The Keys to Keeping Your Crypto Safe


By Philip Martin

Keeping your crypto safe doesn’t have to be daunting. In this piece. Coinbase VP of Security, Philip Martin, offers some best practices to stay one step ahead of hackers and scammers.

One of the primary benefits of cryptocurrencies is that they allow people to engage in online transactions without the need for an intermediary like a bank or credit-card company. Instead, anyone who wants to send or receive cryptocurrency creates a “cryptographic key” — a file containing a random secret code — that can then be used to authorize transactions from their cryptocurrency wallets. If an attacker gets access to that key, they instantly gain control the cryptocurrency wallet as if they were the owner. That’s why it’s critical to protect your keys if you manage them yourself, and lock down your accounts at trusted third-party services like Coinbase that help manage your keys for you.

Cyber criminals rely on a number of techniques to try to separate you from your cryptocurrency. They will sometimes pose as someone trustworthy and try to convince you to hand over account information, a kind of online threat known as social engineering. Or they might collect personal information you’ve shared on social media to impersonate you and access your email or mobile phone accounts. These threats pose the biggest risk to buying and selling crypto on trusted exchanges. In fact, the greatest threat we’ve seen to people losing their crypto is human error, not the technology itself.

Coinbase works hard to fight fraud from within the platform. For extra security, here are steps you can take to ensure your crypto stays in your hands, and only your hands.

Five simple steps to keep your crypto safe

Create strong passwords

  • Basic: Come up with long passwords (16 or more characters) that you haven’t used elsewhere on the internet
  • Better: Use a password manager like LastPass, 1Password, or Dashlane to create and remember your passwords
  • Bonus: Check to see if you’re using a risky password at

Use 2-factor authentication (2FA)

  • Basic: Require a one-time 2FA code sent to your device every time you login, so that someone can’t access your account even if they steal your password
  • Better: Use an authentication app like Google Authenticator or Authy instead of SMS-based 2FA, as mobile carriers have known security weaknesses
  • Bonus: call your mobile carrier and instruct them to put a phone porting and SIM swapping lock on your account

Don’t make yourself a target

  • Basic: Don’t brag about your cryptocurrency holdings online, just like you wouldn’t advertise inheriting $50 million
  • Better: Review your online presence and see how much personal information someone could learn about you to steal your identity

Don’t fall for tricks

  • Basic: Hackers posing as tech support may pressure you for your account credentials. Legitimate exchanges won’t ask you for passwords, 2FA codes, or for remote access to your computer
  • Better: If someone reaches out to you and you’re not sure if it’s a scam, you can reach out to to confirm whether it’s legitimate. And remember, Microsoft, Google, and Apple will never call you about your computer

Check the URL

  • Basic: Scammers create fake sites that look like real exchanges but are designed to steal account information. Double check the web address before you trade
  • Better: Type in the exchange URL yourself rather than clicking any links emailed to you, or use a bookmark in your browser

Be on the lookout for these common scams

Tech support scam

If someone calls you posing as a Coinbase or computer support agent, watch out! This is most likely a tech support scam. The fraudster will tell you that there’s a virus on your computer or something wrong with your Coinbase account, and ask you to install remote desktop software or provide your Coinbase login credentials so they can “diagnose the problem.” In reality, they’ll use the access you’ve granted to transfer your cryptocurrency to their own wallets. Remember, Coinbase will never call you.

A tech support scam using social media chat to steal usernames and passwords from Coinbase customers
Scammers post fake 1–800 numbers for Coinbase using Google Ads and search engines. The only legitimate Coinbase phone number is listed on
Even if you’re not trying to call Coinbase, these fake tech support ads and phone numbers may still attempt to socially engineer you into providing access to your computer or Coinbase account.

Email compromise

Your online accounts are only as secure as your email password. If someone is able to log into your email account, they can send themselves password reset emails from Coinbase and change your password to one that they control.


Are you sure you’re actually logging into your Coinbase account? Or is it just a lookalike website designed to steal your login credentials? Phishing websites, emails, and SMS messages are designed to make you think that you’re visiting the real Coinbase website. But once you check the URL, you’ll notice that it’s something else entirely, like with the number zero in place of the letter “o.”

Caption: A phishing site impersonating the Coinbase login page. Even though the URL includes the word “Coinbase”, it’s actually another domain entirely.

Pyramid schemes and giveaway scams

If something seems too good to be true, it probably is. Websites with a pyramid scheme structure promise high returns or other rewards in exchange for an initial investment of cryptocurrency. But they often make off with investors’ money entirely. Scammers will often pose as celebrities offering to double your cryptocurrency if you send them a small amount, but in reality, once you press “send” that cryptocurrency is gone forever.

Caption: A Twitter account impersonating the celebrity John McAfee. Any cryptocurrency you send to this scammer will disappear forever.

By taking time to understand how cryptocurrency works and following some basic security steps, you can make sure your crypto stays safe. To learn more, visit

This article was sourced from The Coinbase Blog

Top image credit: Pixabay