By Nodari Kolmakhidze, Chief Investment Officer at Cindicator

Crypto exchanges have lost billions to hackers in recent years. The ones that survived the attacks have strengthened their lines of defence considerably. The bad guys are now increasingly targeting regular users, simply because it’s easier than going after the big fish.

In this short post, I’ll explain how to protect your crypto holdings from hackers.

Rule #0: diversification

Never put all your eggs in one basket. This is not only about having an optimal portfolio strategy. Store your crypto in different wallets, crypto exchanges, and devices. You may even go as far as storing cold wallets in different physical places. This brings us to the next point...

1. Use hardware wallets

It’s best to store your private keys in a hardware wallet or cold wallet. A hardware wallet stores your keys offline separately from your main.

Hardware wallets have several security advantages:

Private keys are kept in an isolated area of a microcontroller;

The wallet is insulated from viruses and malware that can target a software wallet;

You can sign transactions without exposing private keys to external software.

There are several brands on the market – any one of them is better than just keeping your private key in an unprotected file or on a piece of paper.

If you have partners, you can use multisignature, or multisig wallets. This is when each transaction requires signatures from several private keys. Of course, these signatures could also be made using hardware wallets. But remember to choose your partners carefully, as they will have equal power over your assets!

Also please consider keeping particularly large funds in a multisig wallet even if you don’t have partners. For example, you can create a 3-of-4 multisig wallet (which requires 3 out of 4 signatures) and keep all four keys separately. One key could be kept with you, another in a bank safe, the third at your lawyer’s office, and the fourth at your office. Then, even if one of your keys was stolen or compromised, the attackers wouldn’t be able to get anything. You can simply delete that key afterwards and add a new one to your multisig. Similarly, if a key was destroyed, your remaining keys would be enough to delete the old signee and add a new one.

2. Don’t hold everything in crypto exchanges

While the days of Mt. Gox are gone and the biggest crypto exchanges are now major businesses with world-class cybersecurity, it’s still best to keep your long-term holdings outside of exchanges.

Here are just a few reasons why you should keep your crypto off exchanges even if the risk of a hacker attack on an exchange is low:

You are more likely to be targeted by a phishing attack that might mimic the exchange interface and lead you to give out your login credentials; If something goes wrong with the exchange (legal action, regulatory crackdown, tech failure) your assets would be at risk (Rule #0, diversify!); KYC/AML regulation might suddenly change and you could have difficulties accessing your account or might even be locked out for an unknown period before you provide the required documents.

To secure assets that you do keep on exchanges, don’t forget to activate two-factor authentication. It’s better to use the Google Authenticator app and avoid using SMS as a means of 2FA. Your SIM card could be easily compromised.

Unless you use crypto as capital for short-term trades, keep it offline and away from exchanges. Reduce your reliance on intermediaries, as this is what cryptocurrencies are about.

Pay attention to news and updates for your computer, operating system, your hardware wallet and any relevant software. Updates and patches usually eliminate vulnerabilities when they become known, so install them as soon as they come out. This won’t guarantee that you’re safe from new types of attack, but at least you won’t leave any doors open.

It should go without saying that you should always use different passwords for all of your accounts. You should also regularly update your passwords as there have been cases where old passwords were compromised and used to steal funds.

4. Make test transactions

Remember, if you make a crypto transaction it’s irreversible! Before sending a large amount of crypto anywhere, make a small test transaction. Then check if the amount was received. Otherwise, you can lose your crypto by sending it to the wrong address or to a wallet that doesn’t support this transaction.

5. Keep quiet and stay safe

Don’t forget about the physical security of your wallets and yourself. There have been stories of physical assaults on crypto personalities who have been flaunting their new wealth. The fewer people who know about your holdings, the better.



These tips are relevant to both novice and experienced traders. Everyone has heard about Ian Balina’s story related to Evernote. Even if you are a very skilled and seasoned investor, don’t neglect essential security rules.

Do you have any additional advice? Please share in the comments below.