Security Guide

This guide is a one stop shop to completely level up your

cryptocurrency security. I will stick mostly to simple steps anyone can
take.

There are many extra steps you can take to increase your security. If
you already have multiple laptops, virtual machines, 3 identities, your
own email servers, a nuclear bunker and a lifetime supply of ramen,
then you won’t need this guide.

For everyone else…

STEP 1 DEFENCE SOFTWARE

Let’s start with a very easy step.

Option 1 Built-in security software has come a long way and is a viable
option.

Option 2 Bitdefender is our preferred choice. Works against all e-

threats, from viruses, worms and Trojans, to ransomware, zero-day
exploits, rootkits and spyware.

Option 3 We are also big fans of Hitmanpro.alert for people who want
serious real time protection. However this is very taxing on your
computer.

STEP 2 VPN
Another easy step, a VPN helps you do your online work through a
secure tunnel, so hackers can’t have access to your data.
Download, turn on and keep it on. Always use a VPN, it’s inexpensive
and improves your online security.

Option 1 NordVPN is fast and easy to use. Good enough for most
people.

Option 2 You can take your privacy even further and try Mullvad.

STEP 3 CRYPTO-CURRENCY STORAGE

Essential step crypto-currency storage.

There are a few tiers of safety here, there is very little reason to not go
with Tier 1.

Hardware Wallets (Tier 1)

For set and forget cold storage we recommend NGRAVE ZERO. The
ZERO is completely offline, from secret key generation to transaction
signing, keeping your holdings away from any online attack vector. They
call it the coldest wallet.

For people actively engaging with DeFi protocols and using their wallet
more regularly we recommend a Trezor or a Ledger. They are both
solid choices for a hardware wallet. They have both been around a long
time so are time tested.

Note* Ledger had a security breach in 2020

Paper Wallet (Tier 2)

If you want a temporary solution you can create a paper wallet. They
take 10-30 minutes to make and everyone has access to pen and paper.

The downside is that paper is easily lost or damaged. And you really
need to invest in a good fireproof, waterproof safe with GPS, at this
point you may as well buy a hardware wallet. Not to mention trying to
move your funds around becomes difficult and the setup isn’t intuitive,
the smallest mistake you make can cost you dearly.

Desktop wallet (Tier 3)

Desktop wallets are only as safe as the system they are on. Put them on
your high security device and wherever possible use 2FA. They are not
the same as cold storage but better than nothing. Exodus or Metamask.

STEP 4 TWO-FACTOR AUTHENTICATION (2FA)

What is two-factor authentication?

Well if one factor authentication is a password, two-factor

authentication would be anything that adds an extra layer of security
on top of that.

Most people end up using their cell phones to get SMS two-factor
authentication. They receive a unique text code before accessing their
accounts. If you use this method or were planning on doing so DON’T!
Sim swaps, where hackers port your phone number are extremely
common, not to mention there are multiple other attack vectors here.

Never use SMS 2FA.

So how do we get a more secure two-factor authentication?

A cold two-factor authentication device is essential. A cold device is a

device that doesn’t connect to the internet.

I’m going to present two options for acquiring a cold two factor
authentication device.

Dedicated Cold 2fa Device (Tier 1)

-If you’ve bought ZERO it will double up as your 2FA device. No

backdoors, no attack vectors left open, an entirely cold device.
–Yubikey is also a fantastic option for cold 2FA

(Recommended) Dedicated 2fa Phone/Tablet (Tier 2)

– Buy a cheap tablet or phone that can download a 2fa application on

– Download your desired 2FA apps

– Swap that phone to flight mode and never connect it to the internet
again

– Voila you have an inexpensive two-factor authentication device

It’s important to note here that 2FA can be circumvented, it is not an

absolute defence. Just because you have 2FA, do not assume you are
invulnerable.

STEP 5 SEPARATE COMPUTERS

Use your discretion here, having two separate computers is an
expensive option so decide if it’s worth the investment relative to the
value of your online security and assets.

High Security Computer

Your high security device will be used only for handling

cryptocurrencies, banking, trading and other sensitive activities. Do not
get windows as an operating system, it is too vulnerable.

I recommend macOS, Linux or ChromeOS. I go the extra mile and use

an isolated phone as data for this device to keep it off wifi.

Your high security device is never to deviate from essential websites

and never to click on any unknown links. By bookmarking your
essential pages and never typing in your web addresses you reduce
temptation and possibility to click on a link you shouldn’t. All it takes is
one mistake to compromise your security.

Low Security Computer

For all other activities, you can use your low security device. There
should never be crossover between these two devices.

STEP 6 PASSWORD AND DATA STORAGE

This is where we disproportionately limit the damage a successful hack
can do to us. I’m going to share a multilevel system I’ve built for myself.

There are two tiers of data:

Level 1 Data

To determine if your data is level 1 ask yourself this. If a hacker had

access to this information would they be able to attack me? For
example, if a hacker gained access to your private keys they could
directly access your cryptocurrency.

This makes your private keys Level 1 data. Other examples are things
like passwords for master emails that can bypass all other security
with the right information, your password manager
passwords, private keys or recovery phrases.

Here are rules for level 1 data

 Level 1 data is to be kept offline.

 Your level 1 data should never be stored on your laptop, even for
a second.
 When entering these passwords you will alternate between using
your actual keyboard and an on-screen keyboard, this means the
hacker requires to both have you keylogged and be able to see
your screen to steal your password.
 These passwords will be a minimum of 15 keys long and as
complex as possible. (good password managers will generate
these for you).

Now to accomplish this you have two options, very similar to

cryptocurrency storage.
Storage (Tier 1)

– Indestructible storage for private keys. For example GRAPHENE is a

cryptographic puzzle made of two fire, water, buried and shock-proof
everlasting stainless steel plates. This backs up your private keys and
passwords if you use it as your manager. is a simple but ingenious
concept that gives you recoverable protection against anything
happening to your hardware wallet.

Storage (Tier 2)

-Use paper storage and keep that paper in a fireproof and waterproof
safe with GPS.

-Also download a password manager (LastPass, Dashlane, RoboForm)

and make sure to not sync passwords between your high security
device and your low security device.

Stop what you’re doing right now, check your system. If you have any
level 1 data, on your computer move it now and ideally change it after
moving it!

Level 2 Data

Any data which on it’s own can not grant the hacker access to any of
your funds or important data is considered level 2. This means If a
hacker were to gain access to a level 2 password they would still be
unable to actually access anything vulnerable.

Level 2 passwords are to be randomly generated by your password

manager and should never be typed, always copy and paste from your
manager without revealing the password in case you are being watched
or key logged.

STEP 7 EMAILS
Old emails with lacklustre passwords are a common point of entry for
hackers. If you’ve had it for a while and used it for multiple websites,
chances are you want to get rid of it.

You can see if your email is compromised here.

Master Emails

These are to be made using ProtonMail. These are for your exchanges,
bank accounts, investment platforms and any other platform that are
sensitive. These are also used to back up your secondary emails.

Secondary Emails

You can use other emails at your convenience for less sensitive
accounts.

Every email should have 2FA.

STEP 8 EXCHANGES
When our funds are on exchanges we take on countless risks, as
traders/investors we must manage this like any other.

There is no 3rd party you should trust with your crypto. Exchange tips;

 Use exchanges to on ramp and off ramp your crypto.

 Deposit only what you need to buy/sell then take it off the
exchange.
 Only use reputable exchanges.
 Only use them on your high security device.
 Every exchange must be backed by a master email, cold device
2FA and a secure password.
 Set a global lock that requires a minimum wait time before
settings are changed.
 If you have no plans or need to withdraw the funds in the near
future set a large minimum wait time on withdrawals.
  Use leverage as a means of reducing counterparty risk.
 Whitelist your addresses and set a lock on adding new addresses.

STEP 9 PROTECT YOUR FRIENDS AND FAMILY

This last step is really important. If a hacker gets sensitive info from
someone you love, they can leverage that to blackmail you.
Unfortunately, some hackers are just malicious people, they won’t even
want anything other than to hurt you.