How to protect a crypto wallet from stealers and theft

Hardware Wallet: Store private keys offline. This is the foundation of security.

Reliable 2FA: Use hardware U2F keys (e.g., YubiKey) to protect exchange accounts.

Physical Backup: Record your seed phrase on a metal plate and store it in a secure location. Never store it digitally.

Multisig: For large sums, use wallets that require multiple signatures for a transaction.

Regular Audit: Periodically check and revoke token approvals using services like Revoke.cash.

p>Custodial Wallet: Your private keys are stored by a third party (e.g., an exchange). You trust them with the security of your funds./p>

p>Non-Custodial Wallet: Only you control the private keys. This gives you full control but also full responsibility. Examples: MetaMask, Ledger, Trezor./p>

p>Mnemonic / Seed Phrase: A sequence of 12 or 24 words — the master key to your funds in a non-custodial wallet. Its compromise is equivalent to the loss of assets./p>

p>BIP39 Passphrase: An additional secret phrase that, together with the seed phrase, creates a completely new wallet. If an attacker steals the seed phrase, they will not gain access to the wallet protected by the passphrase without it./p>
blockquote>
p>Recommendation: Use a unique phrase of 16+ characters. Do not store it digitally.

Warning: Loss of a passphrase is irreversible. Different wallets may have incompatibilities due to differences in UTF-8 normalization./p>
/blockquote>

p>Multi-Sig (Multisignature): Technology that requires signatures from multiple private keys (e.g., 2 out of 3) to authorize a transaction. Similar to a bank safety deposit box requiring two keys./p>

What is the total value of my assets? Protecting $1,000 is different from protecting $1,000,000.

How public is my persona? Public figures are more attractive targets.

What services do I use? DeFi protocols carry more risks than simple Bitcoin storage.

p>Novice (<$5,000):/p>
ul>
li>Hardware wallet + Reliable 2FA (U2F) + Physical seed phrase backup.

p>Experienced User (>$50,000):/p>
ul>
li>All of the above + Multisig + Regular approval audits.

p>Large Holder / Whale (>$500,000):/p>
ul>
li>All of the above + Air-gapped computer for signing transactions + Distributed key storage + Legal procedures for inheritance.

Stealers: Malware that steals seed phrases, passwords, and session tokens from browsers.

Malicious Browser Extensions: Disguised as legitimate tools but intercept data in the background.

Clipboard Hijacking: When you copy a wallet address, a virus silently replaces it with the attacker's address.

DNS and BGP Attacks: Redirecting you to a phishing site even if you enter the correct address.

Phishing: Fake websites for exchanges, wallets, or services.

Fake Support: Scammers on Telegram and Discord pose as administrators and ask for your seed phrase or for you to connect your wallet to a malicious site.

Screenshot Phishing: Asking for a screenshot for "diagnostics" in the hope that sensitive information will be captured.

Buy only from official vendors to avoid device tampering.

Generate the seed phrase only on the device itself during initial setup.

Update firmware only through the official app (Ledger Live, Trezor Suite).

Metal Plates: Use devices like Cryptosteel or Billfodl for protection against fire and water.

Distributed Storage: Store backups in several physically separate and secure locations (e.g., at home and in a bank vault).

Inheritance Planning: Prepare clear instructions for a trusted person or heirs in case of unforeseen circumstances.

Multisig: Distributes control over funds. For Ethereum/EVM use Safe (formerly Gnosis Safe), for Bitcoin use Specter Desktop. A common mistake is storing all keys for a multisig wallet in one place.

Shamir’s Secret Sharing: Allows you to split a seed phrase into several "shares." Restoration requires a set number of shares (e.g., 3 out of 5). This standard (SLIP-0039) is incompatible with regular BIP39. Ensure your wallet supports it (e.g., Trezor Model T).

Priority — U2F/FIDO: Hardware keys (YubiKey) provide the highest level of phishing protection by requiring physical presence for authentication.

Offline Apps: Use Aegis Authenticator (Android) or FreeOTP (iOS/Android), which allow you to create backups.

Authy: If you use Authy, disable the Allow Multi-device function and set a strong password for encrypted backups.

Backup Codes: Save them in a secure offline location.

Do not use Root (Android) or Jailbreak (iOS): This breaks the OS's built-in security mechanisms.

Separate Device: Ideally, use a separate smartphone exclusively for cryptocurrency operations.

Disable Cloud Backups: For wallet apps, disable backups to avoid accidentally uploading your seed phrase to iCloud or Google Drive.

Install Apps Only from Official Stores: Use Google Play or Apple App Store and beware of fake apps.

Review Permissions: In Chrome, open chrome://extensions. Pay special attention to the permission "Read and change all your data on the websites you visit."

Use Profiles: Create a separate browser profile for crypto work, where only verified extensions are installed (e.g., MetaMask and the hardware wallet extension).

Script Blockers: NoScript or uMatrix can prevent the execution of malicious code on phishing sites.

Delete Unused Items: Regularly delete unused extensions.

Verification on Hardware Wallet: Always verify the full recipient address on the device screen against the original. The hardware wallet screen is a trusted environment.

Checksum Verification: Ethereum addresses (EIP-55) use mixed-case letters as a checksum. If you copy an address with an error, the wallet will issue a warning.

Beware of Homograph Attacks: Attackers may use similar characters in domain names (e.g., myetherwallet with a Cyrillic е).

Test Transaction: When transferring a significant amount, first send a minimal amount.

LiveUSB with Linux: A bootable flash drive with a Linux distribution (e.g., Ubuntu) creates a temporary, clean operating system.

How to Safely Create a LiveUSB:
ol>
li>Download the ISO image from the official site.

Verify the file integrity (hash sum). On Linux/macOS:

sha256sum ubuntu-24.04-desktop-amd64.iso

Verify the PGP signature to confirm authenticity:

gpg --keyserver-options auto-key-retrieve --verify SHA256SUMS.gpg SHA256SUMS

Create a bootable flash drive using Rufus or BalenaEtcher.

Seed Phrase/Private Key Compromise: The most dangerous scenario. The only chance is to outpace the hacker.

Session Compromise / Malicious Approval: You have more time. Revoking permissions may help.

p>Isolation and Creation of a Clean Wallet:/p>
ul>
li>Immediately disconnect the infected device from the internet.

On a clean, uninfected device (another computer, new phone), create a new wallet.

p>Race to Save Assets (Front-running):/p>
ul>
li>Import the compromised seed phrase into a reliable wallet on a clean device.

Immediately create a transaction to transfer all assets to your new, clean address.

Set the highest possible Gas fee. Your goal is for miners to process your transaction before the hacker's transaction.

p>Revocation and Data Collection:/p>
ul>
li>Only after attempting to save funds. If NFTs or tokens remain on the wallet, use Revoke.cash to revoke permissions.

Save the attacker's addresses and transaction hashes.

Evidence Gathering: Take screenshots, save transaction hashes, attacker addresses, and any correspondence.

Platform Notification: Report the hack and the hacker's addresses to the support services of exchanges (Binance, Coinbase, etc.). They may freeze funds if the attacker tries to deposit them.

Contact Law Enforcement: File a report with the cybercrime division in your country, providing all collected evidence.