How to secure crypto wallets

[Charles-Tim]

Table of content
Introduction
Crypto Wallets
Custodian and non-custodian wallets
Hierarchical determistic wallets
Fake and ghost wallets
Multi factor authentications
      Type 1 factors
      Type 2  factors
      Type 3 factors
Ways to protect crypto wallets
Having more than one wallets
Use of cold wallets
Set up new email during wallet set up[
Store private keys offline
Don't store other sensitive information online
Back up your wallet
Protect cryptocurrencies from wallets malware
How to prevent crypto wallets from malware
       i.   https sites
       ii.  Sites with padlock
       iii. Check for site domain
       iv.  Antivirus/anti malware
       v.   Wallet device restriction
       vi.  Visiting trusted sites
Use separate wallet for daily transactions
Multi factor authentications
       Pin, password and passphrass
       Two factor authenticators
       Finger print authenticator
Do not reveal your private key
Boasting on social media and forum or telling people about your wallets
Secure internet connection
Taking security measures you can handle
Using QR code, and triple check address before making any transactions
Wallet updates
Multisig wallet
Treating your wallet like scammers are always at work
Conclusion



Introduction
In the past, there are many crypto wallets that have been hacked or attacked before, some of these wallets were vulnerable to hackers while some are not vulnerable but due to wallet owners carelessness or ignorance, there were coin thefts. So, no any type of wallet has not even been hacked before. Be it web, software, hardware and paper wallet, great care must be taking to help to protect the wallets from hackers by the wallet's owner.

This article will focus on how crypto wallets can be more difficult or nearly impossible for hackers to get through. Before I will start or dive into this, I have to let us know some wallet types and with just simple explanations.

Crypto Wallets
Crypto wallets are devices or programs used to store private keys and public keys. Using a random number generator (RNG) or pseudorandom number generator (PRNG) a private key can be generated, the privates key generates the public keys. The private key is used to access your wallet and it is stored online or offline while the public keys is used to send cryptocurrencies  from one wallet to another.

Custodian and non-custodian wallets
The custodian wallets are wallets providers that hold custody of your private keys, this type of wallet is not advisable because your are not the owner of the cryptocurrencies store on the wallets on blockchain. To be the full owner of your cryptocurrencies, you need wallets that have private keys. Non-custodian wallets are the best because you are the owner of your cryptocurrencies on the blockchains of the repective coins.

Hierarchical determistic wallets
To make this short and simple, there are wallets now with seed phrase, these are also called recovery phrase because it can be be used to recover back cryptocurrencies  if someone's crypto wallet is lost, damaged or stolen.

Fake and ghost wallets
There are wallets that are created by scammers, the wallets are not safe and the scammers use it to steal from people that make use of the wallet. Ghost wallets are wallets that mimic a reputed wallet but created also by scammers. So, in order to avoid this, make sure you download from the wallet official website and also check for the signature.

Multi factor authentications
Multi factor authentications are good and secure ways to protect crypto wallets, before we can talk about multi factor authentication, we have to know these three authentications.

Type 1 factors– Something You Know
This is single factor authentication, only what that are need for this is security pin or password that you can use for access. It is also called primary authentication.

Type 2  factors– Something You know
This type of authentication requires items that are physical, examples are smart phones, smart cards, USB drives, and token devices. A token device produces a time-based pin. And example is the google factor authenticator on mobile phones. 

Type 3 factors– Something You know
These are authentications that uses human body for verification. Expamle of human body used are finger print, face or eye recognition for authentication. Example is the finger print used on some online wallets. This makes it difficult for hackers to get through to steal coins.

So, combination of two or three of the factors above makes up a multi factor authentication. These authentications can make crypto wallets safer and more secure.

Ways to protect crypto wallets
Good crypto users do have more than one wallets, there will be wallet for online daily transactions and also one or more for storing cryptocurrencies. Although, this does not guarantee the safety of your cryptocurrencies but makes you more secure about your cryptocurrencies. You need to further use sense and knowledge to protect your coins from theft. Do not have more than the wallets you can not adequately protect. With all we have talked about above, I believe you have known the meaning of crypto wallets. There are many ways or means hackers can steal your wallet or cryptocurrencies, do not forget that wallets can be lost or damgaed.
There are many means to avoid these, and these are few listed below.

1. Use of cold wallets
Having hardware wallets does not also guarantee the 100% safety of your cryptocurrencies, you need knowledge and wisdom also to protect the wallet from scammers. And, for little convenience and storage purposes, hardware wallets are the best wallet. It is safe for storage of large amount of cryptocurrencies than online wallets.
Also, paper wallet is so safe as cryptocurrencies are also stored offline, but not convenient like hardware wallets.

2. Set up new email during wallet set up
Some wallets will seek for emails while signing up, the best to do is to use newly registered email. Also, creating a very strong passward for the email during the email registration.

3. Store private keys offline
You can keep private keys off the grid, this can be done by storing the private keys offline. It is better to write it on paper and also either duplicate or triplicate the keys in a safe place.

4. Don't store other sensitive information online
Not only private key shold ne stored offline, some people can make a mistake by storing passwords and other access codes online. This is very wrong because online storage are not secure or safe at all. The best thing to do, is to store these information on paper. Storing it on devices is not also advisable.

5. Back up your wallet
This is one of the common mistake that wallet users make, by not backing up their wallet. Back up will be helpful in case the wallet  device fails or is lost. So, with the back up files, you can completely recover back your wallet.

6. Protect cryptocurrencies from wallets malware
Malware are viruses, trojan or any other abnormal software that can unknowingly be installed on phones and computers. There are malware that can reveal private keys to hackers and also there are some that can change wallet address. Malware can be installed from short links or links from untrusted sites. Example of such sites are fake airdrops, mining, fake emails and other untrusted sites.

How to prevent crypto wallets from malware
  i.   Site that have http are not trusted, the trusted ones are https.
 ii.   Also, you will see a padlock at the left side of the URL.
iii.   Check for the domainlike me, I jse whois.net to check for site domain to know if it is fake or legit. Fake sites can contain
       malware.
iv.   Installed the latest antivirus and antimalware and keep it up-to-date
 v.   Restrict your crypto phone or computer from too much browsing. It will be more safer if you can use it only for wallet purposes.
vi.   Make sure you visit trusted sites. Only trusted websites or mobile sites are secured
 

7. Use separate wallet for daily transactions
As said above that having more than one wallet is the best, you can have both online and offline wallets. For daily transactions, online wallet will be best and more convenient, and also small amount of cryptocurrencies  will be kept on it. For saving cryptocurrencies, hardware or paper will be good.

8. Multi factor authentications
These makes your wallets safer. These are examples of multi factor authentications.

i. Pin, password and passphrase
For example, some wallet can demand for pin before getting access to the wallet. This is a very good feature of hardware wallets such as Trezor and ledger nano. And example of the passphrase are also seen on hardware wallets too that makes wallet impossible to be hacked by not revealing private key. The password required for signing in on web wallets all falls to this category.

ii. Two factor authenticators
As explain above, this fall to type two factor, this create additional later of protection. Example are 'andOTP, Authy, FreeOTP, Google Authenticator, Microsoft Authenticator. All mentioned are good but I will recommend the first three because google factor and microsoft authenticators are more attacked but although are not that vulnerable.

iii.  Finger print authenticator
This fall to the type three factor, this makes use of finger print to access cryptocurrencies  on wallets. Only someone's fingerprint can access the wallet.
All these together applied to one wallet is called multi factor authentications as explained above.

9. Do not reveal your private keys
Reveal private key to another person means you are revealing your wallet. Only what is needed for scammers to take over someone's wallet is the wallet private key.

10. Boasting on social media and forum or telling people about your wallets
Do not let anybody know about your wallets. Even, let no one know about you having wallet at all on social media and forum. Be secretive about your wallets.

11. Secure internet connection
Accessing wallets with wifi is dangerous. If the wifi is secure, there is no problem, but wifi is not recommended as it can be compromised. Use a secure and safe internet connection.

12. Taking security measures you can handle
Because of scam prevention, some wallet owners uses strong security measure that can make them not to recover back their cryptocurrencies. So, try to create a balance, between protection against scammers and loss due to wallet damage.

13. Using QR code, and triple check address before making any transactions
Most wallets now generation QR codes, use them to generator the address you are sending to, or copy and paste the address. After, check, re-check and check the address you are sending crypto to before sending it. Make sure the address is correct because malware can change the address to scammers address.

14. wallet updates
If there is a new wallet update, it is better not to update it for some days. Listen to news and also hear from such wallet users about the new wallet update, if it is not vulnerable or buggy.

15. Multisig wallet
As far as I know, this applies to only bitcoin, you can create a multi signature wallet in which more than one signature is required to sign a crypto transaction. In normal wallet, only one key is required to sign a transaction but in multisig wallet, more than one key is required. This create an additional protention for such transactions.  You can use the last two links to read about multisig. You can create a multisig wallet and have all the keys to make a transaction successful.

16. Treating your wallet like scammers are always at work
Always have it in mind that scammers are always at work, so, it is better to treat your wallet in such way too. Make sure you check wallet address before sending cryptocurrency. Handle your wallets while online with great care.


Conclusion
With all said above, what is mostly needed for keeping wallet and cryptocurrencies safe is knowledge, wisdom and common sense. Know that without common sense not reputed or safest wallets is 100% safe.



https://coinrivet.com/guides/how-do-cryptocurrency-wallets-work/11-ways-to-keep-your-bitcoin-wallet-safe/
https://bitcoinist.com/secure-cryptocurrency-wallet-16-simple-tips-beginners/
https://www.globalknowledge.com/us-en/resources/resource-library/articles/the-three-types-of-multi-factor-authentication-mfa/
https://en.m.wikipedia.org/wiki/Key_generation
https://medium.com/@renansdias/the-5-factors-of-authentication-bcb79d354c13
https://www.binance.vision/security/what-is-a-multisig-wallet?amp=1
https://support.bitpay.com/hc/en-us/articles/360032618692-What-is-a-Multisignature-Multisig-or-Shared-Wallet-

To have more knowledge about authentication, try this link.
https://www.alliancetechpartners.com/common-authentication-methods-used-network-security/
   
   

   
   

[1713997268]

1713997268

[1713997268]

1713997268

[Yogee]

When you talk about security, use open source cryptocurrency wallets like Electrum and Mycelium. Open source software would enable other developers or tech savvy users to review a wallet. With more eyes on the codes, the easier it is to point out any bugs and the faster it is to fix.

I would also avoid wallets that require emails. I don't think any wallet should store information about the owner.

[Charles-Tim]

When you talk about security, use open source cryptocurrency wallets like Electrum and Mycelium. Open source software would enable other developers or tech savvy users to review a wallet. With more eyes on the codes, the easier it is to point out any bugs and the faster it is to fix.

I would also avoid wallets that require emails. I don't think any wallet should store information about the owner.

Open source coding is the best in many aspect of crypto. Cryptocurrencies  are open source, people prefer open source apps like the 2 factor authenticator and also the best wallets so far are open source. The reasons people prefer open source is because anyone one can check for issues such as spyware and other abnormal softwares. They are safer because they are less vulnerable.

About the email I talked about, all the non-custodian wallets I am using require no email. I talked about custodian wallets and why they are not good to be chosen, they are the one requiring for email and other verifications. So, some people can still choose such wallets such as coinbase, the information can be useful for such people. But as for me, I can not use custodian wallet likewise I can not use wallets that require email. I prefer to stay anonymous due to phishing attacks.

[TryNinja]

I would also avoid wallets that require emails. I don't think any wallet should store information about the owner.

That's not even the major problem. Wallets that require email are most likely hosted by a third party, which means that they could probably steal the funds or freeze them if they want to. Also, if they go down, you have no access to your coins.  

You should always use self-hosted or offline wallets (Electrum, Samourai, Mycelium, Armory, Ledger, Trezor, etc...) where only you control the private-keys/seed and you are the only one responsible for your their safety. And of course, there is also the fact that they can track you more easily, like you said. But this is the least of the problems since you could even use a throwaway email merely for the wallet.

[Yogee]

Thank you for expanding on that TryNinja. I was thinking of new users who would even consider a wallet that requires an email when I made that feedback. I doubt that they will temporarily use that for purposes of testing or whatever so it's unlikely that they will use throwaway emails. I would still suggest to avoid them completely.

[o_e_l_e_o]

4. Store private keys offline
You can keep private keys off the grid, this can be done by storing the private keys offline. It is better to write it on paper and also either duplicate or triplicate the keys in a safe place.

It is not advisable to be hand writing your private keys on paper. As private keys are a long string of random alphabetical and numerical characters, writing them down is too prone to human error. Part of the reason seed phrases are so common is because they are much more human-proof, easier to read, easier to transcribe, easier to notice mistakes, easier to recover if a few letters become smudged or your handwriting is poor, etc. You should be writing your seed phrase(s) on paper, not your private keys.

  i.   Site that have http are not trusted, the trusted ones are https.

HTTPS protects from man in the middle attacks. It says nothing about how trusted the site using it is. Plenty of scam sites use HTTPS.

[RapTarX]

Wallet which requires email can never be a safe way to store your coins. That's are custodial wallets in most cases and don't give you the access of private key; non custodial wallet gives though. However, these wallets are very risky and you must never suggest anyone to use such wallets.

[Lucius]

Charles-Tim, for start check your post for typos (cusrodian ->custodian), you're using a ghost wallets expression, but most people will say fake wallets. Using preview button before posting can help a lot.

You've written a lot of good advices, but I don't think most will not even start reading because the post is too long, it should be a little more concise and compact. However, if a newbie applies at least some of what you write, it will be much safer than before.

[Banadony]

Every wallet requires the owner to have access to the paraphase, private key and password. if you loose access to your password. you can still recover your account as long as you can access your paraphase. you also need to include that there are many blockchain platform with different tokens/coins in their platform. owners are warned that exposure of their private keys means that they will loose everything.

[masulum]

Keeping on offline will be the first way to safe the wallet access (password, pin, key etc). But don't forget about your online activity while you are used any wallet for transactions no matter how strong your password or making good storage, if you are don't care with your online activity you still can lose your key.

As mentioned by OP, there will be potential hacking wallet through malware or phishing. sometime antivirus or browser extention will not detected phishing site as virus, but how you can check the sites domains will make you safe. Type with capslock to make sure the website address not a typos phishing sites.

[Charles-Tim]

4. Store private keys offline
You can keep private keys off the grid, this can be done by storing the private keys offline. It is better to write it on paper and also either duplicate or triplicate the keys in a safe place.

It is not advisable to be hand writing your private keys on paper. As private keys are a long string of random alphabetical and numerical characters, writing them down is too prone to human error. Part of the reason seed phrases are so common is because they are much more human-proof, easier to read, easier to transcribe, easier to notice mistakes, easier to recover if a few letters become smudged or your handwriting is poor, etc. You should be writing your seed phrase(s) on paper, not your private keys.

  i.   Site that have http are not trusted, the trusted ones are https.

HTTPS protects from man in the middle attacks. It says nothing about how trusted the site using it is. Plenty of scam sites use HTTPS.

I too prefer seed phrase, it consists of words than long numbers and alphabet that is hard to even write down. Duplicating the seed phrase and keep it in two different locations that are safe is the best. I agree.

About the https, your are right too, that why I added others like checking website domain and also restricting the device you use for wallets from online activities such as browsing. That, if used only for wallets is advisable.

Keeping on offline will be the first way to safe the wallet access (password, pin, key etc). But don't forget about your online activity while you are used any wallet for transactions no matter how strong your password or making good storage, if you are don't care with your online activity you still can lose your key.

As mentioned by OP, there will be potential hacking wallet through malware or phishing. sometime antivirus or browser extention will not detected phishing site as virus, but how you can check the sites domains will make you safe. Type with capslock to make sure the website address not a typos phishing sites.

Keeping cryptocurrencies  offline is the best but like you said, common sense must be applied.

Charles-Tim, for start check your post for typos (cusrodian ->custodian), you're using a ghost wallets expression, but most people will say fake wallets. Using preview button before posting can help a lot.

You've written a lot of good advices, but I don't think most will not even start reading because the post is too long, it should be a little more concise and compact. However, if a newbie applies at least some of what you write, it will be much safer than before.

Thank you so much for the correction and I will follow your advice.

[nakamura12]

It is very important and recommended that wallet owners should know how to keep his/her wallet safe. There are lots of people who try anything just to scam people even some created a fake website, airdrop and more just to fool anyone. It's good to see someone wants to help a fellow crypto enthusiast.

[Charles-Tim]

It is very important and recommended that wallet owners should know how to keep his/her wallet safe. There are lots of people who try anything just to scam people even some created a fake website, airdrop and more just to fool anyone. It's good to see someone wants to help a fellow crypto enthusiast.

You are so right, that is why I even wrote this article. Some people claim some wallets to be 100% safe but protecting such wallets is mandotory because they can be astill vulnerable to hackers malicious activities. So, that is why I included common sense, because if common sense is applied with knowledge, no hacker will get through your wallet.

[khaled0111]

5. Back up your wallet
This is one of the common mistake that wallet users make, by not backing up their wallet. Back up will be helpful in case the wallet  device fails or is lost. So, with the back up files, you can completely recover back your wallet.

It's also worth mentioning how important encrypting the wallet file is. When encrypted, even if hackers get their hands on it, it will be worthless and they will not be able to steal your funds.
Also, it is highly advised to make multiple copies of the encrypted wallet file and save each one of them in a different location.

15. Multisig wallet
As far as I know, this applies to only bitcoin

afaik, you can create multi-signature wallets for few other coins. It's not restricted to bitcoin.

[xiboothrezi]

~
8. Multi factor authentications
These makes your wallets safer. These are examples of multi factor authentications.
~

This is one way that should not be missed. As a crypto enthusiast, this must be organized properly for the security of the wallet. (1) As much as possible use your email, cellphone number, specifically for your main wallet, turn on all notifications so that if anyone tries to enter using your data it will be immediately known. (2) use a password with a combination of letters, numbers, and special characters. (3) use special books or anything to write passwords, phrases, etc. as backup files, this is important, don't ignore them.
Regarding 2fa, for each new creation, don't forget to save the approval code or screenshot to make it easier to move or add to the device.

[pooya87]

Regarding 2fa, for each new creation, don't forget to save the approval code or screenshot to make it easier to move or add to the device.

taking screenshots or basically any form of digital copy of your secrets such as 2FA secret, passwords, private keys,... is a fatal flaw. you should always try to make a physical backup from these things that would be writing down your 2FA secret on a piece of paper instead.

[MrcMrc]

I like this great article, it is really helpful and informative. But about the wallet, I will advise people to only use non-custoduan wallet like trezor, ledger nano, keepkey, electrum, exodus, mycelium and conomi. There are other trust worthy non-custodian wallets. You have your private key and seed phrase. They are the best.

[Charles-Tim]

Regarding 2fa, for each new creation, don't forget to save the approval code or screenshot to make it easier to move or add to the device.

taking screenshots or basically any form of digital copy of your secrets such as 2FA secret, passwords, private keys,... is a fatal flaw. you should always try to make a physical backup from these things that would be writing down your 2FA secret on a piece of paper instead.

This is right, if the back up is on phone, if the phone is damaged, the backup will damaged with it. Very possible on computers that malware can be installed by hackers to reveal backups on computers. Getting the backup on paper and laminating it is the best.

[StonerStanley]

6. Protect cryptocurrencies from wallets malware
Malware are viruses, trojan or any other abnormal software that can unknowingly be installed on phones and computers. There are malware that can reveal private keys to hackers and also there are some that can change wallet address. Malware can be installed from short links or links from untrusted sites. Example of such sites are fake airdrops, mining, fake emails and other untrusted sites.

How to prevent crypto wallets from malware
  i.   Site that have http are not trusted, the trusted ones are https.
 ii.   Also, you will see a padlock at the left side of the URL.
iii.   Check for the domainlike me, I jse whois.net to check for site domain to know if it is fake or legit. Fake sites can contain
       malware.
iv.   Installed the latest antivirus and antimalware and keep it up-to-date
 v.   Restrict your crypto phone or computer from too much browsing. It will be more safer if you can use it only for wallet purposes.
vi.   Make sure you visit trusted sites. Only trusted websites or mobile sites are secured

Just one thing.
What is a "trusted website" ? if it's a popular website sorry but they are not especially more secure (or at least fully trustable) than the unknown websites. People shouldn't think like that, they will become too confident.
Also it won't prevent them from being infected by a malware posted in a wallet that come from a link in bitcointalk or like in Ccleaner when the website has been hacked.

[pooya87]

Regarding 2fa, for each new creation, don't forget to save the approval code or screenshot to make it easier to move or add to the device.

taking screenshots or basically any form of digital copy of your secrets such as 2FA secret, passwords, private keys,... is a fatal flaw. you should always try to make a physical backup from these things that would be writing down your 2FA secret on a piece of paper instead.

This is right, if the back up is on phone, if the phone is damaged, the backup will damaged with it. Very possible on computers that malware can be installed by hackers to reveal backups on computers. Getting the backup on paper and laminating it is the best.

there are a couple of mediums that could be used to create a "paper wallet" with paper being the most common because it is easily accessible and is cheapest option. otherwise using wood, plastic or metal plates is also an option with the last one being the safest but harder to come by and create.