Note: This post contains affiliate links to services I recommend and personally use
If you’re a crypto investor, hacks are becoming so common you absolutely need to take some careful steps to protect your online investments. Here are 10 security tips for your crypto investments and how to avoid Metamask hacks.
- Research carefully the projects you invest in
- Use cold storage for your cryptos
- If you don’t like cold storage, use multi sig or spread your assets into multiple exchanges
- Guard your Metamask seed phrase or private keys like your life
- Use password managers
- Setup 2FA (2-factor authentication) on all connections
- Use a VPN
- Always check the URL of websites you are visiting
- Double check the wallet addresses you use to send coins
- Follow these tips to avoid Metamask hacks
Before I get into any of the steps, just make sure you only invest money you can afford to lose. This has been said over again but remains the cardinal truth. The space is still so early, scams are numerous, cryptos are volatile, projects rug, hacks happen. Just be extra extra careful.
Here’s my personal experience of scams.
Here are the scams and security issues I’ve suffered
Only in the recent months, I have experienced all of the following scams and security hacks.
I got my Metamask hacked for thousands of dollars
Because I re-typed my Metamask seed phrase on a malicious website, my entire wallet was emptied in a couple of minutes. There was nothing I could do, except trace (in utter despair) the wallet address that had emptied my coins.
I wrote to Metamask support but there’s nothing they could do. Transactions on the blockchain are irreversible, that’s precisely what makes it so powerful.
I sent cryptos to the wrong wallet address
Acting too quickly, I transferred several hundred $ of one type of coin to the wallet address of another coin. A simple, stupid mistake I could have avoided by being a bit more careful.
I experienced several rug pulls or coin crashes
I invest in a good number of node projects (see my $1k/day strategy) INSERT LINK, including some very early ones. By wanting to get in too quickly, I went for unsustainable rewards. Several of the projects I got in just rug pulled (the team ran away with the funds) or crashed (coins went to zero).
I faced each of the above issues because I hadn’t followed one of the 10 security steps below. Had I followed them all, none of the above would have happened and I would have saved tens of thousands of dollars.
So do yourself a favor, and follow these 10 security tips for your crypto investments.
Research carefully the projects you invest in
You have to do your due diligence on the projects you are considering entering.
Among the things you should check on every project:
- Avoid projects with crazy returns, fake protocols, or just simple forks of original contracts or services
- Remember that high APYs on a coin that crashes in value does not make a good investment
- Make sure that the funds of the protocol you’re considering are stored in multi signature (multi sig) wallets, so no one team member can run away with the funds
- Check that the project is audited
- Verify that the team is doxed, meaning we know who they are, and that it’s not a single lonely dev in his basement
- If you for ultra short term gains, make sure you get your RoI quick. It’s great to get in early in some projects, make sure you recover your funds fast and then play with house money
Use cold storage or your cryptos
Exchange hacks have happened in the past, they will happen again.
You can never be safe enough, and while we wait for banks to offer serious custodial services for digital assets, your best bet is to go with cold storage.
Cold storage means a hardware device totally disconnected from the internet.
Use a Ledger Nano X or a Trezor or Arculus (great new card technology), the ultimate cold storage devices.
If you don’t like cold storage, use multi sig or spread your assets into multiple exchanges
If you want to keep your cryptos on centralized exchanges, such as Coinbase, then you can activate multi sig configurations, making it impossible for one individual to withdraw funds alone.
An alternative if you are not comfortable with cold storage is to spread your assets into multiple exchanges. That way you are spreading the risk of losing all your precious assets in one go.
For example, split your bitcoin or ethereum coins between five exchanges or lending platforms : Coinbase, Kucoin, FTX, BlockFi, Nexo, Celsius.
Guard your Metamask seed phrase or private keys like your life
If you’re using Metamask or any kind of wallet to do your trading, chances are you were given a 20 word seed phrase or a private key when you installed it.
THE most important security tip is to never ever give anyone that Seed Phrase or private Key.
That is the equivalent of your bank account password.
Do not store that precious seed phrase online, do not screenshot it.
Just write it down and store it in a safe place, you can even use metal plates if you’re afraid your piece of paper might get destroyed by water or fire. For eg. here are the Cobo tablets.
Here’s a cool video giving you ideas of places to hide your seed phrase.
Use password managers
You should use an online password manager to protect your passwords. Do not store them in an excel file, a notebook or in your contacts.
There are many good password managers out there: lastpass, 1password, dashlane to name a few.
Setup 2FA (2-factor authentication) on all your connections
2FA is an easy and robust way of securing access to all websites and services. It is offered by most exchanges and you should always activate it.
But be careful => do not activate SMS 2FA using your phone number !
Sim swap is a common and very real threat. A sim swap is when someone will call your phone operator pretending to be you, and ask the operator to direct your line to another sim pretending it is faulty or missing.
That way, the 2FA sms messages will be sent to that person, and you will see your line as disconnected and your connections hacked.
Instead use a 2FA app such as Google Authenticator or Authy.
Use a VPN to secure your crypto trading
A VPN will protect your trading by making it harder for your cryptos to be accessed. I will also provide extra protection against malware, phishing attacks and viruses.
The VPN keeps your « digital footprint » hidden. That means no one can trace and track your identity, social posts, emails, comments or ip address. Your online activity is totally encrypted, making it extremely difficult to hack or scam your account.
Mainly, the VPN’s encrypted tunneling protocol shields your transactions, so they remain inaccessible to any third party.
Their anti-threat protocol also protects you from malicious websites, malware, ads and trackers.
Always check the URL of websites you are using
One of the most common hacks of online wallets such as Metamask is when you inadvertently browse on a malicious website and you get asked to re-type your seed phrase.
Happened to me…. I lost thousands of dollars.
To prevent that, always check that you are on the right URL when you use an exchange, a protocol, or any crypto related website.
To access specific coin or protocol websites, only use the links from Coingecko or Coinmarketcap, you can find them on every coin’s page.
Never use google search as some malicious websites are listed on the top of search results via ad placements. Scammers setup fake websites with addresses that seem legit, purchase sponsored links and appear at the top of search results.
The best way to browse safe is to use bookmarks, so you’re sure you’re in the right place. Make bookmarks of all your regular exchanges, and only use these.
Also, always use a separate web browser (I recommend Brave browser) to separate your crypto trading from regular online browsing and surfing.
Double check the wallet addresses you use to send coins
When you’re sending large amounts of coins over to another wallet, make sure you’re using the right wallet address.
It sounds stupid, but mistakes are easily made. I know because I did it, I once sent hundreds of dollars worth of coins to a wrong wallet address. Actually the address was mine but it was for another coin. And when that happens, there’s nothing you can do, transactions are irreversible.
Sometimes you might also send coins to an address that’s yours but on the wrong blockchain (ex Tron instead of ERC20), that’s a common one.
So always double check your wallet addresses.
To be extra sure, you can send a first transaction with a very small amount and make sure that goes through.
Follow these tips to avoid Metamask hacks
Maybe the most frequent frauds and thefts happen with Metamask. The web and social media are overloaded with angry and frustrated traders that got their wallets hacked.
To avoid Metamask hacks follow these tips:
- If you want to use Metamask as a browser extension, set it up on a separate browser (I recommend Brave) that you only use for crypto trading
- I recommend using Metamask on your mobile, browsing via the embedded Metamask browser.
- By all means, NEVER EVER re-type your seed phrase under any circumstance, unless you are re-installing Metamask in a secure environment.
- Connect your hardware wallet to your Metamask. To set it up, follow this tutorial.
- Regularly check the websites your Metamask is connected to and disconnect them. To find that list, click the three little buttons on the right of your Account name.
- Do not connect to random websites with your Metamask open, that’s how I got mine hacked.
- Always disconnect your Metamask when you are done trading or swapping, never leave it open
Well, that’s it for my 10 security steps to protect your crypto and tips to avoid Metamask hacks.
I hope that was useful.
If you want to thank me, you can buy me a coffee, that’ll be a nice gesture.