Security
March 6, 2022

Crypto Security Part 1: Best Practices

In part 1 of our Crypto Security 101 series, we cover the best practices for crypto storage
5 min

As cryptocurrencies gain even more popularity and adoption in today's society, the number of exploits and 'hacks' has multiplied tenfold. As a result, securing your assets is critical for consumer protection.

There are numerous ways to keep your cryptocurrency secure, most of which are complicated, involve new jargon, and contain confusing steps. This article will be split into two parts, covering the best practices and explain away any confusion to help reduce the chance of fraud or theft.

It's important to be aware of possible scams when investing in cryptocurrency

Given that many investors are new to the crypto ecosystem and may not be aware of the proper methods of keeping their assets secure, hackers are devising new and inventive methods of stealing funds. Thefts that have occurred in plain sight have been among the most prominent.

Different ways to store your crypto

Trusting a custodian service

  • For ultimate protection, third-party organisations that offer crypto custody solution services typically use a combination of both hot wallets and cold wallets to store their clients' tokens. This is extremely useful to investors who are new to the area or do not want to bear complete responsibility for keeping their tokens secure due to the numerous security procedures that must be implemented to ensure the safety of assets. In some cases a custodian service may also offer insurance of the funds stored with them. However, a noticeable disadvantage of this service is that assets can only be accessed or moved through the custodian service.
  • Cryptocurrency brokerages like Caleb & Brown provide a service that includes the safety and safekeeping of funds utilising our current custodian infrastructure. Along with our integration with Fireblocks, the number one crypto and digital asset platform for institutions, our custodial solutions are both battle-tested and operationally efficient.

Caleb & Brown Integrates Fireblocks Custody Solutions

Hot Wallet

  • A hot wallet is an online wallet that is connected to the internet and can be accessed at any time, including desktop wallets like MetaMask, TrustWallet and Exodus. Most exchange wallets and all cloud-based wallets are hot wallets. With hot wallets, there is a risk that if your connection and computer are compromised, your funds will be accessible to hackers/scammers who can move the funds out of the hot wallet.
MetaMask is a popular hot wallet
  • Storing funds on an exchange also involves similar risks to using a hot wallet because holding funds in an exchange wallet is not the same as holding them in your personal wallet. Exchange wallets are exchange-provided custodial accounts. The owner of the private key of the cryptocurrency stored in this wallet is not the user of this wallet. Some cryptocurrency exchanges do not provide SIPC or FDIC protection, which means that if an exchange and its related wallets are compromised, there is no guarantee that your funds will be safe. Because of this, it is important to do your own due diligence in checking what protections are offered by an exchange providing custodial services.

Cold Wallet

  • A cold wallet, in its most basic form, is a wallet that is not connected to the internet, where the private keys are held offline. Cold wallets remain offline, relying on non-internet media such as paper or hardware similar to 'USB-like'* devices or other physical offline storage devices that are specifically designed for crypto storage. There are numerous reputable and reliable cold wallet brands, such as Ledger and Trezor.
The Ledger Nano X is a trusted and widely used cold wallet
  • It is suggested that cold wallets are purchased directly from the official website rather than via third-party retailers; even reputable retailers such as Amazon cannot guarantee the authenticity of the products offered on their platform. This is critical since many counterfeit products are sold online with malware pre-installed, so going directly to the source is essential.

*Please note that not all USB-like devices can be used for cryptocurrency storage and you must check that the product is either compatible or designed specifically for cryptocurrency storage

There are many hot and cold wallets available for cryptocurrency storage. Source: pixelplex.io

It is recommended that cryptocurrency holders utilise a combination of hot and cold wallets. Hot wallets come in handy when trading frequently using an exchange, for example. However, for long-term storage, it is recommended to use a cold wallet, which, unlike a hot wallet, does not require internet connectivity and therefore eliminates the risk of cybersecurity threats. Most cold wallets are also encrypted, adding another layer of security.

Using a cryptocurrency brokerage service such as Caleb & Brown to buy, sell or trade cryptocurrencies does not require a client to use a hot wallet, even in the case where the client wishes to retain management of their own custody.

Best Practices

Never disclose your seed phrase to anybody, and never save it online or on a computer, especially in apps like 'Notes.' The most secure method to store a seed phrase is to write it on three different pieces of paper and keep each piece of paper in a different location.

When transferring funds between wallets, always send a fractional test amount to confirm the desired transaction. Sending a test transaction certifies to the user that funds are travelling from the correct wallet to the desired recipient, as it is easy for a mistake to be made with such complicated wallet IDs.

Be cautious of phishing emails and fake websites/contacts attempting to swindle you.

When dealing with cryptocurrency, always use a secure internet connection, even if it's just to check balances. Never use public Wi-Fi. Even while using personal Wi-Fi or personal hotspots, using a VPN adds an extra layer of security by changing one’s IP address.

Further reading: Common Crypto Scams


Disclaimer: This assessment does not consider your personal circumstances, and should not be construed as financial, legal or investment advice. These thoughts are ours only and should only be taken as educational by the reader. Under no circumstances do we make recommendation or assurance towards the views expressed in the blog-post. The Company disclaims all duties and liabilities, including liability for negligence, for any loss or damage which is suffered or incurred by any person acting on any information provided.