9 Step Essential Cryptocurrency Security Guide
Market Meditations | November 2, 2020
Dear Meditators
Cryptocurrencies shift power from the banks to the people, but you also take on full responsibility for your assets.
This guide is a one stop shop to completely level up your cryptocurrency security. I will stick mostly to simple steps anyone can take.
There are many extra steps you can take to increase your security. If you already have multiple laptops, virtual machines, 3 identities, your own email servers, a nuclear bunker and a lifetime supply of ramen, then you won’t need this guide.
For everyone else…
Step 1 Defence Software
Let’s start with a very easy step.
Option 1 Built-in security software has come a long way and is a viable option.
Option 2 Bitdefender is our preferred choice. Works against all e-threats, from viruses, worms and Trojans, to ransomware, zero-day exploits, rootkits and spyware.
Option 3 We are also big fans of Hitmanpro.alert for people who want serious real time protection. However this is very taxing on your computer.
Step 2 VPN
Another easy step, a VPN helps you do your online work through a secure tunnel, so hackers can’t have access to your data.
Download, turn on and keep it on. Always use a VPN, it’s inexpensive and improves your online security.
Option 1 NordVPN is fast and easy to use. Good enough for most people.
Option 2 You can take your privacy even further and try Mullvad.
Step 3 Crypto-currency Storage
Essential step crypto-currency storage.
There are a few tiers of safety here, there is very little reason to not go with Tier 1.
Hardware Wallets (Tier 1)
For set and forget cold storage we recommend NGRAVE ZERO. The ZERO is completely offline, from secret key generation to transaction signing, keeping your holdings away from any online attack vector. They call it the coldest wallet.
For people actively engaging with DeFi protocols and using their wallet more regularly we recommend a Trezor or a Ledger. They are both solid choices for a hardware wallet. They have both been around a long time so are time tested.
Note* Ledger had a security breach in 2020
Paper Wallet (Tier 2)
If you want a temporary solution you can create a paper wallet. They take 10-30 minutes to make and everyone has access to pen and paper.
The downside is that paper is easily lost or damaged. And you really need to invest in a good fireproof, waterproof safe with GPS, at this point you may as well buy a hardware wallet. Not to mention trying to move your funds around becomes difficult and the setup isn’t intuitive, the smallest mistake you make can cost you dearly.
Desktop wallet (Tier 3)
Desktop wallets are only as safe as the system they are on. Put them on your high security device and wherever possible use 2FA. They are not the same as cold storage but better than nothing. Exodus or Metamask.
Step 4 Two-Factor Authentication (2fa)
What is two-factor authentication?
Well if one factor authentication is a password, two-factor authentication would be anything that adds an extra layer of security on top of that.
Most people end up using their cell phones to get SMS two-factor authentication. They receive a unique text code before accessing their accounts. If you use this method or were planning on doing so DON’T! Sim swaps, where hackers port your phone number are extremely common, not to mention there are multiple other attack vectors here.
Never use SMS 2FA.
So how do we get a more secure two-factor authentication?
A cold two-factor authentication device is essential. A cold device is a device that doesn’t connect to the internet.
I’m going to present two options for acquiring a cold two factor authentication device.
Dedicated Cold 2fa Device (Tier 1)
-If you’ve bought ZERO it will double up as your 2FA device. No backdoors, no attack vectors left open, an entirely cold device.
–Yubikey is also a fantastic option for cold 2FA
(Recommended) Dedicated 2fa Phone/Tablet (Tier 2)
– Buy a cheap tablet or phone that can download a 2fa application on
– Download your desired 2FA apps
– Swap that phone to flight mode and never connect it to the internet again
– Voila you have an inexpensive two-factor authentication device
It’s important to note here that 2FA can be circumvented, it is not an absolute defence. Just because you have 2FA, do not assume you are invulnerable.
Step 5 Separate Computers
Use your discretion here, having two separate computers is an expensive option so decide if it’s worth the investment relative to the value of your online security and assets.
High Security Computer
Your high security device will be used only for handling cryptocurrencies, banking, trading and other sensitive activities. Do not get windows as an operating system, it is too vulnerable.
I recommend macOS, Linux or ChromeOS. I go the extra mile and use an isolated phone as data for this device to keep it off wifi.
Your high security device is never to deviate from essential websites and never to click on any unknown links. By bookmarking your essential pages and never typing in your web addresses you reduce temptation and possibility to click on a link you shouldn’t. All it takes is one mistake to compromise your security.
Low Security Computer
For all other activities, you can use your low security device. There should never be crossover between these two devices.
Step 6 Password and Data Storage
This is where we disproportionately limit the damage a successful hack can do to us. I’m going to share a multilevel system I’ve built for myself.
There are two tiers of data
Level 1 Data
To determine if your data is level 1 ask yourself this. If a hacker had access to this information would they be able to attack me? For example, if a hacker gained access to your private keys they could directly access your cryptocurrency.
This makes your private keys Level 1 data. Other examples are things like passwords for master emails that can bypass all other security with the right information, your password manager passwords, private keys or recovery phrases.
Here are rules for level 1 data
- Level 1 data is to be kept offline
- Your level 1 data should never be stored on your laptop, even for a second
- When entering these passwords you will alternate between using your actual keyboard and an on-screen keyboard, this means the hacker requires to both have you keylogged and be able to see your screen to steal your password
- These passwords will be a minimum of 15 keys long and as complex as possible. (good password managers will generate these for you).
Now to accomplish this you have two options, very similar to cryptocurrency storage.
Storage (Tier 1)
– Indestructible storage for private keys. For example GRAPHENE is a cryptographic puzzle made of two fire, water, buried and shock-proof everlasting stainless steel plates. This backs up your private keys and passwords if you use it as your manager. is a simple but ingenious concept that gives you recoverable protection against anything happening to your hardware wallet.
Storage (Tier 2)
-Use paper storage and keep that paper in a fireproof and waterproof safe with GPS
-Also download a password manager (LastPass, Dashlane, RoboForm) and make sure to not sync passwords between your high security device and your low security device.
Stop what you’re doing right now, check your system. If you have any level 1 data, on your computer move it now and ideally change it after moving it!
Level 2 Data
Any data which on it’s own can not grant the hacker access to any of your funds or important data is considered level 2. This means If a hacker were to gain access to a level 2 password they would still be unable to actually access anything vulnerable.
Level 2 passwords are to be randomly generated by your password manager and should never be typed, always copy and paste from your manager without revealing the password in case you are being watched or key logged.
Step 7 Emails
Old emails with lacklustre passwords are a common point of entry for hackers. If you’ve had it for a while and used it for multiple websites, chances are you want to get rid of it.
You can see if your email is compromised here.
Master Emails
These are to be made using ProtonMail. These are for your exchanges, bank accounts, investment platforms and any other platform that are sensitive. These are also used to back up your secondary emails.
Secondary Emails
You can use other emails at your convenience for less sensitive accounts.
Every email should have 2FA.
Step 8 Exchanges
When our funds are on exchanges we take on countless risks, as traders/investors we must manage this like any other.
There is no 3rd party you should trust with your crypto. Exchange tips;
- Use exchanges to on ramp and off ramp your crypto
- Deposit only what you need to buy/sell then take it off the exchange
- Only use reputable exchanges
- Only use them on your high security device
- Every exchange must be backed by a master email, cold device 2FA and a secure password
- Set a global lock that requires a minimum wait time before settings are changed
- If you have no plans or need to withdraw the funds in the near future set a large minimum wait time on withdrawals
- Use leverage as a means of reducing counterparty risk. Tutorial here.
- Whitelist your addresses and set a lock on adding new addresses
Step 9 Protect your friends and family
This last step is really important. If a hacker gets sensitive info from someone you love, they can leverage that to blackmail you. Unfortunately, some hackers are just malicious people, they won’t even want anything other than to hurt you.
Your final step is to share this with your loved ones and make sure they are as protected as you.