Crypto Protections: How to Protect Your Cryptocurrency Coins and NFTs from Hackers

4 min read

crypto security

Losing money is not limited to cryptocurrency price fluctuations. Take precautions to stop your coins and NFTs from being stolen.

With crypto prices in free fall, crypto firms laying off thousands of workers and coins that are considered “stable” losing all their value, it’s more important than ever to secure your remaining portfolio.

The current crypto crash isn’t the only way people are losing their money. There have been an increasing number of scams that give thieves access to your accounts and crypto assets. Just recently in May, Seth Green had several NFTs worth over $300,000 stolen, after the actor connected his crypto wallet to a scam website pretending to be a credible NFT project.

Protecting your crypto means taking some of the same steps you’d use to safeguard your other digital accounts, such as creating and using strong passwords. However, crypto accounts have unique characteristics like seed phrases that require additional security. Also, the crypto industry still lacks the regulatory framework necessary for the retrieval of your crypto assets if they’re stolen.

In this story, we’ll cover several ways you can protect your cryptocurrency and NFTs from being purloined and explain why it’s worth taking the time to properly secure your digital assets from being stolen. For more on crypto, learn five questions every investor should ask about cryptocurrency and the latest details on bitcoin’s wild price swings.

Always follow these two basic password security rules

One of the easiest ways to protect your digital assets is with strong passwords. Ideally, you want your passwords to be at least eight characters long and include random capital letters, numbers and other special characters. If you can make your password longer, however, you should, because the longer the password, the harder it is to crack, in theory.

If you’re worried about remembering all of your long, complicated and unique passwords, consider using a password manager, which makes it simple and secure to store and use your passwords from one place. We recommended choosing a password manager with encrypted storage and two-factor authentication for extra security.

Also, when creating an account, never repeat your passwords. If one of your accounts is compromised, your others will also be at risk.

Secure password
A strong password is vital to keeping your digital assets secure.

James Martin/CNET

Use a hardware crypto wallet for your most treasured assets

Your crypto wallet serves as the gateway to your crypto assets. “Hot” wallets such as software or mobile apps operate online, while “cold” wallets are hardware devices that work offline. Crypto wallets don’t hold the actual coins or tokens — they store the private keys that prove you own your crypto assets and let you buy, sell or trade on blockchains.

Anytime you purchase cryptocurrency or NFTs, they must be stored somewhere. Most people keep their assets in a digital wallet or marketplace, such as Coinbase or MetaMask, because they’re free and easy to use, but for your most valuable holdings, you may want to consider a physical wallet.

You can store cryptocurrencies and NFTs on a physical disk that you can connect to a computer to access via a hardware, or cold, wallet. When holding digital assets that are particularly valuable, hardware wallets are the preferable choice because they are typically harder to hack into.

Hardware wallet in hand
The Trezor One hardware wallet ($48.49) works with bitcoin, ethereum, litecoin and a variety of other cryptocurrencies.


Here’s more on the different types of crypto wallets.

Keep the seed phrase for your crypto wallet secure and offline

Most crypto wallets employ a seed phrase in addition to a password for added protection. Every time you set up a new wallet, this seed phrase—which functions as a master password—is generated. When you forget your password, you can restore your account by using a seed phrase, which is a group of 12 or 24 words, to sign in to your account on other devices.

Although this seed phrase adds protection, it also carries a danger because anyone who discovers it could possibly take all the cryptocurrency assets listed in your wallet. Although you might be tempted to save your seed word somewhere online, it’s important to write it down so that it can’t be accessed by anyone.

Once you write down your seed phrase, store it in a safe or lockbox, so that it’s not easy for anyone else to access. Specialized seed phrase hardware tools, like Cryptosteel and Crypt Keeper, can securely store your 12 or 24 words in a portable system that’s protected from fire and flooding.

Log into your wallet right away and create a new seed phrase if your seed phrase is either lost or stolen but you still remember your password.

Seed phrase generator
This is an example of a randomly created 24-word seed phrase.

Nelson Aguilar/CNET

Be wary of frauds in direct messages on Discord

One of the unofficial hangouts for the crypto and NFT groups is Discord. Many cryptocurrency fans go there to talk about recent and upcoming NFT projects, cryptocurrency values, current affairs, and even their personal lives. Discord is used by supporters of NFT initiatives to create communities, but it’s also where thieves and hackers go to compromise accounts.

This is how it goes: You can receive a direct message from a hacker who poses as a member of a project that you follow and find interesting. The DM appears legitimate, usually makes the claim that you may mint an NFT that is hard to get for a reasonable price, and offers a link to click. However, your wallet is emptied of all of your NFTs and cryptocurrency when you click the link, connect your wallet, and try to buy the NFT. Furthermore, there is no genuine way to get it all back.

When trying to mint or buy a newly generated NFT, the most crucial piece of research you can do to prevent falling for a phony NFT website is to use verified channels to identify the right website. Use numerous web resources, such as Google, Twitter, and Opensea, to confirm that you have the correct URL for the project, even if you obtain a link from what appears to be a reliable source.

Disabling DMs on Discord is an even easier way to avoid falling for a scam. Open the Discord app on your mobile device, tap your profile image in the lower right corner, select Privacy & Safety, and turn off Allow Direct Messages From Server Members. On Discord, you won’t get any more direct messages.

Direct messaging screen for Discord
Discord is where people go to discuss cryptocurrency and NFTs, as well as prey on potential victims.


Don’t fall for support scams on Twitter

Similar to Discord, Twitter is a haven for hackers trying to trick unwary victims into handing over their assets.

Every time the terms “stolen account,” “lost password,” or even “MetaMask” are mentioned on Twitter, a hacker army may reply, offering to assist in recovering lost property or regaining access to accounts. Afterward, hackers might DM you for your seed phrase in order to steal your crypto or NFTs.

Go directly to Twitter’s official customer service page if you need assistance. Even if an account is validated, never ever give out your seed phrase to anyone because even verified accounts can sometimes be accessed by hackers.  And never share your screen.

Elon Musk's Twitter account on a mobile phone, in front of a Twitter logo
Not even Elon Musk can stop these Twitter scammers.

James Martin/CNET

For more about cryptocurrency security, learn whether it’s possible to insure bitcoin and how the Securities and Exchange Commission is taking on crypto fraud.

Via this site

Have A Story? Get Featured On Fraxfacts Plus 100+ More Exclusive Crypto News Sites