Summary
Whether buying, storing or investing, cryptocurrencies must always be kept safe. In most cases, lost currency and tokens can never be recovered.
If you trade cryptocurrencies on a centralized exchange, please choose identity verification (KYC) and anti-money laundering (AML) checks to comply with regulations trading platform. Audited peer-to-peer transactions and decentralized trading platforms are the most secure.
In this article, we will look at several ways to safely store cryptocurrency. Storing cryptocurrencies on a regulated exchange is ideal for beginners and traders. However, the keys to the wallet are not owned by the user.
The key of the non-custodial wallet is kept by the user, which is more secure. It is safer to store your currency in an offline wallet such as a cold storage device. Both methods require that the private key is properly stored offline in a secure location.
Use audited DApps to improve security, and regularly check which DApps have permission to use the wallet. After using the DApp, the permissions should be released immediately.
At the heart of cryptocurrency is the concept of self-sovereignty, where users can act as their own personal bank. If your money is properly guarded, it will be safer than even the most heavily guarded bank vault. But if not, the assets in your digital wallet will be at risk of remote theft.
Learning how to properly protect your cryptocurrencies is a critical step on your crypto adventure. Storage is only one aspect of security. Today, many cryptocurrency holders interact with DApps in the decentralized finance (DeFi) space and should also learn how to use their currencies safely.
Just like you refuse to entrust your funds to companies with questionable credibility, you should not use DApps to trade tokens. The same goes for exchanges for buying and trading cryptocurrencies. In this guide, we’ll discuss the best tips for keeping your crypto assets safe no matter where they are stored.
Buying Cryptocurrency Today, There are many platforms. These include centralized exchanges, decentralized exchanges (DEX), cryptocurrency ATMs, and peer-to-peer transactions. Each platform has different safety factors and each has its own advantages and disadvantages. For most users, a reputable centralized trading platform offers the perfect blend of convenience and security.
Centralized exchanges such as Binance provide security through increased supervision, anti-money laundering (AML) measures, and identity verification (KYC) checks. Early cryptocurrency trading platforms had problems. Through the unremitting efforts of the government and trading platform operators, the trading environment has been significantly improved.
If you want to use the trading platform, you need to transfer funds to its custodial wallet. The responsibility for ensuring the security of tokens is entrusted to the trading platform, which provides security protection based on individual risk profiles. If you are new to wallets or new to cryptocurrencies, it may be safer to use an exchange wallet. This will prevent you from accidentally locking yourself out of your wallet and losing your cryptocurrency in vain.
However, some users prefer the security of having direct control over their funds. You may have heard "It's not your keys, it's not your tokens." Anyone else can control your cryptocurrency without actually owning the wallet. To learn more, you can read the chapter on storage later.
If you decide to use a peer-to-peer service or a decentralized trading platform, you can improve security from the following points. Check for DEX-specific audits from reputable sources. We’ll cover auditing in detail later. Binance will also provide DEX based on the company’s security and reputation.
If you need to use point-to-point services, both buyers and sellers need to pass identity authentication. Ideally, hosting services should also be provided. While it doesn't completely eliminate risk, holding funds in an escrow service with a third party can try to protect buyers and sellers from being scammed.
If you register for a trading platform or selected trading method, good practices that comply with standards can protect the security of your account. These suggestions are no different from those you would use to protect your online bank account or other sensitive information. You can easily prevent others from stealing your account and funds by:
1.Use a strong password and regularly replace. Passwords must not contain personally identifiable information such as birthdays. Passwords must be long and unique to the account, consisting of symbols, numbers, and uppercase and lowercase letters.
2.Enable two-factor authentication (2FA). If the password is accidentally leaked, 2FA will activate a second layer of protection using a mobile device, authenticator app, or YubiKey. When logging in, a password and 2FA method are required.
3. Beware of phishing attacks and scams in email, social media and private messages. Scammers frequently impersonate trading platforms and trustworthy people in an attempt to steal funds. Also, do not download software from unknown sources, which may contain malware.
For more information on keeping your account safe, read our 7 Simple Steps to Safeguard Your Binance Account guide .
After you have purchased or traded some cryptocurrencies and secured your account, the next important task is to store your cryptocurrencies in a safe location. If you are not depositing it to an exchange for future trading, then the only option is to store it in a wallet. Wallets vary in their private key ownership and networking methods. Which wallet you choose depends on the level of security you wish to achieve.
The private key is identical to the real key and unlocks the cryptocurrency for spending. Keeping private keys properly and using them safely is a top priority for overall security. A key is just a long string of numbers that is so complex that no one can guess it accurately. Use "1" to represent the positive side of the coin and "0" to represent the negative side of the coin. Toss the coin 256 times to get the final private key. The following is a private key just generated. It is encoded in hexadecimal (using the digits 0-9 and the characters a-f), thus rendering it in a more compact way:
8b9929a7636a0bff73f2a19b1196327d2b7e151656ab2f515a4e1849f8a8f9ba
If you search for the above numbers on Google, you will not find anything except the above numbers. Any results outside of this article (Unless the number is later copied to another location). This reflects the randomness of this string of numbers. Before this, the probability that other people had seen this string of numbers was extremely slim.
The above example still cannot fully prove that the private key is completely random. In fact, the number of private keys is close to the number of atoms in the known universe. Simply put, this is a vital security principle for cryptocurrencies like Bitcoin and Ethereum. Your tokens are hidden within an incredibly large range, so security is guaranteed.
If you have ever received funds, you will be familiar with public addresses, which are also strings of random numbers. The public key is obtained by performing some encryption process on the private key, and the public address can be obtained by hashing the public key.
This article will not introduce its principle in detail. All you need to know is that it is easy to generate a public address from a private key, but it has so far been impossible to generate a private key from a public address. Therefore, you can safely publish your public address on blogs, social media, etc. As long as there is no corresponding private key, no one can spend the funds.
If you lose your private key, you will not be able to use your funds; if someone cracks your private key, the funds will be lost. can be used for it. Therefore, it is particularly important that you keep your private keys safe and out of the sight of criminals.
Please note that today’s wallets rarely use a single private key, but are hierarchical deterministic (HD) wallets that can store Billions of different private keys. All you need is a mnemonic, a set of human-readable words from which you can generate the private key mentioned above. The mnemonic phrase will look like this:
strike sadness boss daring voice connect holiday vintage quantum pony stable genuine (Fight Sad Boss Brave Voice Connection Holiday Ancient Quantum Pony Stable Gene)
Unless you choose to use a single private key , otherwise you will be asked to back up the helper words when creating a new wallet. When discussing key storage later, the term key stands for private key and mnemonic phrase and is used interchangeably.
12, 18 or 24 digit mnemonics are key to security. Someone who obtains the mnemonic phrase can enter the key into a personal wallet and steal the funds. You may also have a JSON file or a standalone private key that functions the same as a mnemonic phrase. Think carefully about how you manage your keys with the following tips.
1. It is not recommended to store mnemonic phrases on networked devices. Mnemonic phrases are exposed to security threats if a virus is downloaded or if the computer is hacked and remotely controlled.
2. Offline storage is more secure. Mnemonic phrases can be stored on physical or offline devices. Even if you use a cold storage device, which will be discussed later, it should be properly backed up to avoid losing access to the keys if the device is damaged.
3. If you decide to store the mnemonic in a physical object, you should carefully consider the materials used and the storage location. Writing your mnemonic words on paper is not a good idea and can easily be destroyed or lost at home. You can choose to keep it in a safe in a safe location or deposit your seed phrase in a bank. Some people even engrave the mnemonic into non-breakable metal or use metal fonts on the mnemonic pad.
Wallets are divided into hot wallets There are two types of wallets and cold wallets, with different security levels. Both types of wallets cover a range of different solutions – read Cryptocurrency Wallet Types Explained for examples. Let’s understand the differences between the two wallets.
Hot wallets refer to all digital currency wallets that are connected to the Internet (such as smartphone and desktop wallets). Hot wallets tend to provide the most consistent and smooth user experience, making it very convenient to send, receive, and trade digital currencies and tokens. However, this convenience often comes at the expense of a certain amount of security.
Hot wallets are connected to the Internet and are therefore vulnerable to attacks. Although private keys are never broadcast at any time, devices connected online may be infected with viruses or remotely accessed by criminals.
But this does not mean that the hot wallet is not safe at all, it can only be said that it is not as safe as the cold wallet. Hot wallets are more practical, so they are often the first choice for holding small amounts of currency.
To eliminate significant online attack vectors, many people choose to keep their keys offline at all times. This is where cold wallets come in. Unlike hot wallets, cold wallets are not connected to the internet. Some cryptocurrency holders previously kept paper wallets, a piece of printed paper with the wallet's private key (usually a QR code) printed on it. Today, we consider this approach outdated and a security risk. The best option for cold storage is definitely a hardware wallet.
Hardware wallets (such as Trezor One or Ledger Nano S) are designed to adopt similar principles of offline custody of private keys while focusing on optimizing the user experience. Designed specifically for storing digital currency, these wallets are more portable and less expensive than a full computer.
This physical device securely stores private keys and does not require an Internet connection. A good hardware wallet ensures that the private keys never leave the device. They are usually stored in a special location in the device and cannot be removed. To learn more, read What is a Hardware Wallet (and Why to Use It).
In recent years, the hardware wallet industry has developed rapidly, with dozens of different products emerging on the market. You can check out reviews of these devices on Binance Academy.
You can also choose a custodial or non-custodial wallet, indicating whether it can access and control the private keys. If you use an online service such as a cryptocurrency exchange, you are not yet a true currency holder at the protocol level. Instead, your funds and keys are hosted and managed by the exchange (hence the term “custodial wallet”). In most cases, trading platforms will use both hot wallets and cold wallets to protect the safety of users' funds.
So if you want to trade Bitcoin with Binance Coin, the trading platform will lower your Binance Coin in the database balance and increase your Bitcoin balance. The above process does not involve blockchain transactions. Only when you decide to withdraw your Bitcoins will the exchange be asked to sign the transaction on your behalf. The exchange then broadcasts the transaction to the network, thereby transferring the tokens to the Bitcoin address you provided.
Cryptocurrency trading platforms are a very convenient choice for users who are willing to hand over their funds to third-party custody. Acting as your own personal bank also comes with the risk of being solely responsible if things go wrong.
If you accidentally lose your private key, your funds will never be recovered. And if it's your account password that's lost, just reset it. It is still possible that your login information may be stolen, and you must take appropriate precautions as described above to ensure the security of your account.
Unfortunately, there is no standard answer to this question. Otherwise, this article could save a lot of space. Which solution to adopt depends largely on your personal risk appetite and how you use your digital currency.
For example, active swing traders have different needs than long-term holders. In addition, institutions that handle large amounts of funds must set up a multi-signature mechanism, that is, transferring funds requires the consent of multiple users.
For ordinary users, it is a good way to store infrequently used funds through cold storage. A hardware wallet is the simplest and most straightforward option, but make sure to store a small amount of money that you can afford to risk when you first try it. In addition, keys must be securely backed up in accordance with the above recommendations to prevent device loss or malfunction.
Online wallets are ideal for purchasing goods or services with small amounts of money. If a cold storage device is like a savings account, then a mobile wallet is like a physical wallet that you carry around with you. The best-case scenario is that losing the amount you have stored will not cause serious financial problems.
Escrow solutions are an excellent choice for operations such as lending, staking, and trading. However, before committing money, it is recommended to develop a detailed capital allocation plan (such as a position sizing strategy). Please note that cryptocurrencies are extremely volatile, so never invest more than you can afford.
If you need to stake tokens, please use it in blockchain games or participate in decentralized finance (DeFi). You need to interact with DApps as well as smart contracts. The user must allow the DApp to use the funds in the wallet. The following uses SushiSwap as an example.
p>
For example, granting automatic trading permissions to PancakeSwap will allow it to conduct automatic transactions such as adding multiple tokens to the liquidity pool. . DApp combines different steps to save time. While effective, there are risks associated with this approach.
Unless you have studied smart contracts and clearly understand their operating principles, there will be opportunities for backdoor intrusion. Generally speaking, projects need to go through audits to prove the security of their smart contracts. Certik is a well-known audit service provider, and even with such a reputation, security cannot always be guaranteed.
Unsafe projects will apply for permission to transfer unlimited or high amounts of tokens. Inexperienced users are likely to accept this request and become victims of scams. Even if the funds are transferred out of the DeFi platform, the project may still have some control and the opportunity to steal the funds. Hackers also attempt to control and abuse smart contracts. At this time, if the corresponding permissions are turned on for the project, you may encounter such risks.
You should regularly check which permissions are enabled for your wallet. If using Binance Smart Chain (BSC), BscScan has a token approval viewer tool that can check and remove any permissions.
First, copy and paste the BSC BEP-20 address. Then, click the search icon on the right.
You can now see the list of smart contracts that have permissions in the account and the number that have passed approval. To remove permissions, click the button in the red circle below.
As mentioned above, it is safer to invest in tokens and currencies in audited projects. If interacting with smart contracts, staking tokens in a pool, or providing liquidity, it is recommended to always look for projects that pass audits.
The audit will analyze the DApp’s smart contract code. They are responsible for finding backdoors, exploitable scripts, and other security issues. These issues are reported to the project creator, who is responsible for changing the code. All changes will be reflected in the final report, showing users a clear and complete audit process. The final report will be released to the public.
Although an audit does not guarantee the safety of the project, the security of funds can indeed be improved. Putting money into a project that fails an audit is extremely risky. Some smart contracts handle large amounts of money and can easily attract the attention of hackers. If auditors fail to check the code, these contracts become easy targets.
Certik regularly updates the list of audited projects, project rankings (100 in total) and other important information.
Unfortunately, cryptocurrency Attracted many criminals. They attempt to take the opportunity to hack into other users' accounts and steal cryptocurrency. Once funds are stolen, there is usually no way to recover them. Criminals take advantage of the anonymity of cryptocurrencies and the direct control of large sums of money by many users.
You should always be vigilant and refuse to transfer funds to users you do not know. Before transferring money, you must also carefully check the identity information of the other party. The following are the most common scams to be wary of:
1. Phishing - You may have received a transaction Emails sent by the platform or other services used, requiring you to log in to your account or provide personal information. This may be a scam intended to steal information.
2. Fake trading platform - Some mobile apps or websites often imitate the appearance of trading platforms. After entering personal information, criminals will take the opportunity to steal real accounts.
3. Extortion - Criminals may send malware to steal files at will. Users are likely to redeem the files using Bitcoin or other currencies, but they may not receive the files after payment.
4. Pyramid and Ponzi schemes - Criminals invite you to join new projects and buy them tokens, or complete a special transaction that requires payment of cryptocurrency. However, these overly tempting conditions are often a sign of a trap. You must do your own research to make sure your investment is safe.
5.Impersonation - Criminals often pretend to be an official, someone you trust or even a friend . They will ask you for passwords or information that is usually kept strictly confidential. In this case, you must repeatedly confirm whether the other party is you.
To learn more about these scams and prevention strategies, please read our 8 Common Bitcoin Scams and How to Prevent them Strategy Guide.
『Please refuse to provide any information to unknown calls or SMS』
Be alert if a stranger asks you for your password or personal information via email, SMS or phone call.
Secondly, using fake USDT to defraud is also a very common method in recent times. The scammer will claim to have accidentally transferred USDT to your wallet by mistake, and needs you to transfer it back to him immediately. In this case, you can first go to different block browsers such as Etherscan and Bscscan to carefully check whether the USDT contract address and transaction data are correct.
In addition, if you encounter an unknown exchange, it is best to DYOR and research it on Coinmarketcap. If you can't find it on the Coinmarketcap page, you should be alert.
"Do not click on unfamiliar links and do not believe in good rewards"
If the user is interested in Paying more attention to these three aspects can help you avoid having your assets stolen.
1: Scammers are mostly active in Telegram and Discord. They will chat with you privately first and slowly win you over. of trust. Then I will send you a fake wallet link, asking you to open an account and enter the wallet mnemonic phrase. The scammer will give you a commission every day in the fake wallet. When you think it is safe and transfer your own assets, you will find that the assets have been stolen by the scammer and transferred to other wallets.
2: Be sure to carefully check whether the Dapp link is consistent with the official web address. Many scammers play tricks on the website to make users believe it is true. Once the user authorizes the wallet or imports the wallet, the user's assets will be stolen.
3: Don’t be greedy for petty gains. Many scammers seize on the mentality of ordinary people who love petty gains to defraud. Scammers will create their own Dapp and provide higher annualized rates than normal exchanges in the program to attract users. But when you want to transfer all assets to this Dapp and withdraw money later, the URL will become 404.
The above painful experiences let us know the importance of verifying the security of websites and Dapps. Reader 4 Myron also provides some verification of Dapp security The sex method is for your reference.
[Carefully verify the authenticity of the website]
When many users interact with Dapp, they are used to Search directly in the browser and click on the website option at the top. However, there is a chance that you will fall into a scam by criminals. Today's scammers have learned to use advertising to make fake websites appear in the priority display list of search engines. If users accidentally click on the fake website and link their wallets to the website, they may lose all wallet assets.
Therefore, you must carefully check that the website you want to use is correct. Here are several methods:
1. Click on the announcement URL from the official community of the Dapp project (such as Twitter, Discord, Linktree, Telegram).
2. After entering the Dapp official website for the first time and using and linking the wallet, add the URL to your browser bookmarks , when using the DAPP in the future, only click on the bookmarked URL instead of searching in the browser again.
3. If you search for Dapp from the browser, carefully check whether the URL of the website is abnormal or obviously not the correct URL; or When entering a Dapp website that you have already used, if an unusual link or authorization instruction appears asking for a signature, do not connect to your wallet and exit the website as soon as possible.
In terms of cryptocurrency security, today’s blockchain field provides Many safety measures. From trading to storing to using cryptocurrencies, help keep your money safe with these simple tips. There are pros and cons to each storage option, so it's important to understand the tradeoffs. Again, no matter which platform you invest your money or cryptocurrency in, be sure to do your own research.
【Common FAQ related to preventing fraud]
1. What technology does Binance use to ensure the security of our users’ assets?
A: Security products: KYC, BOVC, 2fa, anti-phishing code, withdrawl whitelist
Security protection: data protection, intelligence, risk/security detection, monitoring and defense
Security investigation: combating illegal funds, assisting LE in investigation, BNB chain security
2. Q: Now Most scams involve hackers. Is it becoming more and more difficult to avoid?
A: https://academy. binance.com/zt/articles/5-common-cryptocurrency-scams-and-how-to-avoid-them
3 , Q: Nowadays, most scams are done with hackers. Is it becoming more and more difficult to avoid?
A: https://academy.binance.com/zt/articles/5-common-cryptocurrency-scams-and-how-to- avoid-them