How to protect your cryptocurrency

Carefully! Lots of text.
Always ensure the safety of your cryptocurrency when purchasing, storing and investing: in most cases, it is impossible to return stolen coins and tokens.
If you trade cryptocurrencies on centralized exchanges, choose ones that use Know Your Customer (KYC) verification and adhere to anti-money laundering (AML) principles. The most reliable way to protect yourself is to use P2P trading and decentralized exchanges with audits.
There are several options for securely storing cryptocurrency. For example, you can hold it on a regulated exchange, which is convenient for beginners and traders, but in this case you will not own the keys to the wallet.
You can also use a more secure non-custodial wallet that allows you to own your keys, or offline cold storage is the most secure way to store your keys. In both cases, it is best to store private keys offline in a safe place.
Use trusted decentralized applications (DApps) to improve security and regularly check which ones have permission to use your wallet. Remove these permissions once you are done using a particular dapp.

IntroductionThe concept of cryptocurrency is based on the idea of ​​independence: the user becomes his own bank. If you secure your funds properly, they will be protected better than the most secure bank vaults. Otherwise, everything can be withdrawn from your digital wallet remotely.
When using cryptocurrency, you need to properly protect your digital coins, and it is important to understand not only how to store them. Today, many cryptocurrency holders are interacting with DApps in the DeFi world, so you should also know the rules for using your funds safely.
Agree, you wouldn’t trust your money to an unreliable business, would you? Similarly, coins should be protected from unverified DApps or exchanges for buying and trading cryptocurrency. In this guide, we'll look at the most effective ways to protect your funds.

Safe purchase of cryptocurrencyThere are many places to buy cryptocurrency: centralized exchanges, decentralized exchanges (DEX), cryptocurrency ATMs, P2P markets and others. Each of them has certain advantages and disadvantages and its own degree of safety. For most users, reputable centralized exchanges offer the best combination of convenience and security.

Choosing a reliable exchangeCentralized exchanges like Binance provide security through increased regulation, anti-money laundering (AML) measures, and Know Your Customer (KYC) checks. Although exchanges had a number of problems in the early stages of cryptocurrency development, the situation has since improved significantly due to the influence of governments and exchange operators.
To use the exchange, you need to transfer funds to its custodial wallet. Users disagree on whether they should trust the exchange to own their coins. On the one hand, this method may be more secure if you are not well versed in wallets and cryptocurrencies: you will not accidentally lose access to them.
On the other hand, some consider personal control over funds more reliable. You may have heard the expression “not your keys, not your coins”: if you are not the owner of the wallet, someone else may control your cryptocurrency. Below we will talk in more detail about the different storage methods.
If you decide to use a P2P service or decentralized exchange, pay attention to several important signs of the platform's reliability. So, when using DEX, check for an audit from a reputable source (more about audits below). For example, Binance offers a secure, reputable decentralized exchange.
If you want to choose a P2P service, make sure that it carries out mandatory KYC checks for buyers and sellers, and ideally also has its own escrow service. This will not eliminate all risks, but storing funds in a third party escrow system provides the seller and buyer with additional protection against fraud.

How to protect your accountIf you have registered with an exchange or other service for trading, use standard methods to protect your account, online banking account and other confidential information. Ensuring the security of your account and funds is quite simple:
1. Use a strong password and change it regularly. The password must not contain identifiable personal information such as your date of birth. Create a long password specifically for this account and add symbols, numbers, lowercase and uppercase letters to it.
2. Enable two-factor authentication (2FA). If your password is compromised, 2FA on your mobile device, authentication app, or YubiKey will serve as a second layer of protection. When logging in, use both a password and two-factor authentication.
3. Beware of phishing attacks and scams via email, social media and personal messages. Fraudsters often impersonate exchanges and trusted agents to steal your funds. You should also avoid downloading software from unknown sources as it may contain malware.
For more information on account security, check out How to Protect Your Binance Account: 7 Easy Steps.

How to securely store cryptocurrencyAfter purchasing cryptocurrency and securing your account, it is important to place it in a safe place. If you do not plan to leave the cryptocurrency on the exchange for further trading, you need to use a wallet. Wallets differ in their ownership of private keys and Internet connection, and the choice between them depends on the level of security that suits you.

What is a private key?Private keys, like regular keys, provide access to cryptocurrency that can be spent. Protecting the private key and access to it is a key aspect of security. Such keys consist of a very long number - so long that it is impossible to guess it. If you flip a coin 256 times and write down the number 1 when it lands on heads and 0 when it comes up on tails, you will get a private key. Let's take an example of the key we just created. It is encoded in hexadecimal (using the numbers 0 to 9 and the characters a to f) for a more compact appearance:
8b9929a7636a0bff73f2a19b1196327d2b7e151656ab2f515a4e1849f8a8f9ba
If you type this number into the Google search box, you will see that it is only mentioned in this article (unless it has been copied somewhere else). Now you understand how random it is. The likelihood that anyone has ever seen it is incredibly low.
But even this example is not clear enough. The number of possible private keys is close to the number of atoms in the known universe. In fact, they are the most important means of ensuring the security of cryptocurrencies such as Bitcoin and Ethereum. With such a complex code, your coins are truly protected.
If you have received funds before, you have come across public addresses, which also consist of a chain of random numbers. To obtain a public address from your private key, a public key is created using cryptography, which is then hashed.
In this article we will not consider this process in detail. The only thing to remember is that generating a public address using a private key is quite easy, but doing the opposite is now almost impossible. Thanks to this, you can safely indicate your public address on blogs, social networks, etc., and no one will be able to spend funds sent to it without the corresponding private key.
If you lose your private key, you will lose access to your funds. If someone else finds out your key, they can spend your cryptocurrency. Therefore, the safety of your private key is of utmost importance.

Seed phrasesToday, wallets rarely have only one private key. These are typically hierarchical deterministic wallets, meaning they can contain billions of different keys. All you need to remember is a seed phrase, a set of convenient words that can be used to generate these keys. The seed phrase might look like this:
strike sadness boss daring voice connect holiday vintage quantum pony stable genuine
Unless you deliberately choose to use just one private key, you will most likely be prompted to create a backup copy of your seed phrase when creating a new wallet. Further, when describing the key store, the term “keys” will mean both private keys and seed phrases.

How to protect your seed phraseIt is very important to keep your 12, 18 or 24 word seed phrase secret: if an attacker gains access to it, they can import your keys into their wallet and steal your funds. Instead of a seed phrase, you can also use a JSON file or individual private keys. Follow the tips below to protect your keys.
1. It is not recommended to store the seed phrase on a device connected to the Internet. If you download a virus or your computer is hacked and controlled remotely, your seed could be at risk.
2. Offline storage is much safer. You can store the seed phrase on a physical device or a device not connected to the Internet. However, even if you have a cold storage facility, which we will write about in more detail below, it is better to make a backup copy of the key in case the device breaks down.
3. If you decide to store your seed phrase on physical media, think about the material and storage location. Writing down words on a piece of paper that can be easily destroyed or lost at home is not a good idea. Try using a safe in a safe place or storing your seed phrase in a bank. Some people even engrave it on the metal because it is difficult to damage.

Hot and cold walletsWallets are divided into two categories: hot and cold, which differ in the degree of security. To learn more about wallets, check out the article Types of Cryptocurrency Wallets. Now we will look at the differences between these two types.

Hot walletsA hot wallet is any cryptocurrency wallet with an Internet connection (this includes, for example, wallets on smartphones and PCs). Hot wallets are the most understandable and user-friendly. With their help, you can easily send, receive and trade cryptocurrency and tokens. Unfortunately, for the sake of such convenience, you often have to sacrifice security.
Internet connection makes hot wallets vulnerable. Although private keys are not broadcast anywhere, your online device can be infected with malware and hacked by remote attackers.
This does not mean that hot wallets are completely unsafe. They are simply less reliable than cold ones. However, hot wallets are more convenient, so they are usually chosen to manage small amounts.

Cold walletsTo protect against online attacks, many people choose to store their keys offline. This is what cold wallets are for. Unlike hot wallets, cold wallets are not connected to the internet. In the past, some cryptocurrency holders used paper wallets: printed sheets of paper with the wallet's private key, usually in the form of a QR code, but this method is now considered outdated and risky. The best means of cold storage is a hardware wallet.

Hardware walletsHardware wallets (such as Trezor One or Ledger Nano S) are a more convenient alternative and store your private key offline. They are more portable, cheaper than a full-fledged PC and are designed for storing cryptocurrency.
Physical devices securely store your private keys and do not require an Internet connection. A good hardware wallet will ensure that private keys never leave the device, and they are usually stored in a special memory section that prevents them from being deleted. For more information, go to What is a Hardware Wallet (And Why You Should Use One).
The hardware wallet industry has expanded significantly in recent years, with dozens of different offerings appearing on the market. You can read reviews of these devices on Binance Academy.

Custodial and non-custodial walletsYour wallet can also be custodial or non-custodial, which determines whether you have access to and ability to manage your private keys. For example, if you are using an online service such as a cryptocurrency exchange, then at the protocol level you do not own your coins. Instead, the exchange stores and manages your funds and keys on your behalf (hence the term “custodial wallet”). In most cases, the exchange uses a combination of hot and cold wallets to protect your cryptocurrency.
If you want to exchange BNB for BTC, the exchange will decrease your BNB balance and increase your BTC in its database. There is no blockchain transaction involved in this operation: you only ask the exchange to sign the transaction when you withdraw BTC. In this case, the exchange broadcasts the transaction, which will send the coins to the Bitcoin address you specified.
Cryptocurrency exchanges make account management easier for users who are willing to entrust their funds to third parties. Remember: when you manage cryptocurrency on your own, no one can help you if something goes wrong.
If you lose your private key, you will lose access to your funds. On the other hand, if you lose your account password, you will simply need to reset it. However, exchanges cannot protect users from possible credential theft, so the above precautions must be taken to protect your account.

What is the safest storage method?Unfortunately, there is no universal answer to this question, otherwise the article would be much shorter. The choice largely depends on your approach to risk management and how you use cryptocurrency.
For example, an active swing trader and a long-term hodler have different requirements. Or if you run an organization that processes large amounts of money, you may need multi-signature, allowing funds to be transferred only after multiple users agree.
Regular users are advised to store unused funds in cold storage. Hardware wallets are the easiest option, but it's best to test them with a small amount first to get the hang of it. It is also recommended that you make a backup copy of your keys and store it in another location in case your device is lost or damaged.
Online wallets are great for small amounts that you plan to spend on goods and services. If cold storage is like a savings account, then a mobile wallet is like a physical wallet that you carry with you. Ideally, it should contain an amount the loss of which will not lead to serious financial problems.
For borrowing, staking, and trading, custodial wallets are best suited. However, before using your funds, it is important to plan how you will allocate them (for example, with a position sizing strategy). Remember that digital currency is highly volatile, so you should only invest an amount that you can afford to lose.

Safe use of decentralized finance and applicationsIf you want to stake your tokens, use them in blockchain games, or participate in decentralized finance (DeFi) projects, you need to interact with decentralized applications (DApps) and smart contracts. Users must give DApps permission to use funds in their wallets. Below we will give an example using SushiSwap.

For example, granting permission to PancakeSwap allows you to automate transactions such as adding multiple tokens to a liquidity pool. A DApp can perform several different actions at once, saving you time. This is quite convenient, but along with the benefits come certain risks.
Unless you have studied the smart contract yourself and understood how it works, you cannot be completely protected from unauthorized access. To prove the security of their smart contracts, projects conduct audits. For example, they are provided by Certik, a well-known audit provider, but its good reputation does not always serve as a guarantee of security.
The malicious project requests permission to transact an unlimited or large number of tokens - typically targeting less experienced users. Even if you move your funds away from the DeFi platform, the project can still control and steal them. Hackers can also try to manipulate and abuse smart contracts: if you give the project permission, you could be putting your security at risk.

How to revoke permissions to use a walletRegularly check what permissions you have given in your wallet. If you are using Binance Smart Chain (BSC), you can use BscScan's Token Approval Checker tool, which allows you to check and remove any permissions.
First, copy and paste your BSC BEP-20 public address, then click on the search icon on the right.

In this section you will see a list of smart contracts in your account and the rights assigned to them. To revoke permission, click on the button circled in red below.

Use audited projects for added securityAs we wrote above, projects with audits make investments in tokens and coins safer. If you interact with smart contracts, use staking pools, or provide liquidity, it is always best to look for such projects.
Auditors analyze the DApp smart contract code, identify backdoors, vulnerable scripts and security problems. They report this to the project founders, who then make changes to the code. Any edits are added to the final report, allowing users to track the entire process. After this, the final report can be published.
Although an audit cannot guarantee the security of a project, it does increase its security, so we do not recommend investing in a project without an audit. Some smart contracts handle huge amounts of funds, which makes them attractive to hackers - if auditors don't check their code, they become an easy target.
The Certik service regularly updates its list of audited projects and other important information, and also evaluates their security on a scale of 100 points.

How to Avoid ScamsUnfortunately, there are many scammers after cryptocurrency. They try to take advantage of other users and take their cryptocurrency, and it is usually impossible to return the stolen funds. Fraudsters abuse the anonymity of cryptocurrencies and the fact that many users directly control large amounts of funds.
Remain vigilant and never send money to strangers, and carefully check the identity of those you transfer funds to. Below are some of the most common scams:
1. Phishing. You may receive an email from the exchange or other service you use asking you to log in or provide sensitive information. It could be a scammer who wants to steal your data.
2. Fake exchanges. Often these are mobile applications or websites that imitate the design of an exchange. If you enter your details on them, scammers will be able to use them to access your real account.
3. Blackmail. The scammer may send you malware (which will restrict access to your files) and promise to return them after receiving a ransom in the form of Bitcoin or other currency. However, there is no guarantee that after payment you will actually receive your files back.
4. Financial pyramids or Ponzi scheme. You may be offered to participate in a new project, purchase its coins, or enter into a special deal that requires the deposit of cryptocurrency. However, if an offer seems too good to be true, it often isn't. Do your own research and make sure you are investing in a safe project.
5. Impersonation of another person. Someone could pretend to be a service employee, a trusted confidant, or even your friend, and then ask for cryptocurrency or information that you would not normally disclose. Always double-check that the person you are talking to is really who they say they are.
For more tips on identifying potential scammers, see 8 Common Bitcoin Scams and How to Avoid Them.

SummaryToday, blockchains offer many solutions to secure cryptocurrencies. To protect yourself when trading, storing and using funds, it is better to trust simple but effective methods, and also choose a storage facility taking into account the advantages and disadvantages of each option. Be sure to study all available information before depositing your money or cryptocurrency anywhere.