With Bitcoin, you are your own bank โ which means you're also your own security team. There's no customer support to call if your funds are stolen, no "forgot password" button if you lose access. This guide covers the essential practices that protect your bitcoin from theft, loss, and human error.
Your seed phrase (12 or 24 words) is the master key to all your bitcoin. Anyone who has it can steal your funds. If you lose it and your device breaks, your bitcoin is gone forever. Protecting this phrase is the single most important security practice.
โ Do This
Write it on paper or stamp it into metal. Store in a fireproof safe. Keep copies in separate physical locations. Consider a bank safety deposit box.
โ Never Do This
Never photograph it. Never store it in email, cloud storage, notes apps, or text messages. Never type it into any website. Never share it with anyone.
โ ๏ธ Critical Warning
No legitimate service, wallet, or support agent will ever ask for your seed phrase. Anyone requesting it is attempting to steal your funds. This is the most common social engineering attack in crypto.
Hardware wallets store your private keys on a dedicated device that never exposes them to your computer or the internet. Even if your computer is infected with malware, a hardware wallet keeps your keys safe.
โ Do This
Buy directly from the manufacturer (Ledger, Trezor, Coldcard). Verify the package seal is intact. Set a strong PIN. Enable passphrase for extra security.
โ Never Do This
Never buy a used hardware wallet. Never buy from third-party sellers on Amazon/eBay. Never use a device with a pre-filled seed phrase (it's a scam).
For any account connected to your crypto (exchanges, email, cloud storage), 2FA adds a second layer beyond your password. But not all 2FA is created equal:
โ Best 2FA Options
Hardware security keys (YubiKey) โ strongest. Authenticator apps (Google Authenticator, Authy) โ very good. Both resist SIM swap attacks.
โ Avoid SMS 2FA
SMS-based 2FA is vulnerable to SIM swap attacks. Attackers call your carrier, port your number, and receive your codes. Many crypto thefts use this vector.
Phishing is the most common way people lose crypto. Attackers create fake websites, emails, and social media messages that mimic legitimate services to steal your credentials or seed phrases.
โ Do This
Bookmark exchange URLs and only use bookmarks. Verify the URL starts with https and shows the correct domain. Type URLs manually โ never click email links.
โ Never Do This
Never click links in "urgent" emails about your account. Never enter credentials from a Google ad link. Never trust DMs offering crypto support or giveaways.
๐ก Address Verification
Always verify the full recipient address before confirming a transaction. Clipboard-hijacking malware can replace the copied address with an attacker's address. Check at least the first 6 and last 6 characters every time.
Multi-sig wallets require multiple private keys to authorize a transaction. A common setup is 2-of-3: you need any two of three keys to spend. This protects against single points of failure.
2-of-3 setup: Three keys stored in different locations. Any two can sign. Lose one key? Still access funds with the other two.
Theft protection: Even if an attacker compromises one key, they cannot move funds without a second key stored elsewhere.
Understanding how attackers operate helps you defend against them:
SIM Swap
Attacker ports your phone number to their device, intercepts SMS 2FA codes, accesses your exchange account.
Clipboard Hijacking
Malware monitors your clipboard and replaces copied Bitcoin addresses with the attacker's address when you paste.
Fake Wallet Apps
Counterfeit wallet apps in app stores that look legitimate but send your seed phrase directly to the attacker.
Social Engineering
"Support" DMs on Discord/Telegram asking for your seed phrase to "fix" an issue. Always a scam โ no legitimate service asks for this.
If you use exchanges for trading, minimize your exposure:
โ Do This
Enable withdrawal whitelisting. Set up address book with delay. Use hardware key 2FA. Only keep trading amounts on-exchange. Withdraw the rest.
โ Never Do This
Never store life savings on an exchange. Never use the same password across exchanges. Never skip the withdrawal delay/whitelist features.
๐ก The Golden Rules
Not your keys, not your coins. Never share your seed phrase. Verify every address before sending. Use hardware wallets for significant amounts. Security is a habit, not a one-time setup.
๐ช Track Bitcoin and crypto in real-time
Open Tracker โ