Cryptocurrencies shift power from the banks to the people, but they also shift responsibility. When you become your own bank you also take on full responsibility for your assets. This guide is a one stop shop to completely level up your cryptocurrency security.
A lot of cyber security is focused on prevention which is extremely important, however there’s a lack of information on damage mitigation. We’ve set our system up in a way where we expect to get hacked and make sure even then we can mitigate the damage.
💥 For 6 clear, concise and actionable newsletters a week, fundamental and technical analysis to compliment your trading/investing, trading education and self improvement, consider joining the free Market Meditations community of over 31,000+ people👇
Step 1 Defence Software
Let’s start with a very easy step. Download on all your devices that have access to the internet. Then run regularly scheduled scans and make sure to update regularly
Step 2 VPN
Another easy step, a VPN helps you do your online work through a secure tunnel, so hackers can't have access to your data.
Download, turn on and keep it on. Always use a VPN, it’s inexpensive and improves your online security. I use Nordvpn.
Step 3 Crypto-currency Storage
Essential step crypto-currency storage.
There are a few tiers of safety here, there is very little reason to not go with Tier 1.
Hardware Wallets (Tier 1)
Trezor: Another solid choice for a hardware wallet. It’s the original hardware wallet and has been around a long time so is time tested which is a huge advantage. It offers solid security as well.
The downside to Trezor is the UI, Trezor is difficult to set up and use. It also doesn’t double up like ZERO and GRAPHENE with other security features.
NGRAVE ZERO: The ZERO is completely offline, from secret key generation to transaction signing, keeping your holdings away from any online attack vector. They call it the coldest wallet.
This device is also extremely user friendly, anyone can pick it up and set it up with ease. There is no wallet I’d recommend with more confidence.
As you will see later in the article NGRAVE products actually protect you from multiple other attack vectors. This makes them one of your most cost effective choices, it encompasses several security devices in one.
The downside is that despite their expertise and rigorous testing, they are a new company and not time tested yet.
Paper Wallet (Tier 2)
If you want a temporary solution you can create a paper wallet. They take 10-30 minutes to make and everyone has access to pen and paper.
The downside is that paper is easily lost or damaged. And you really need to invest in a good fireproof, waterproof safe with GPS, at this point you may as well buy a hardware wallet. Not to mention trying to move your funds around becomes difficult and the setup isn’t intuitive, the smallest mistake you make can cost you dearly.
Desktop wallet (Tier 3)
Desktop wallets are only as safe as the system they are on. Put them on your high security device and wherever possible use 2FA. They are not the same as cold storage but better than nothing. Exodus or Metamask.
Step 4 Two-Factor Authentication (2fa)
What is two-factor authentication?
Well if one factor authentication is a password, two-factor authentication would be anything that adds an extra layer of security on top of that.
Most people end up using their cell phones to get SMS two-factor authentication. They receive a unique text code before accessing their accounts. If you use this method or were planning on doing so DON’T! Sim swaps, where hackers port your phone number are extremely common, not to mention there are multiple other attack vectors here.
Never use SMS 2FA.
So how do we get a more secure two-factor authentication?
A cold two-factor authentication device is essential. A cold device is a device that doesn’t connect to the internet.
I’m going to present two options for acquiring a cold two factor authentication device.
Dedicated Cold 2fa Device (Tier 1)
-If you’ve bought ZERO it will double up as your 2FA device. No backdoors, no attack vectors left open, an entirely cold device.
-Yubikey is also a fantastic option for cold 2FA
Tier 2 Dedicated 2fa Phone/Tablet (Tier 2)
- Buy a cheap tablet or phone that can download a 2fa application on
- Download your desired 2FA apps
- Swap that phone to flight mode and never connect it to the internet again
- Voila you have an inexpensive two-factor authentication device albeit not as safe as a truly cold device like ZERO
It’s important to note here that 2FA can be circumvented, it is not an absolute defence. Just because you have 2FA, do not assume you are invulnerable.
🧘 Free subscribers get full access to:
6 clear, concise and actionable newsletters a week
Fundamental and technical analysis to compliment your trading/investing
Trading education and self improvement
Step 5 Separate Computers
Use your discretion here, having two separate computers is an expensive option so decide if it’s worth the investment relative to the value of your online security and assets.
I personally use 2 computers.
High Security Computer
Your high security device will be used only for handling cryptocurrencies, banking, trading and other sensitive activities. Do not get windows as an operating system, it is too vulnerable.
I recommend macOS, Linux or ChromeOS. You can buy a cheap Chromebook for less than $150 and it will suffice for all your needs. I go the extra mile and use an isolated phone as data for this device to keep it off my wifi.
Your high security device is never to deviate from essential websites and never to click on any unknown links. By bookmarking your essential pages and never typing in your web addresses you reduce temptation and possibility to click on a link you shouldn’t. All it takes is one mistake to compromise your security.
Low Security Computer
For all other activities, you can use your low security device. There should never be crossover between these two devices.
Step 6 Password and Data Storage
This is where we disproportionately limit the damage a successful hack can do to us. I’m going to share a multilevel system I’ve built for myself.
There are two tiers of data
Level 1 Data
To determine if your data is level 1 ask yourself this. If a hacker had access to this information would they be able to attack me? For example, if a hacker gained access to your private keys they could directly access your cryptocurrency.
This makes your private keys Level 1 data. Other examples are things like passwords for master emails that can bypass all other security with the right information, your password manager passwords, private keys or recovery phrases.
Here are rules for level 1 data
Level 1 data is to be kept offline
Your level 1 data should never be stored on your laptop, even for a second
When entering these passwords you will alternate between using your actual keyboard and an on-screen keyboard, this means the hacker requires to both have you keylogged and be able to see your screen to steal your password
These passwords will be a minimum of 15 keys long and as complex as possible. (good password managers will generate these for you).
Now to accomplish this you have two options, very similar to cryptocurrency storage.
Storage (Tier 1)
-ZERO will function as a password manager. (most password managers will cost $500-$1000 over a 10 year period)
-GRAPHENE is a cryptographic puzzle made of two fire, water, buried and shock-proof everlasting stainless steel plates. This backs up your private keys and passwords if you use it as your manager. is a simple but ingenious concept that gives you recoverable protection against anything happening to your ZERO.
-Dashlane is another great option for a password manager.
Storage (Tier 2)
-Use paper storage and keep that paper in a fireproof and waterproof safe with GPS
-Also download a password manager (LastPass, Dashlane, RoboForm) and make sure to not sync passwords between your high security device and your low security device.
Stop what you’re doing right now, check your system. If you have any level 1 data, on your computer move it now and ideally change it after moving it!
Level 2 Data
Any data which on it’s own can not grant the hacker access to any of your funds or important data is considered level 2. This means If a hacker were to gain access to a level 2 password they would still be unable to actually access anything vulnerable.
Level 2 passwords are to be randomly generated by your password manager and should never be typed, always copy and paste from your manager without revealing the password in case you are being watched or key logged.
Step 7 Emails
Old emails with lackluster passwords are a common point of entry for hackers. If you’ve had it for a while and used it for multiple websites, chances are you want to get rid of it.
You can see if your email is compromised here
These are to be made using ProtonMail. These are for your exchanges, bank accounts, investment platforms and any other platform that are sensitive. These are also used to back up your secondary emails.
You can use other emails at your convenience for less sensitive accounts.
Every email should have 2FA.
Step 8 Exchanges
When our funds are on exchanges we take on countless risks, as traders/investors we must manage this like any other. Here are a few tips to keep your funds safer on exchanges.
Only use reputable exchanges
Only use them on your high security device
Every exchange must be backed by a master email, cold device 2FA and a secure password
Set a global lock that requires a minimum wait time before settings are changed
If you have no plans or need to withdraw the funds in the near future set a large minimum wait time on withdrawals
Use leverage as a means of reducing counterparty risk. Tutorial here.
Whitelist your addresses and set a lock on adding new addresses
Step 9 Protect your friends and family
This last step is really important. If a hacker gets sensitive info from someone you love, they can leverage that to blackmail you. Unfortunately, some hackers are just malicious people, they won’t even want anything other than to hurt you.
Your final step is to share this with your loved ones and make sure they are as protected as you.
Not financial or tax advice. The content in this newsletter is for informational purposes only. Nothing in this email is intended to serve as financial advice. We are not financial advisors. Every investment and trading move involves risk. Do your own research when making a decision. See our important security disclaimers here.
Disclosure. Some of the links we’ve included are affiliate, they give you rewards and discounts and earn us a commission. Additionally, the Market Meditator writers hold crypto assets. See our investment disclosures here.