Account Lockdown Unique, strong passwords on email, exchange, and wallet apps (use a manager). 2FA enabled via authenticator app (not SMS) on all critical accounts. Recovery codes stored offline with your backups. Carrier PIN set with your mobile provider (SIM-swap protection).
Wallet Hygiene Seed phrase written on paper/steel and stored in 2 safe places. Seed phrase never typed into a website or saved as a photo/screenshot. Biometric / passcode enabled on wallet app and device lock screen. Hardware wallet set up for long-term holdings (recommended for savings).
Transaction Safety Small test send first; confirm receipt before larger amounts. Network double-checked (e.g., ETH on Ethereum, not Bitcoin). Recipient address verified by copy/paste + visual checksum (first/last 4 chars). Use trusted, bookmarked URLs for exchanges and bridges.
Device & Browser OS and apps up to date; automatic updates on. Browser extensions trimmed to only what you need; no sketchy add-ons. Phishing filters and popup blockers enabled. Use a dedicated browser profile for crypto.
Red Flags “Support” DMs/emails asking for your seed phrase or to “verify wallet.” Unrealistic yields, no audits, anonymous teams. Links sent by strangers; always navigate from bookmarks. New tokens without liquidity or legitimate listings.
Backup & Recovery At least 2 backups stored separately (home safe + trusted relative/safe-deposit). Documented recovery steps for each wallet/account. Printed contact list for exchanges/wallet vendors for emergencies. Periodic “fire drill”: restore a wallet from seed (with empty wallet) to test.
Emergency Plan If hacked: disconnect internet, move funds to fresh wallet/hardware, rotate passwords. Notify exchange support and your email provider; revoke malicious token approvals. Keep a written plan and share basics with a trusted contact.