Bitcoin & Cryptocurrency Security Cheat Sheet

[cryptosec.info]

Hi. I run a website as a hobby, dedicated to helping beginners learn how to protect and secure their coins and tokens from potential scams and hacks, and I created a sort of "cheat sheet" of a list of things you should and should not do when investing in bitcoin and cryptocurrencies in general. List is currently small, so I'm also looking for suggestions from the Bitcointalk community.

Will definitely give credits to the people who made good suggestions.

Link is: https://cryptosec.info/checklist/



DOs
✔️ DO only store your private key(s) on pieces of paper or on a CryptoSteel, and store them somewhere no-one else but you has access to.
✔️ DO store majority of your funds on a reputable hardware wallet or a securely-made paper wallet.
✔️ DO only use a paper wallet if you’re 100% confident that you can make one in a secure manner.
✔️ DO store only small amounts of your crypto on your hot wallets(exchanges, software wallets, web wallets, etc).
✔️ DO use Google 2 Factor Authentication on your exchange accounts. Your accounts having 2FA makes your accounts significantly harder to hack.
✔️ DO use secure and complex passwords on all of your exchange accounts; preferrably 40 characters, with both uppercase and lowercase letters, and with special characters(e.g. x*uyIqwGjBhLWd$xx%i&&US5z7BxcPSGTjW4g3o6). We heavily suggest using password managers like KeePass2 and Bitwarden to generate and store your passwords.
✔️ DO make sure that you frequently check your browser’s address bar, to make sure you’re on the correct URL; to prevent being phished and to prevent accidentally downloading malicious software.



DON’Ts
❌ DO NOT save your private key(s) and account passwords on a .txt file, a word document, on your email, on your mobile phone’s notes app, or anywhere digital.
❌ DO NOT store significant amounts of crypto on your hot wallets, pretty much anywhere that you don’t have control over the private key(s) and that could potentially be stolen by hackers.
❌ DO NOT give away your private key(s) to crypto airdrops or to anyone else in general. Giving away your private key(s) is pretty much like giving away access to your funds.
❌ DO NOT give away your personal information to airdrops, as they can use your personal information for malicious purposes.
❌ DO NOT click on bitcoin or crypto-related ads on Google or any other search engine. There’s a good chance that a certain link you see in your search result is a phishing link that could potentially steal your funds.
❌ DO NOT re-use passwords on exchanges or any other website in general.

[1714605868]

1714605868

[1714605868]

1714605868

[1714605868]

1714605868

[joniboini]

✔️ DO make sure that you frequently check your browser’s address bar, to make sure you’re on the correct URL; to prevent being phished and to prevent accidentally downloading malicious software.

You should add that we shouldn't download apps from unknown source, and don't forget to verify the authenticity of the file you download with signature or hash. It will protect you from downloading and using malicious apps like what happened with the recent phishing attack on Electrum.

Also, remember to use virustotal or something similar to check whether an app has legit code or is there some malware inside it. This can protect you from scammy forks which requires you to put your private key to claim the coins. Another way to protect yourself is to move all of your coins to another address if you want to claim a fork to prevent your coins from being stolen.

[eternalgloom]

It's also important to always double-check which wallet you're sending coins to.
There are certain types of malware that can detect whether you have copied a Bitcoin address and then replace that with another address, so you're actually pasting that malicious address into your wallet.

Here's more info on that specific type of malware:
https://www.newsbtc.com/2018/07/02/new-clipboard-hijacker-malware-monitoring-2-3-million-crypto-addresses/

It's been around for a very long time btw, usually people install it via untrusted browser plugins.

[o_e_l_e_o]

✔️ DO only store your private key(s) on pieces of paper or on a CryptoSteel, and store them somewhere no-one else but you has access to.

Surely you mean only store your seed on pieces of paper or an engraved plate, rather than your private keys. For the vast majority of users, the best place to store your private key is on a hardware wallet, given the trade off between ease of use and security. Sure, a completely airgapped computer or a paper wallet are a bit more secure, but the majority of users don't have the knowledge required to safely and securely create or use one of these. A hardware wallet is a perfectly acceptable alternative.

You should add that we shouldn't download apps from unknown source, and don't forget to verify the authenticity of the file you download with signature or hash. It will protect you from downloading and using malicious apps like what happened with the recent phishing attack on Electrum.

Even then, you aren't fully protected. Take the Copay wallet fiasco from a few months back. Someone added malicious code to a library which the Copay wallet was dependent on - Copay pulled it in and then distributed it to users as part of an official update. You can never be too careful.

[Ispep]

Also it's of utmost importance to bookmark website one tends to use often,if that is done then it'll be difficult to use the wrong or fraudulent one.
Also staying away from emails that one was not even expecting to get in the first place,like for example you didn't subscribe or request for any service,but you're greeted with an email which then looks way too good,in such situations avoiding such mails can save you a lot of money

[o_e_l_e_o]

Also it's of utmost importance to bookmark website one tends to use often,if that is done then it'll be difficult to use the wrong or fraudulent one.

Again, this isn't foolproof, and it's best to manually check you are on the right website every time before entering any log in details. There is malware which can edit your bookmarks and change the URL they target, or even redirect you from a bookmarked or manually entered URL to a phishing or scam site.

[CryptoToxicAvenger]

The most important thing is safety. Well that you have described everything in detail, it can definitely help some beginner. Even if you do not have funds in your wallet yet, you still need to take care of its security first.

[vennali]

Hi. I run a website as a hobby, dedicated to helping beginners learn how to protect and secure their coins and tokens from potential scams and hacks, and I created a sort of "cheat sheet" of a list of things you should and should not do when investing in bitcoin and cryptocurrencies in general. List is currently small, so I'm also looking for suggestions from the Bitcointalk community.

Will definitely give credits to the people who made good suggestions.

Link is: https://cryptosec.info/checklist/



DOs
✔️ DO only store your private key(s) on pieces of paper or on a CryptoSteel, and store them somewhere no-one else but you has access to.
✔️ DO store majority of your funds on a reputable hardware wallet or a securely-made paper wallet.
✔️ DO only use a paper wallet if you’re 100% confident that you can make one in a secure manner.
✔️ DO store only small amounts of your crypto on your hot wallets(exchanges, software wallets, web wallets, etc).
✔️ DO use Google 2 Factor Authentication on your exchange accounts. Your accounts having 2FA makes your accounts significantly harder to hack.
✔️ DO use secure and complex passwords on all of your exchange accounts; preferrably 40 characters, with both uppercase and lowercase letters, and with special characters(e.g. x*uyIqwGjBhLWd$xx%i&&US5z7BxcPSGTjW4g3o6). We heavily suggest using password managers like KeePass2 and Bitwarden to generate and store your passwords.
✔️ DO make sure that you frequently check your browser’s address bar, to make sure you’re on the correct URL; to prevent being phished and to prevent accidentally downloading malicious software.



DON’Ts
❌ DO NOT save your private key(s) and account passwords on a .txt file, a word document, on your email, on your mobile phone’s notes app, or anywhere digital.
❌ DO NOT store significant amounts of crypto on your hot wallets, pretty much anywhere that you don’t have control over the private key(s) and that could potentially be stolen by hackers.
❌ DO NOT give away your private key(s) to crypto airdrops or to anyone else in general. Giving away your private key(s) is pretty much like giving away access to your funds.
❌ DO NOT give away your personal information to airdrops, as they can use your personal information for malicious purposes.
❌ DO NOT click on bitcoin or crypto-related ads on Google or any other search engine. There’s a good chance that a certain link you see in your search result is a phishing link that could potentially steal your funds.
❌ DO NOT re-use passwords on exchanges or any other website in general.

Quite useful information for new crypto users to be honest. There should be a Crypto Bible or some sort to have all the do's and dont's written in a small booklet/PDF that everyone should read. I'd like to add another point to it that do check the addons/extensions that you have on your browsers. I came across one that was free along with a crypto investment website. The Permissions were described in detail if only you clicked the link to read them(basically hidden). It had the permissions to read and modify all your emails(Gmail, Yahoo, Outlook etc) and to all major crypto exchanges. In case you had installed the extension and given it permission, you were basically handing over all your online wallet and email data to them for free. You've gotta be very careful these days.

[kingpin4321]

If I may add this
Double your phone with 2fa authenticator, avoid clicking on phishing sites,
Ignore any suspicious person from any online social media platform claiming to be someone they are not, avoid be greedy and impatient

[bitfocus]

very useful tips for newbies, no doubt, keep it up buddy.

[MakeMoneyBtc]

Keep in mind that you have to be careful at everything because you could lose your bitcoin wallet and not only just by opening a simple email that doesnt look harmful at all. Hackers have lots of methods to steal money and when something doesnt work anymore they always find something new. So you have to understand that it is important to secure your accounts and wallets with a strong password and 2fa authenticator,this two being the most important but you can also add the option of receive a confirmation code on your mobile and email.

[r1s2g3]

DO:
Make sure , your loved one's  will get that bitcoin in case of your accidental death. This can be achieved by activating a dead man's switch or giving the location where you hid your private keys information that can be accessed in case of your death only.

[demenBTC]

most importantly your pc must be completely clean of viruses, viruses can tap all pc access automatically without us knowing it

[n0ne]

It is our responsibility to keep things in a much secure way, for the same we need to enable as much security features available. Cryptocurrency and security is much associated, and every user need to be clear while going to links. There are a lot many scam try through free giveaway, people fall for it easily. Those links will soon lead to some sort of breach to our wallets.

[mrdeposit]

I appreciate your effort to inform and fully agree with what you say. And my advice is to try the 'nano ledger' to store the bitcoins. Your security level will further strengthen and you will have more control on your funds.

[BurgerCash]

Really nicely worded and formatted post. I think it should be pinned, so that all newbies can see it.
People will always lose money to carelessness, that's the nature of crypto, but if we can prevent 1 person from losing money I'd say it was worth it.

[karloscimot]

The most important thing is safety. Well that you have described everything in detail, it can definitely help some beginner. Even if you do not have funds in your wallet yet, you still need to take care of its security first.

sharing in the procedures for managing crypto security will greatly help businesses who want to invest in bitcoin. this will make a lot of new players and all make crypto more and more used everywhere. of course you can increase prices in the market to be more stable. then do not we stingy to share knowledge, because all will also return to each of us.