Crypto security checklist

Account security

• ✓
  Enable two-factor authentication (2FA)Use an authenticator app (Google Authenticator, Authy) — not SMS, which can be SIM-swapped.
  Critical
• ✓
  Use a unique, strong passwordAt least 16 characters, never reused from any other account. Use a password manager.
  Critical
• ✓
  Use a dedicated email for your exchangeAn email address used only for crypto reduces your attack surface significantly.
  High
• ✓
  Verify your email is not compromisedCheck haveibeenpwned.com to see if your email appears in known data breaches.
  High
• ✓
  Enable withdrawal whitelist / address lockingMost exchanges allow you to whitelist withdrawal addresses so funds can only be sent to pre-approved wallets.
  High
• ✓
  Set up a withdrawal delay or confirmation emailA 24-hour withdrawal delay gives you time to detect and cancel unauthorised transactions.
  High
• ✓
  Review all active sessionsLog out of all unrecognised sessions via your exchange's security settings.
  Medium

Wallet security

• ✓
  Write your seed phrase on paper — never digitallyYour 12–24 word recovery phrase must be written on physical paper and stored safely. Never photograph it or store it in email, cloud, or notes apps.
  Critical
• ✓
  Store your seed phrase in two separate secure locationsFire, flood, and theft can destroy a single copy. Consider a fireproof safe or safety deposit box.
  Critical
• ✓
  Never share your private key or seed phrase with anyoneNo legitimate exchange, wallet provider, or support agent will ever ask for this information.
  Critical
• ✓
  Use a hardware wallet for significant holdingsIf you hold more than $1,000 in crypto long-term, move it off the exchange to a hardware wallet (Ledger, Trezor).
  High
• ✓
  Keep your wallet firmware updatedHardware wallet manufacturers release security updates regularly. Keep your device's firmware current.
  Medium

Transaction security

• ✓
  Always verify the full wallet address before sendingCheck at minimum the first and last 6 characters. Clipboard malware can silently replace addresses.
  Critical
• ✓
  Send a small test transaction firstFor any new wallet address, send a small amount first to confirm it arrives correctly before sending the full amount.
  High
• ✓
  Use the correct network (chain) for each tokenSending tokens on the wrong blockchain network (e.g. ERC-20 vs BEP-20) can result in permanent loss.
  High
• ✓
  Never transact using public Wi-FiOnly access your exchange or wallet on a trusted, private network. Use a VPN if necessary.
  High

Phishing & scam prevention

• ✓
  Always type exchange URLs directly — never click email linksPhishing emails mimic exchanges perfectly. Type the URL yourself or use a bookmark.
  Critical
• ✓
  Bookmark your exchange's official URLUse browser bookmarks to avoid ever accidentally visiting a fake phishing domain.
  High
• ✓
  Ignore unsolicited messages offering "recovery services"If you post about losing access to crypto online, scammers will contact you claiming to help. They are all fraudulent.
  Critical
• ✓
  Be sceptical of giveaways and "double your crypto" offersNo legitimate entity gives away free crypto. These are always scams.
  High

Recovery & record keeping

• ✓
  Keep records of all transactionsMost jurisdictions tax crypto gains. A transaction record from day one saves significant effort at tax time.
  Medium
• ✓
  Tell a trusted person where your recovery information is storedIf something happens to you, your crypto can be permanently lost unless someone knows how to access it.
  Medium