Cointime

Download App
iOS & Android

Crypto Security: A Beginner’s Guide

Validated Individual Expert

Once you’ve decided to get into crypto, keeping your assets safe is one of the most important things you can do. We’re going to walk you through all of the best ways to protect your crypto.

Seed Phrase

Some people refer to this as a recovery or backup phrase, but at Blockchain.com we refer to it as your Secret Private Key Recovery Phrase.

What is a Secret Private Key Recovery Phrase?

A string of 12 or 24 words that provides complete access to your Private Key Wallets.

What does it do?

If you ever forget your password or your device gets lost or damaged, you can still log in to your account using your Secret Private Key Recovery Phrase.

Why is the recovery phrase so important?

Anyone who has access to your recovery phrase will have unlimited access to funds in your Private Key Wallets and can restore access to those wallets via ANY Blockchain.com Wallet account.

How to manage your seed phrase

Make sure that your Secret Private Key Recovery Phrase is…well, secret.

Some people write this phrase down and keep it in a safe deposit box. Others engrave it onto wood or metal, and some people keep it in a dedicated password management tool.

However you choose to store it, never share this recovery phrase with anyone. Not even us.

If someone asks you to share your code, don’t. If someone is insistent that you screen share or share access to your recovery phrase, be very suspicious.

Private Keys are the tool to keep your crypto fully in your possession, but they are only as secure as your best security practices.

If you haven’t already backed up your funds with your Secret Private Key Recovery Phrase, you may want to do that right now.

Just open the Blockchain.com app, tap the Person Icon in the upper left corner, scroll down to Security and tap Backup Phrase. From there, just follow the steps in the app.

Two-Factor Authentication (2FA)

Two minutes.

Securing your account using Two Factor Authentication (2FA) can be done that fast.

You should consider enabling 2FA on all your apps and digital accounts.

What is 2FA?

2FA is an extra layer of security that helps ensure that you’re the only one who can access your account. Even if a hacker gets your password, they won’t be able to get into the account without the one-time passcode.

The “two-factor” part of 2FA combines something you know, a knowledge factor, with something you have, a possession factor. This could be a password plus an authenticator app, or a PIN and a hardware security key.

Having multiple security layers strengthens your account, and this process is easy to do.

How to enable 2FA on Blockchain.com

On desktop:

  • Click the person icon in the top right corner.
  • Click Security, then click Enable under Two-Factor Authentication.
  • Choose your preferred 2FA method and set it up.

On the app:

  • Tap the Person Icon in the top left corner.
  • Scroll down to Security and find 2FA.
  • Use the toggle switch to enable 2FA.

Common Scams

Now let’s talk about some of the most common crypto scams–junk coins, fake investments and romance scams.

Junk coins

One of the most pervasive crypto scams is junk coins. Scammers will lure crypto hopefuls into buying a little-known but “soon-to-moon” coin with a limited supply but the promise of huge benefits.

This can be deceiving, because there’s actually a real coin that you can buy. The trouble is, anyone can create a new coin and this one was only minted by the scammers to drive up the price before they liquidate the coin and transfer out all of the funds.

This is called a rug pull, and there’s no way to get your money back from it. The solution? Only buy products you have thoroughly researched, and only buy what you can afford.

Fake investments

Another common scam takes place when a fraudster reaches out about a special opportunity, such as a business or real estate opportunity, but they’ll only accept crypto as payment.

Like before, the scammers will promise all sorts of enticing benefits, but the reality is that it is just your crypto going to a criminal’s wallet.

The simplest way to deal with this is to understand that no one except a criminal is going to randomly contact you about your holdings. Blockchain.com and its employees will never ask you for funds.

Romance and blackmail scams

Nothing gets us more emotionally involved than love, but threats of a ruined identity and humiliation take a close second. These two scams are very similar, and here’s how they work:

A scammer reaches out to you, usually through social media or email, and they’ll either prompt a romantic relationship or claim that they have some kind of dirt on you.

In the romance scam, criminals will try to build trust with you, and then ask you to send them crypto for one reason or another.

With blackmail, scammers will threaten to release compromising information about you to the world, unless you pay them a certain amount in crypto by a certain time.

Both of these are just more ways that thieves are trying to steal crypto — don’t fall for it.

Phishing

Phishing is when scammers attempt to convince you to share your personal information, giving them access to your accounts. Phishing is so prevalent it gets its own section in this guide.

Some of the typical phishing attempts will be obvious, with misspelled words, bad grammar and a strange way of writing.

“Hi dear , you are to resset your password IMMEDIATELY…”

We’ve all seen those emails and just deleted them, but scammers are getting more sophisticated all the time, so it’s important to stay ahead.

What is phishing?

There are many forms of phishing, and we’ll go over some below, but phishing is all about a criminal getting you to give them access.

Whether that’s through login credentials, or by downloading a virus, phishing attacks are trying to get your private information.

If you receive an email, direct message or text that wasn’t prompted by you and is asking for sensitive information, be wary. There’s a few ways to spot a phishing scam:

Verify the sender

Scammers will try to replicate trusted email addresses or social media profiles, so always verify that the email address or account name matches the source.

Below are our official handles–make sure you’re interacting with these verified accounts.

  • Email: @blockchain.com
  • Facebook: @blockchain
  • Twitter: @blockchain and @askblockchain
  • Instagram: @blockchainofficial
  • LinkedIn: /company/blockchain

Verify links

On a computer, if you hover the mouse over a link, the real link address will show up. On mobile, you can tap and hold until a dialog box shows up, which will show you the destination of the link.

Here, try it out–hover your mouse or tap and hold this link: neverclickonstrangelinks.ever

See? It’s just Blockchain.com— nothing to fear.

Scammers will try to get you to go to a page where they may have re-created a website that looks real to get you to enter your login details or download malware to your device.

Unexpected attachments

Attachments, especially in emails from first-time or unknown senders, are a major red flag for a phishing attack.

It’s also possible to send attachments through most social media messaging platforms and text messages now, so always be alert.

Ask for help

We’ll only email you from our official addresses, never from a public domain account (like a Gmail or Yahoo address).

If you ever receive a suspicious message from someone claiming to be from Blockchain.com, reach out to us in the Support Center and we’ll be happy to help.

Crypto Security Recap

Let’s review everything you’ve learned in this guide:

  • Secret Private Key Recovery Phrase. Keep this in a safe place, and never share it with anyone. If you haven’t already backed up your funds, do it today.
  • Two-Factor Authentication (2FA). An extra layer of security for your account that may only take a minute or two to set up. You can take this step today if you haven’t already.
  • Common scams. If it sounds too good to be true, it probably is. Read more on common crypto scams here.
  • Phishing. Verify senders, verify links and don’t open untrusted attachments.
  • Support Center. Remember, you can always reach out to the Blockchain.com Support Team if you ever have doubts about the validity of a request.

Secure your crypto

We hope you feel empowered to use crypto safely. This guide isn’t an exhaustive list of security measures you could take to keep your crypto safe, but it’s a great place to start.

Comments

All Comments

Recommended for you

  • Ellipsis Labs Completes $20 Million in New Funding

    Ellipsis Labs has announced the completion of a new round of financing of $20 million, with participation from Haun Ventures, aimed at accelerating the launch of Atlas, a second-layer blockchain focused on verifiable finance. Haun Ventures said that this round of financing is a "quick follow-up" to Ellipsis Labs' $20 million Series A financing completed in April.

  • Blockchain solar company Glow completes $30 million in funding

    blockchain solar energy company Glow has completed a $30 million financing round, led by Framework Ventures and Union Square Ventures. Other specific information has not been disclosed. According to reports, Glow operates a decentralized physical infrastructure network (DePIN) composed of solar farms in the United States and India. To encourage farms on its network to use clean energy, the founder designed an economic model based on subsidies and token incentives.

  • Ethereum scaling infrastructure Spire Labs raises $7 million in seed funding

    Spire Labs, the developer of Ethereum scaling infrastructure, has raised $7 million in seed funding. Maven 11 Capital and Anagram co-led the round, with participation from a16z Crypto Startup Accelerator, Digital Currency Group, Bankless Ventures, Volt Capital, Finality Capital, and other companies. Angel investors also participated in the round, including Nick White and Jacob Arluck from Celestia Labs, and Amrit Kumar and Anthony Sassano from AltLayer.

  • SOL falls below $170

    market shows SOL falling below $170, currently trading at $169.96, with a 24-hour drop of 3.6%. The market is volatile, so please be prepared for risk control.

  • Bitcoin project Citrea raises $14 million in Series A funding

    Bitcoin Rollup project Citrea has raised $14 million in Series A financing, led by Peter Thiel's Founder Fund, with angel investors Erik Voorhees and Balaji Srinivasan also participating. Citrea raised $2.7 million in seed funding in February in a round led by Galaxy. The company uses the BitVM computing paradigm to allow Ethereum-style smart contracts to be used on Bitcoin.

  • BTC falls below $71,000

    market shows BTC has fallen below $71,000 and is currently at $70,990, with a 24-hour decline of 1.32%. The market is fluctuating greatly, so please be prepared for risk control.

  • BTC falls below $71,500

    according to market data, BTC has fallen below $71,500 and is now trading at $71,497.99, with a 24-hour decline of 0.15%. The market is volatile, so please be prepared for risk control.

  • BTC falls below $72,000

    market shows BTC has fallen below $72,000 and is currently trading at $71,984.64, with a 24-hour increase of 0.23%. The market fluctuations are significant, so please be prepared for risk control.

  • AAVE drops below $150

     the market shows AAVE has fallen below $150 and is currently trading at $149.98, with a 24-hour drop of 2.04%. The market fluctuation is significant, so please be prepared for risk control.

  • Blockchain solar company Glow completes $30 million in funding

    blockchain solar company Glow has completed a $30 million financing round, led by Framework and Union Square Ventures. The CEO and co-founder of Glow stated that Vorick plans to use this funding to expand the company from 5 megawatts of power to 600 megawatts in the next 18 months and expand to new countries. Glow operates a DePIN network consisting of solar power plants in the United States and India. To encourage farms on its network to surpass the "dirty" energy grid, the founder designed an overall economy based on subsidy and token incentive models.