5 Security Measures Crypto Investors Should Take in Bull Markets

If the last few years have taught us anything about crypto, it’s that it’s no different from any other asset class in this regard: Where there is a potential fortune to be made, scammers are never far behind. Now that the crypto market is rallying, investors need to be extra vigilant about keeping their investments secure, whether they’re HODLing or seeking new ways to invest in crypto.

This month, the price of bitcoin—indisputably the most important proxy for the health of the crypto market as well as the public perception of crypto—surpassed $50,000 for the first time since December 2021. A lot has happened since 2021: For one thing, every major bank has started throwing major resources into crypto and its underlying technology. Given the combination of the bull market and the increased public belief in crypto as a valid investment, it’s a perfect storm for bad actors to swindle you. Here are some measures you can take to protect your crypto investments.

1. Look out for “imposter scams.”

This is an old standby that’s taken a complicated turn due to the advent of Web 2.0 and social media. Maybe fifteen years ago or so, you might have gotten an email from someone hacking into your friend’s account, saying that they were stuck in a foreign country without money and needed you to Western Union them some funds. Now, it’s gotten more sophisticated: people are impersonating celebrities and influencers on TikTok and Instagram to slide into your DMs, asking for your crypto.

Read more: House Hearing on Crypto Crime Highlights the Advantages of Crypto for All Uses, Legal and Illegal

In California, according to the state’s Department of Financial Protection and Innovation (DFPI), one unsuspecting citizen was approached by five different “celebrities” on social media, all inviting the victim to take part in various crypto investments—to the tune of $4,700 worth of bitcoin. Basically, don’t send crypto to anyone you meet via your DMs, be it friend or celebrity.

2. Get a hard wallet.

This is another way of saying, “Not your keys, not your crypto.” In other words, if you really care about people stealing your money, you need to keep your “keys” offline on a device not connected to the Internet. This is good advice in any market, and even more so when crypto is at its most valuable.

To be clear, they’re not 100% foolproof—in January of this year, hardware wallet firm Trezor said some of its users’ data may have been compromised in a “security incident.” But at the very least, they’re an additional layer of protection beyond what an online crypto exchange can typically offer a retail customer.

Hard wallets are sometimes called “cold wallets,” referring to the fact that the info is in “cold storage” (again, meaning offline). These days, hard wallets typically resemble USB data sticks.

The question everyone asks is, if I lose my hard wallet, do I lose my crypto? As long as you have your seed phrase—a list of randomly-generated real words that act as a code—you can recover your funds. Otherwise, your crypto is gone.

3. Use multi-sig wallets.

As a corollary to the hard wallet, if you have large holdings, a multi-sig wallet, which is based on smart contract technology, is a good idea. Unlike the typical crypto wallet, which has only a single private key, multisig wallets require multiple signatures (hence, multi-sig) to access them. Think of the formerly-common safety deposit boxes that banks have; in order to open those, you have to present your ID to the bank employee; then both you and the employee have to each use separate keys to take out your box.

Multi-sig works on the same principle, but imagine that not just you and the bank, but other parties also needed keys. The smart contract aspect of multi-sigs means that they can be unlocked if and only if certain conditions are met. So even if one party were to get hacked for their signature, the funds would theoretically still be safe.

4. Start using a password manager.

Remember when they used to say, “Pick a password that is easy for you to remember, but hard for others to guess?” Absolutely forget about the first part of that sentence. If you’ve been using variations of the same cute password for years because you can remember it by heart, you’re very much behind the times. It’s 2024; Changing “CatNameAndBirthdateFall” to “CatNameAndBirthdateWinter” would take less than a second for a password cracker to guess. Unfortunately, it’s time to suck it up and use the ridiculously long, gobbledygook passwords from a random password generator. Browsers such as Chrome and Safari automatically offer this feature for free; they also conveniently store the passwords for you.

Some experts, though, advise not using the browser-version password manager. According to ZDNet, the standard browsers are so widely-used that “this places a target on the browser’s back;” in other words, hackers will specifically target browser-based password managers. You might be better off using a dedicated password manager like Dashlane, NordPass, or 1Password (this list is illustrative and not an endorsement). Often, such apps are free if you use them on a single device (just your computer, for example) but paid if you want to use the app across multiple devices (your computer, your phone, your tablet, etc.)

If in doubt, security.org has a popular free tool to allow you to determine the strength of your password, telling you exactly how much time it would take a standard computer to crack that password.

5. Use a reputable trading platform.

These days there are so many trading platforms that it’s not unusual to encounter one you’ve never heard of. While it’s trendy now in general for people to support small/local business, crypto trading is absolutely not the right situation to do this. Brand names matter. The California DFPI reported an unfortunate incident in which someone “was convinced by ‘Emily from San Francisco’ to trade cryptocurrency on her exchange, ’100Ex.’” The victim then received an email saying that their $2,000 initial investment had gone up 50-fold, but guess what, in order to access that money, they had to pay taxes on it. And if the taxes were late, a 5% penalty would be assessed.

If you’re not sure which trading platforms you should be dealing with, Investopedia regularly updates its assessment of the Best Crypto Exchanges and Apps, and the self-described “web3 learning hub” BitDegree has a searchable tool that allows you to compare the pros and cons of various exchanges.

A Final Tip

Since financial technology and crypto are developing at an increasingly accelerated rate, it’s hard to keep up with all the ways people will try to separate you from your money. The state of California’s DFPI addressed that issue last year with its headline-making “Crypto Scam Tracker,” which reports an ongoing log of crypto-related scams in the state (the identities of all parties are kept confidential). It’s not a bad idea to check it out, be it for entertainment, education—or as a collection of cautionary tales.

UPDATE (Feb. 22 12:58 pm. ET): Added information to section on using a reputable trading platform.