1. Protect Your Seed Phrase Above All Else

Your seed phrase is the master key to everything. Write it on paper, store it in a fireproof location, and never digitize it. Consider metal backup plates (Cryptosteel, Bilodal) for fire and flood resistance. Never photograph it, type it into any app or website, or store it in cloud services.

2. Use a Hardware Wallet for Significant Holdings

If you hold more than you'd be comfortable losing, move it to a hardware wallet. The additional friction is worth it — a hardware wallet's secure element makes remote theft essentially impossible. Budget options start at ~$79.

3. Verify Every URL Before Connecting Your Wallet

Phishing sites are the #1 cause of crypto theft. They clone legitimate DeFi sites pixel-for-pixel with slightly different URLs (e.g., uniswap-app.com instead of app.uniswap.org). Always:

  • Bookmark legitimate sites and only access via bookmarks
  • Never click links in Discord, Telegram, Twitter DMs, or emails
  • Check the exact URL character by character
  • Look for the padlock icon (HTTPS)

4. Revoke Unnecessary Token Approvals

Every time you interact with a DeFi protocol, you may grant it permission to spend your tokens. Old, forgotten approvals are a security risk — if the protocol is hacked, attackers can drain your approved tokens. Regularly audit and revoke approvals using tools like revoke.cash or Rabby wallet's built-in approval manager.

5. Enable Strong Authentication Everywhere

  • Use an authenticator app (Google Authenticator, Authy) for 2FA — never SMS-based 2FA
  • Use a hardware security key (YubiKey) for email and exchange accounts
  • Use a unique, strong password for every exchange account
  • Use a reputable password manager

6. Keep Dedicated Devices

Consider using a separate device solely for crypto operations — no general browsing, no pirated software, no random downloads. This dramatically reduces your malware exposure. A cheap laptop running a clean OS works well.

7. Keep Software Updated

OS updates, browser updates, and wallet firmware updates frequently patch security vulnerabilities. Outdated software is a common attack vector. Enable automatic updates where possible.

8. Protect Against SIM Swap Attacks

SIM swapping is when attackers convince your mobile carrier to transfer your phone number to their SIM, gaining access to SMS-based 2FA. Protect yourself:

  • Call your carrier and add a PIN/passcode to your account
  • Use authenticator app 2FA instead of SMS wherever possible
  • Use a Google Voice number for crypto exchange SMS if needed

9. Diversify Storage

Don't store everything in one wallet. Consider:

  • Multiple hardware wallets with separate seed phrases
  • Hot wallet for active amounts, cold wallet for long-term storage
  • Seed phrase backups in multiple geographic locations

Single point of failure: Keeping all crypto in one wallet, with one seed phrase backup in one location, is a significant risk. Diversify your storage.

10. Regularly Audit Your Security Setup

Security is ongoing, not a one-time task. Every 6 months, review:

  • Are your seed phrase backups intact and accessible?
  • Are your hardware wallet firmware and software wallets updated?
  • Have you revoked unused token approvals?
  • Are your exchange passwords and 2FA still secure?