code is sent via text message) to more secure (an app that generates verification codes like Google Authenticator) to most secure (a hardware security key like a Yubikey). We strongly recommend choosing a stronger method than SMS, because hackers can steal texts with a common method called “SIM-swapping” — in which your phone number is transferred to another device. If no other option is available, enable SMS 2FA — but if that’s not possible, consider using a different service.

• Protect your seed phrase. A seed phrase is a string of 12 to 24 words that is literally the key to a non-custodial crypto wallet like Coinbase Wallet, Exodus, or MetaMask. Anyone with access to your seed phrase has access to the crypto in that wallet. If you lose or delete your wallet, you can restore it with your seed phrase — but if you lose your seed phrase, you lose your crypto. (For many users, keeping crypto in the “hosted wallet” that comes with every Coinbase account is a more convenient option. You can add another layer of security without having to manage seed phrases by moving some crypto into a Coinbase Vault.)

• Be wary of “airdrops.” If you are investing and tradiing NFTs or DeFi, you’ve probably encountered airdrops — in which a project rewards early adopters by sending tokens to their wallets. But in recent weeks, our Coinbase’s security team has been tracking an ongoing phishing campaign involving airdrops. In the scam, randomly airdropped tokens appear in your wallet. If you try to interact with them, you’re prompted to connect your wallet to a website that looks like a DeFi app — but actually gives hackers permission to drain your holdings. To protect yourself, don’t interact with airdropped tokens from unknown sources, don’t connect your wallet to websites advertised by airdropped tokens, and don’t keep too much crypto in a wallet you regularly use to interact with crypto apps.

• Don’t brag. In the sage words of Kendrick Lamar: be humble. Just like a brand new Lamborghini in your driveway could make you a target for burglars, flashing your gains online could make you a target for cybercriminals.