💸How To Keep Your Crypto Accounts Secure From Hackers 🔐

For the last 3 days, someone has been trying really hard to hack my crypto accounts. I keep getting password reset requests across multiple services.

This happens a lot, and I never know if they are targeting my email because it’s short ([email protected]) or targeting me because of my reputation.

This is how I protect myself - and you should too:

1: I use Bitwarden as my password manager. Every single service I use has a unique, strong password. I only need to memorize a single very strong master password to log in to the hundreds of services I use. (If you’re like me and struggle to memorize special-character gibberish, consider using sentences instead.)

2: ALL my accounts use multi-factor for access, either using my Yubikey or a TOTP time-based token. I use LastPass Authenticator for this, so my tokens are backed up. (The LastPass account for my TOTP tokens isn’t used for anything else.)

3: I don’t keep any crypto at exchanges, other than to quickly buy and sell it, so even if my account is hacked, there is nothing to steal. (Someone please let my poor hacker know.)

4: I use a FIDO2 security key (Yubikey) with all my accounts. It’s a tiny physical device that is required to log in to my email, crypto services, etc. To verify, I just touch my key.

5: For any online services that hold my crypto, I enable “cool down” periods. Both Celsius and Nexo support a whitelist of permitted withdrawal addresses. If you want to add another address, I get notified and have 24-48 hours to cancel the change.

6: To protect against sim-swapping, I try not to use my cell number for any service. I have a Google Voice number behind a hardware key. My cell number isn’t linked to any service.

7: I have just 4 passwords in my life:

A: My Bitwarden master password for my credential management

B: My computer password to sign in and decrypt to all my devices

C: My Bitcoin hardware wallet passphrase(s)

D: My VeraCrypt password for an encrypted volume on my hard drive, used to secure any secrets that I can’t secure with my hardware wallet, like GPG keys.

8: I have a paper in a safe place listing all my non-crypto and crypto accounts. I sat down with my wife and showed her to log in to all my accounts. We have a trusted friend who can help her regain access if something happens to me. (Please don’t forget this part if you have a family and a crypto stash!)

9: I may or may not have multiple hidden wallets on my Trezor. If you steal my wallet seed AND force me to disclose the passphrase, you may or may not access my real wallet. I do not talk about how much crypto I may or may not own.

10: Off-topic, but my home is also protected by multiple layers of digital and physical security, such as Blink cameras all around.