Crypto has no fraud department and no chargebacks; security is entirely front-loaded. The good news: a short list of habits prevents the overwhelming majority of real-world losses.
Account Layer
Use an authenticator app or hardware key for 2FA — never SMS, which falls to SIM-swap attacks. Unique password per exchange via a password manager. Enable withdrawal address allowlisting with a time delay, so even a compromised login can't drain funds to a new address immediately.
Wallet Layer
Seed phrases on paper/steel only — never photos, cloud notes, or typed into websites. Any site or 'support agent' requesting your seed is a scam, always, without exception. On DeFi-connected wallets, review token approvals quarterly (revoke.cash) and treat every unexpected signature request as hostile.
The Phishing Pattern
Nearly all crypto theft is social: fake exchange login pages from search ads, urgent 'your account is compromised' emails, wallet-drainer sites promoted through hacked accounts, and 'giveaway' impostors. The universal defense is procedural: never click through to financial sites from ads/emails — use bookmarks — and treat urgency itself as the red flag.
Frequently Asked Questions
Is keeping crypto on Coinbase safe?
Reasonably, for active amounts — major regulated exchanges have strong security. For long-term holdings, self-custody on hardware removes exchange counterparty risk entirely.
What do I do if I clicked a phishing link?
If you entered credentials: change passwords and rotate 2FA immediately. If you signed a wallet transaction: revoke approvals and move remaining funds to a fresh wallet now.
