How to Keep Your Crypto Secure

With the growing popularity of crypto trading, protecting your assets is essential. Here are some practical steps to dramatically improve your digital security.

Common Threats to Your Crypto

One significant threat is an “account takeover” (ATO), where fraudsters gain control of your account for unauthorized activity. A common method is the SIM-swap attack. In this attack, fraudsters contact your wireless carrier and impersonate you, convincing customer service to transfer your cell service to another device. This way, they can intercept SMS two-factor authentication (2FA) codes sent to your phone. Paired with stolen passwords, these codes are used to access accounts like email, social media, cloud storage, and financial accounts, including Coinbase.

Security Steps to Prevent SIM-swap Attacks and ATOs

  1. Use a Password Manager

    • Create Strong Passwords: Your passwords should be at least 16 characters long, unique, and complex. A password manager like 1Password or Dashlane can generate and store these for you.
    • Check for Compromised Passwords: Visit haveibeenpwned.com/Passwords to ensure your passwords haven’t been exposed in a data breach.

  2. Use Two-Factor Authentication (2FA)

    • Opt for Hardware 2FA: Use a Yubikey or another hardware security key for maximum protection.
    • Authentication Apps: If hardware 2FA isn’t available, use Google Authenticator or Duo Security over SMS-based 2FA.
    • Require 2FA for Every Login: This ensures only you can access your account even if someone has your password.
    • Avoid Providers Without 2FA Options: If a service doesn’t offer these security features, consider using an alternative.

Stay Vigilant Online

In addition to using the right security tools, staying alert is crucial.

  1. Don’t Make Yourself a Target

    • Avoid discussing your cryptocurrency holdings publicly, similar to how you wouldn’t advertise a large inheritance.

  2. Beware of Scams

    • Fake Tech Support Scams: Fraudsters may impersonate support, asking for credentials. Remember, Coinbase will never ask for passwords, 2FA codes, PINs, or remote access to your device.
    • URL Verification: Scammers create fake websites to steal credentials. Always double-check the URL before entering information. For links in emails, copy and paste them into a text editor first to inspect where they lead.