With the advancement of technology and the onset of a pandemic, many countries have seen a sharp increase in fraudulent activity on the Internet. This is also not spared by the cryptocurrency sphere – for example, according to the company SonicWall, which specializes in ensuring the security of user data on the Internet, in 2020 the number of hacked crypto accounts around the world increased by 28% compared to 2019.
At the same time, scammers most often use the same methods – a striking example is the recent case with Flux tokens, which became successful due to the carelessness and credulity of cryptocurrency owners.
In the Flux article, we told you how to protect your crypto account from hacking, and today we present 10 tips for ensuring security on a cryptocurrency exchange.
Remember: Although the creators of exchanges, for their part, try to ensure the safety of users’ assets, the integrity of your funds is, first of all, your concern… Do not think that scammers only encroach on accounts with large amounts – if you have at least some assets and they are poorly protected, smart people will not fail to steal them.
# 1 Create a separate mail for registration on the crypto exchange
Fraudsters often gain access to cryptocurrency accounts through mail, which people use for everything. By the amount of spam that comes to Yandex, Google and Mail Ru email addresses, regardless of the complexity of a person’s email address, it is obvious that you should not rely on their security.
Modern hackers are capable of embedding malicious code or a phishing link even in an email sent directly from the server of an online store, so it is better to use a completely separate address for registration on the exchange, which is no longer tied to anything.
Ideal option: create a mailbox on a paid service with increased data protection. The subscription price for such services depends on the number of services included in it. Some of the most popular are:
- ProtonMail is an email and VPN service. Cost – from free option to € 288 per year;
- MailFence – email. Cost – from free to € 300 per year;
- CounterMail is email. Cost – from $ 29 for six months to $ 79 for 14 months.
- Tutanota – email and secure connection. Cost – from € 12 per year and no upper limit.
You cannot get to their sites directly from the Russian Federation – you will have to use a workaround through a VPN. The services on the list are just examples, in fact, there are many of them, and you can choose the one that suits you.
After creating the mail, be sure to:
- Link it to a phone number. Ideal option: to a SIM card inserted into a phone that does not have an Internet connection;
- Turn on two-factor authentication (2FA) – Google Authenticator, FreeOTP, Plesk and other analogues;
- Delete letters coming from unverified and unknown addresses (even if they are marked as important or confirmed);
- Do not send your personal data to anyone via mail;
- Use a separate mail for each exchange.
# 2 Go to the exchange website and log in manually
Do not go to the exchange website using a link from letters, through search services and banners on third-party resources. Remember the address of your exchange and enter it into the line manually each time. Be sure to check that the SSL certificate in the site address contains https – this means that the site supports data encryption.
There are only two situations when you can go to the exchange website using a third-party link:
- When you sign up from an affiliate – for example, Pokeroff has a verified link to Binance. Affiliates take responsibility for the security of the link they provide;
- When you need to confirm your email at registration. Before clicking on this link, make sure that it was sent from the correct address of the exchange – you can usually find mail on the website of the crypto exchange in the section with contacts.
For each authorization on the exchange, it is also worth entering data manually – although the autocomplete services (password managers) store your data in encrypted form, it is better not to rely on them in this regard. One of the safest options for authorization with modern exchanges is also a QR code entry – in this case, you do not need to enter any data, just scan the code through the exchange application on your mobile device.
# 3 Come up with a strong password and keep it on paper
A strong and complex password must include upper and lower case letters, punctuation marks and numbers and be long enough (at least 8 elements). Do not include meaningful words or phrases in it – the more meaningless and incoherent the password is, the more likely it will not be hacked.
Do not use one password for several services, let alone exchanges and wallets – always adhere to the rule: 1 service – 1 unique password.
Write down the password manually on paper and under no circumstances store it electronically on the device – modern viruses easily and invisibly extract data from any text files.
Do not send your password to anyone and never: not to relatives, not to friends, not even to yourself through instant messengers, messages and social networks!
# 4 Make active all protection methods from the exchange
The methods offered depend on the exchange itself – for example, on Binance, they are divided into two types.
The main methods of protecting your account:
- Security key – a physical key, without which it is impossible to log in to the site without connecting to the device;
- 2FA through the app;
- Confirmation by phone number;
- Confirmation by email.
Each method is used for both authorization and confirmation of transactions on the exchange.
Advanced account protection methods:
- The whitelist for withdrawing funds is a separate list in which you need to enter verified addresses manually. When enabled, output to addresses outside this list is impossible;
- An anti-phishing code is a set of characters that the exchange will embed into each of its letters so that you know that this letter is from it.
- Device management – the ability to remotely revoke authorization on any device.
# 5 Fully verify your account
Verification on the exchange is needed not only to increase transaction limits and reduce commissions. By confirming your identity, you get the opportunity, together with the exchange, to monitor suspicious transactions – if suddenly a suspicious withdrawal is initiated from your account, the exchange will be able to verify the transaction data with those that you confirmed in your account, freeze it in case of inconsistencies and / or request additional documents for confirmation of your participation in this action.
To verify the exchanges, they ask for approximately the same list of documents:
- Passport or other identity document;
- Selfie / Online Face Verification (face check);
- Proof of residential / registration address (utility bill, letter from authorities, bank statement, etc.).
Some exchanges ask for bank details and information about the source of income for full verification.
# 6 Do not enter the exchange through public networks
The level of security of any WiFi and wired open networks – in cafes, airports, clubs, even casinos – is questionable: most often they are not protected in any way – the owners do not even install an anti-virus program on them .. In addition, they are not controlled by you in any way – anyone can connect to them and try to access your data. If you still need to urgently connect to such a network, use an encrypted VPN or proxy on your device – they will not allow strangers to gain access to your device.
# 7 Conduct correspondence and transactions on the exchange only through the exchange platform
If during P2P trading, buying / selling cryptocurrency, stocks or other assets, the second party offers you:
- Go to a third-party service – to discuss the details of the transaction, make a payment or on any other issues;
- Make a transfer / send other data for a transaction from those that have already been verified on the platform;
as well as perform any other actions other than those fixed on the exchange and in the starting conditions of the transaction – make screenshots, refuse and report as soon as possible to the support service.
These rules also apply to the exchange support service: its representatives never transfer users to instant messengers or to third-party resources to solve problems, so when faced with this, you need to inform the real support service at the addresses in the exchange contacts.
# 8 Download only official exchange apps
Most exchanges have mobile and / or desktop applications that can be downloaded directly from the website or via Google Play, App Store and other official stores. At the same time, fraudsters often create copies of such programs in mobile stores, which look very similar to real exchange applications, but when you enter any information for authorization into them, you do not gain access to your assets, but lose them.
In order not to get into such a situation, use the links and QR codes to download applications from the official site – even when you transfer from there to the store, you will be transferred to the page of the real application of the exchange.
You can always check the developer or seller through the store and report if you find scammers or suspicious programs.
# 9 use a cold wallet to store assets
No matter how reliable your exchange would be, it is better to store large assets on a wallet with the maximum level of reliability – cold cryptocurrency walletthat is not connected to the Internet is a physical device and cannot be hacked remotely. They are also called hardware.
The most popular hardware wallets as of early 2021 are the Ledger Nano X and Trezor T.
Ledger Nano X connects via Type C and built-in Bluetooth, compatible with Windows, MacOS, Linux, Chrome OS, Android and iOS. It allows you to receive and send more than 1.1K cryptocurrencies and tokens, however, the application itself supports only some of them – for the rest, you need to install third-party applications. The price of the device ranges from ₽12K (~ $ 162) to ₽16K (~ $ 217) depending on the store.
Vault T connects only via Type C, compatible with all systems except iOS. Allows you to receive and send more than 1K cryptocurrencies and tokens, while in the application itself, about 50 options are supported. The price of the device varies from ₽14K (~ $ 190) to ₽17K (~ $ 230) depending on the store.
Buy hardware wallets only from authorized distributors or official manufacturers’ stores. When buying from hand, you run the risk of becoming the owner of a flashed device from a fraudster.
# 10 Don’t click on banner ads
Exchanges monitor the safety of their sites – that is why they have special information sections with banners, by clicking on which you can go to a verified page with information. However, we recommend that you do not do this – scammers can hack your browser and use a script to redirect from the banner to a third-party link. It is better to look for information in the sections of the exchange website through the menu.