Crypto Security

Your Keys, Your Coins

In crypto, whoever holds the private keys controls the assets. There is no bank to call, no chargeback, no account recovery. This is the power of self-sovereignty - and its responsibility.

The good news: a handful of habits protect you from the vast majority of threats.

Seed Phrase: Your Master Key

Your seed phrase (12 or 24 words) can restore your wallet on any compatible device. It is the single most important thing to protect.

Rules:

• Write it on paper - never type it, screenshot it, or save it digitally
• Store it offline - a safe, a fireproof box, or a dedicated metal backup plate
• Never share it - no wallet, no exchange, no support team will ever ask for it
• Make backups - store copies in two separate physical locations

If someone asks for your seed phrase, it is a scam. Always.

Hardware Wallets for Large Holdings

Software wallets are connected to the internet, making them vulnerable. If you hold significant value in crypto, a hardware wallet is essential.

• How it works - your private keys never leave the device, even when you sign transactions
• Threat model - protects against malware, phishing, and remote attacks
• Recommendation - use one for any amount you would not want to lose

See the Wallets guide for recommended hardware wallets.

Multi-Signature for Extra Protection

Multi-sig wallets require multiple approvals before any transaction goes through. A 2-of-3 setup means you need 2 out of 3 keys to sign - losing one key does not mean losing access.

When to consider multi-sig:

• Holdings above $50,000
• Long-term storage you rarely touch
• Shared team or DAO funds

Safe is the leading Ethereum multi-sig wallet.

Phishing: The Most Common Attack

Most crypto theft happens through social engineering, not technical hacks.

Common phishing vectors:

• Fake wallet websites (google ads targeting "metamask download")
• Emails impersonating exchanges asking you to "verify your account"
• Discord/Telegram DMs offering help, airdrops, or NFT mints
• Fake browser extensions that look identical to real wallets

Defense:

• Bookmark wallet and exchange URLs - never search and click
• Verify URLs carefully before entering any credentials
• Never click links in DMs from strangers, even if they look helpful
• No legitimate service will ask for your seed phrase

Exchange Account Security

For centralized exchange accounts:

• Use a strong, unique password - generated by a password manager
• Enable 2FA - use an authenticator app (Authy, Google Authenticator), not SMS
• Whitelist withdrawal addresses - most major exchanges support this
• Withdraw to self-custody - do not leave large amounts on exchanges

Operational Security Habits

• Separate devices - consider a dedicated device for high-value wallet interactions
• Use a VPN on public Wi-Fi when accessing exchange accounts
• Keep software updated - wallets, browsers, and OS patches close vulnerabilities
• Verify before signing - use a wallet with transaction simulation (Rabby shows what a transaction will actually do before you confirm)
• Test with small amounts - always do a small test transaction before moving large amounts

Essential Security Tools

• Rabby Wallet - shows transaction previews and risk warnings before you sign
• Etherscan - verify any Ethereum transaction or contract address
• Revoke.cash - review and revoke token approvals you no longer need
• 1Password or Bitwarden - password managers for strong unique passwords
• Authy - 2FA authenticator app with encrypted backup

If Something Goes Wrong

Suspected compromise:

1. Move funds immediately to a fresh wallet (never reuse a compromised seed)
2. Revoke all token approvals at revoke.cash
3. Check for any pending approvals or allowances
4. Report to relevant exchanges if exchange accounts were involved

There is no recovery once funds are stolen on-chain. Speed matters.

Next Steps

• Wallets → Find the right wallet for your needs
• Exchanges → Where to buy and trade crypto
• Privacy → Financial privacy in Bitcoin and beyond
• Invest → Learn about making informed decisions
• Plan your legacy → What happens to your crypto when you die?
• Computing Legacy → Automate Ethereum inheritance on-chain