How to Keep Your Crypto and NFTs Safe: 8 Key Tips

If you've ever sent crypto to the wrong address, you'll know that sinking feeling: there's nobody to call, and no way to get it back. Blockchains are distributed networks with no central authority, and while decentralisation brings plenty of advantages, it also means there's rarely anyone who can reverse mistakes or recover lost funds. In practice, keeping your crypto safe comes down to personal responsibility more than anything else.

Here are eight tips to help you protect your wallet and digital assets.

1. Use a hardware (cold) wallet for long-term storage

One of the safest ways to store crypto is with a cold wallet – a device that keeps your private keys offline. Unlike internet-connected "hot" wallets, like MetaMask or Trust Wallet, cold wallets are far less vulnerable to malware or remote attacks. Manufacturers like Ledger offer various models of USB-like devices which come with pre-installed security layers and encryption features.

That said, don't leave it lying around – if someone gets hold of the device or your recovery phrase, your funds can still be compromised.

It's also essential to back up your recovery phrase (sometimes called a seed phrase) offline. Many users store it on paper or metal plates kept in a secure location. Never store this phrase digitally or share it with anyone.

2. Keep your software up to date

Whether you use a phone, computer or hardware wallet, always install updates when available. New versions of operating systems, wallets, and browser software often patch security vulnerabilities that attackers actively exploit. Enabling automatic updates where possible is a simple habit that goes a long way.

3. Be cautious on public networks

An obvious one to some, but not to others. Public WiFi connections are notoriously unsafe and information is often compromised when using them. If you absolutely must use a public network for whatever reason, a VPN can be used to hide your IP address and location, and it can help prevent the tracking of your online activity. Another option is to connect to your phone hotspot, rather than the WiFi.

4. Enable strong authentication

Multi-factor authentication (MFA) makes it significantly harder for attackers to access your accounts. Data from Microsoft shows it can block more than 99.9% of automated attempts, and it only takes a few minutes to set up. Where available, use authenticator apps or hardware security keys rather than SMS codes, which can be vulnerable to SIM-swap attacks. Some services now support passkeys, which provide strong protection against phishing.

5. Stay alert to phishing and scams

Phishing remains one of the most common ways people lose crypto, and the tactics are getting more convincing. Attackers often impersonate legitimate platforms, support staff, or project teams to trick users into revealing credentials or signing malicious transactions.

If something feels off, it probably is. Watch for:

• Urgent requests to act immediately
• Slightly misspelled website addresses
• Messages claiming you must "verify" your wallet
• Links sent via email, text, or social platforms

Bookmark important sites and access them directly rather than clicking unsolicited links. Be especially cautious on Discord, Telegram, and X, where impersonation scams are rife.

6. Choose reputable exchanges, and don't store more than necessary

Not all exchanges are equal. Use well-known, regulated platforms (Kraken, Gemini, Coinbase and Binance are just a few) and enable all available security features. Just keep in mind that exchanges are custodial services, meaning they're technically in control of your assets while they're held there, not you.

For large holdings or long-term storage, many people prefer to move funds into a self-custody wallet.

7. Use strong, unique passwords

Reusing passwords across services is one of the easiest mistakes to make, and one of the most costly. Use long, unique passwords for each account, ideally generated and stored by a password manager. Avoid anything tied to personal info like names or dates.

8. Separate everyday funds from long-term holdings

If you regularly interact with DeFi apps, NFT marketplaces, or trading platforms, it's worth using a dedicated wallet for daily activity. Keep larger holdings in a separate wallet that you rarely touch. This limits the damage if a wallet gets compromised or you accidentally approve a dodgy transaction. Think of it like not keeping all your cash in your back pocket.