1. Digital Security Practices
a. Hardware Wallets (Cold Storage)
• Tools: Ledger, Trezor, Keystone, or Coldcard.
• Purpose: Keeps private keys offline, away from potential online threats.
• Best Practice: Always initialize and verify hardware wallets on secure, air-gapped machines if possible.
b. Secure Password Management
• Tools: Bitwarden, 1Password, KeePassXC (air-gapped for extreme security).
• Best Practice: Use long, unique, randomly generated passwords for every platform. Never reuse passwords.
c. Multi-Factor Authentication (MFA)
• Tools: Authy, Google Authenticator, or hardware-based MFA like YubiKey.
• Best Practice: Never use SMS-based 2FA for exchanges. Opt for TOTP or hardware security keys.
d. VPN and Network Hygiene
• Tools: ProtonVPN, Mullvad, or self-hosted VPNs.
• Best Practice: Avoid public Wi-Fi. Use VPNs to encrypt traffic and mask IP addresses when accessing exchanges or wallets.
e. OS and Device Security
• Practices:
• Keep OS and apps up-to-date.
• Use a dedicated device (ideally air-gapped or Linux-based) for crypto activity.
• Use antivirus + firewall, and disable unnecessary background services.
f. Seed Phrase Protection
• Storage: Never store seed phrases digitally (e.g., in notes or screenshots).
• Methods: Use metal backups (e.g., Cryptosteel, Billfodl) to prevent damage from fire or water.
• Split Seed Storage: Use Shamir’s Secret Sharing or split phrases across trusted locations.
2. Physical Security Measures
a. Offline Backups
• Store seed phrases or encrypted USBs in physically secure locations like:
• Bank safety deposit boxes
• Home safes (fireproof, bolted down)
• Trusted third-party vaults
b. Geographic Redundancy
• Keep backups in at least two physically separate, secure locations in case of natural disaster or theft.
c. Tamper-Evident Packaging
• For storing seed phrases or wallets—so any unauthorized access attempt is noticeable.
3. Platform Security (Exchanges, DeFi, etc.)
a. Trusted Platforms Only
• Use only reputable exchanges with strong security records (e.g., Binance, Kraken).
• Keep only minimal funds on exchanges—transfer profits to cold storage regularly.
b. Withdrawal Whitelists
• Set withdrawal address whitelists so funds can only be sent to approved addresses.
c. Phishing Protection
• Bookmark official URLs; never click exchange links in emails or DMs.
• Use browser extensions like MetaMask or Rabby cautiously and with hardware wallet confirmation.
4. Personal Operational Security (OpSec)
• Avoid talking publicly about holdings or security setups.
• Mask IP and location using Tor or VPN.
• Be cautious of social engineering (e.g., fake support agents, airdrop scams).
Bonus: Advanced Techniques
• Multisig Wallets: Use multisig (e.g., with Casa, Unchained Capital, or Electrum) for higher-value holdings.
• Self-hosted Node: Run a Bitcoin or Ethereum full node to verify transactions without relying on third parties.
• GPG Encryption: Encrypt sensitive documents and communications related to wallets and recovery.
