If you’ve been in crypto for more than a few months, you’ve probably heard the line: “Not your keys, not your coins.”
It sounds like a meme—but it’s actually the core of the whole game.

The good news: you don’t need to be paranoid or an “IT wizard” to stay safe. You just need to cover the 80% of actions that prevent 99% of stupid losses.

Illustration of a crypto wallet, a key, and a security lock on a dark background

The first rule: whoever holds the keys holds the money

In crypto, there is no “reset my password” for a private key. There are only three real scenarios:

1) Custodial (the exchange holds the keys)

Example: you keep everything on an exchange.
Pros: simple—“login + 2FA” and you’re done.
Cons: risk of hacks, account freezes, operational failures, regulatory issues, and the classic: “not our fault, but your funds are gone.”

Practical rule: an exchange is fine for trading and a smaller “operating” balance—but not for long-term savings.

2) Hot wallet (you hold the keys, but the device is online)

Example: a wallet app on your phone or a browser extension.
Pros: fast access to DeFi, NFTs, swaps.
Cons: malware, phishing, fake links, “approve” traps, a compromised device.

Practical rule: a hot wallet is like cash in your pocket. Keep what you need, not your life savings.

3) Cold wallet (hardware wallet)

Example: a device that signs transactions offline.
Pros: best protection from malware/phishing (the private key never leaves the device).
Cons: you must get organized about your seed phrase and backups.

Practical rule: a cold wallet is a safe. That’s where the majority should live.

10-step checklist: security that actually works

This is the part worth saving (or printing).

1) Never photograph your seed phrase or store it on your phone

  • Not in Notes
  • Not in Google Drive
  • Not in an email draft
  • Not in screenshots

Your seed is the key to the safe. If someone gets it, they can take everything—no appeals.

2) Back up your seed in two separate places

At minimum:

  • 1 copy with you (secure location)
  • 1 copy in a second location (another home, a safe deposit box, a trusted person)

The point: fire/flood/burglary should not be “game over.”

3) Always use 2FA—and use an app, not SMS

SMS is easy to attack (SIM swap).
Better: an authenticator app + backup codes stored offline.

4) Use a “clean” device or at least a clean browser profile for crypto

Ideally:

  • a separate browser profile just for crypto
  • no random extensions
  • no pirated software
  • keep your OS updated

If your computer is a “junk drawer,” at least keep crypto work in a more sterile environment.

5) The most common attack is phishing, not hacking

An attacker doesn’t need to “hack your wallet.” They just need to get you to:

  • click a fake link
  • connect your wallet
  • sign an “approve” that grants token access

Habit that saves you: type URLs manually or use bookmarks you created yourself.

6) Double-check addresses and send a test transaction

For larger amounts:

  • send a small test first
  • then send the rest

Yes, it’s annoying. It’s still less annoying than “I sent it to the wrong network.”

7) Don’t use one wallet for everything

Separate:

  • a “DeFi / experiments” wallet
  • a “savings / cold storage” wallet

If your DeFi wallet gets compromised, at least you don’t lose everything.

8) Watch your approvals (permissions)

Once you approve a token, a smart contract may be able to spend it.
Periodically:

  • review approvals
  • revoke permissions you no longer need

This is a “silent leak” that drains people without them understanding what happened.

9) Have a plan for what happens if something happens to you

Minimum:

  • where the seed is stored
  • how to use it
  • who you trust
  • clear instructions (sealed envelope, notary, safe, etc.)

Crypto without an inheritance plan can become permanently lost wealth.

10) If it feels “too good to be true”—it is

“Airdrop gift,” DM “support,” “verify your wallet,” “urgent action required”…
These are almost always scams.

One rule: real support will never ask for your seed. Ever.

Conclusion

Crypto security isn’t an obsession—it’s a few healthy habits. If you follow these 10 steps, you massively reduce the chance of losing funds in the dumbest possible way.

Disclaimer: This article is for informational purposes only and does not constitute investment, legal, or any other professional advice.