#CryptoSecurity101

🔒 Core Principles

1. Your Keys, Your Crypto

→ If you don’t own the private keys(e.g., using exchanges only), you don’t fully control your assets.

→ Use non-custodial wallets (Hardware > Software) for true ownership.

2.Phishing & Scams

→ NEVER share seed phrases, passwords, or 2FA codes. Legitimate services won’t ask.

→ Double-check URLs (fake sites like metamask-airdrop.com).

→ Ignore "urgent" DMs/emails (e.g., "Your wallet is compromised!").

3.Wallet Security

→Hardware Wallets (Ledger/Trezor) are safest for large holdings.

→ For software wallets:

- Download only from official sources.

- Use strong passwords + encryption.

- Backup your seed phrase offline (metal plate > paper) and never digitize it.

4. Smart Contract Risks

→ Audit unknown DeFi protocols/dApps (check sites like [DeFiLlama](https://defillama.com) or [CertiK Skynet](https://skynet.certik.com)).

→ Revoke unused permissions via [Revoke.cash](https://revoke.cash).

⚠️ Critical Threats

- Fake Support: Scammers impersonate admins on Discord/Twitter. Block & report.

- Malware: Use antivirus, avoid pirated software.

- SIM-Swap Attacks: Disable SMS 2FA; use Authenticator apps or hardware keys (YubiKey).

- Rug Pulls: Research projects! Unverified teams + unrealistic APY = 🚩.

🛡️ Best Practices

- Multi-Factor Authentication (MFA): Always enable 2FA (not SMS!) on exchanges.

-Separate Environments: Use a dedicated device/phone for crypto transactions.

- Cold Storage: Keep >90% of assets offline.

- Verify Contracts: Manually check token contract addresses (scammers copy/paste popular tokens).