How to store crypto safely

Learn how to use cold wallets and other strategies to protect your crypto.

  • Facebook.
  • Twitter.
  • LinkedIn.
  • Print

Key takeaways

  • Like any digital asset, bitcoin and other cryptocurrencies are vulnerable to hackers and pump-and-dump scams.
  • Knowing how to store your crypto investments can help reduce the chance of theft.
  • Investors should consider storing crypto either with a trusted custodian or in a cold wallet.

While security is gradually improving across the crypto industry, cyberattacks still happen. In June 2022, hackers stole $100 million from the crypto transfer platform Horizon Bridge. In September 2020, they made off with over $281 million from KuCoin, one of the largest crypto exchanges. In August 2021, they swiped more than $610 million from the blockchain platform Poly Network. 

Get more Viewpoints. Sign up for the Fidelity Viewpoints® weekly email for our latest insights. Subscribe now.

In addition to these headline-grabbing hacks, smaller phishing scams (i.e., social media and email scams) are continuously occurring.

The good news is you can take steps to help protect your crypto from theft. Here are a few suggestions for improving the security of your crypto investments.

Is cryptocurrency safe?

Crypto is bought and sold on the internet, which means it comes with risks, just as there are with any asset you purchase online.

With that said, there are steps you can follow to help keep your crypto safe, like protecting your passwords and never clicking on suspicious links. While many of the following strategies may sound familiar to anyone who has invested in stocks or commodities, crypto cybersecurity has some additional nuances we'll explore below.

How do cybercriminals steal crypto?

Before we look at how to help keep your crypto safe, let's identify some of the ways your investments can be targeted. In general, cybercriminals favor the following methods:

  • Exchange attacks. Hundreds of millions of dollars of crypto are kept on exchanges. Platforms with security vulnerabilities have been targeted in the past.
  • Phishing emails or direct messages on social media. These include fake giveaways and fraudulent confirmation emails. They're designed to look like they're from an exchange or the development team of the cryptocurrency you're invested in. The goal is to get you to click on a fake link that gives the scammer access to your crypto wallet.
  • SIM swaps. A bad actor who obtains your phone number may be able to gain control of your phone by contacting your carrier and requesting a new SIM card. This gives them the ability to reset the logins to your crypto accounts with 2-factor authentication.

Stealing isn't the only way cybercriminals can defraud the market. They can also use pump-and-dump scams (known as "rugs"), where bad actors hype a coin to attract new investors. Once the price reaches a peak, they sell all their holdings at a profit and send the price falling.

While not technically hacks, these scams can wipe out your entire investment if you're not careful.

Strategies that can help you store bitcoin and other cryptos safely

Here are 4 strategies that can reduce the chances your crypto gets stolen.

1. Choose where to store your crypto

There are 2 primary options to consider: Store your crypto with a trusted custodian, or provide your own custody.

Store your crypto with a trusted custodian
Third-party custodians may be a better option for inexperienced investors. One example of a third-party custodian is traditional trading platforms. These are typically platforms that traditionally offer equities, and are now also offering crypto. There are a few advantages to storing your crypto with this method.

First, you may have a lower chance of losing access to your crypto. If you lose your login, you may be able to work with a dedicated customer service team to recover it. This often isn't the case if you provide your own custody, where it can be impossible to find your login information if you lose it.

Second, keeping your investments secure can be a simpler process if you choose a reputable custodian with years of experience. Providing your own custody can be a complicated, multi-step process with more chances for errors. In contrast, using a third-party custodian may mean you only need to keep track of one username and password.

All things considered, this route may be the most secure strategy for those who don't have time or the desire to learn about the nuances of crypto cybersecurity.

The one drawback to this strategy is that some platforms do not yet provide the ability to send your coins to other wallets. Though this may change in the future, it may also not be a significant downside if your only goal is to use crypto as an investment.

Provide your own custody
If you decide to manage your own security, you'll first buy crypto on a crypto trading platform. When you complete your purchase, it'll initially be stored in a digital account (also known as a "hot wallet") managed by the platform. From there, consider transferring it to a digital crypto wallet or a physical, USB-like device known as a "cold wallet."

The benefit of providing your own custody is that it gives you full ownership of your coins. You can use them however you want, including to pay for goods and services.

The downside is that it can be both more complicated and more risky. If you lose the password to your wallet, or accidentally send your crypto to the wrong wallet address, you won't have access to a customer service department. Cold wallets may protect you from virtual theft, but are still vulnerable to physical theft and damage. Any of these events can result in losing access to your crypto forever.

2. Always research founders' backgrounds before investing

Because anyone can start their own coin, crypto often attracts pump-and-dump scams (commonly referred to as "rugs" or "rug pulls"). In 2015, a Bulgarian woman named Ruja Ignatova launched OneCoin, promising it would soon overthrow bitcoin. After accumulating over $4 billion from investors around the world, Ignatova pocketed the money and disappeared.

New investors may want to consider sticking to cryptocurrencies that have established histories and have survived impactful events. Also look for interest from institutional investors with large research teams. Coins that have institutional interest may be comparatively less likely to be brought down by a single bad actor.

However, if you're committed to exploring relatively unproven coins, always research the founders' backgrounds before you jump in. This might help you spot potential red flags. Ignatova, for example, had a history of frauds and multi-level marketing scams.

3. Only buy through established exchanges with reliable histories

If you choose to buy your crypto on a crypto trading platform instead of a brokerage, choose your exchange carefully, as security features can vary widely.

Consider the example of Canada's largest crypto exchange, QuadrigaCX, whose CEO passed away while traveling in 2018. Because only he had the password to the company's cold wallets, customers suddenly found themselves locked out of their investments.

When choosing an exchange, consider sticking to well-funded exchanges with at least several hundred employees. Also be wary of exchanges that offer high yields, as they are often not sustainable. One example is Voyager Digital, an exchange that advertised yields as high as 12%. In July 2022, the company filed for bankruptcy.

4. Follow commonsense cybersecurity rules

You should also consider following standard cybersecurity recommendations, such as:

  • If you choose to provide your own custody, never share the key to your private or cold wallet with anyone. Just as you would never share your email password, keep your keys safe. Also make sure to write it down, as losing it could mean losing access to your crypto forever.
  • Avoid bragging about how much crypto you have online. To avoid being targeted by SIM swap scammers, the FBI recommends keeping details about your financial holdings private.
  • Check twice before you click an email link. Phishing scams are common in crypto. If you receive an email that looks like it's from your exchange, first check to see that the domain address is correct. For example, an email from Coinbase should come from an @coinbase.com address. When in doubt, contact your exchange's customer support team to verify the email is legitimate.
  • Never click a link in a direct social media message. Exchanges will rarely contact you through direct message on social media, unless you've initiated it by contacting their support team. Sending fraudulent social media message links is currently one of the most popular phishing strategies.
  • Set 2-factor authentication for all accounts. This is where you must enter an additional code beyond your basic username and password to access your account. This code is usually sent to either your mobile phone or email, and adds an added level of security in case your login information is hacked.

Are crypto exchanges safe?

As we noted in the section "Choose where to store your crypto," crypto exchanges come with both benefits and risks.

Investors should consider their personal risk tolerance before choosing how to invest. Those who aren't interested in learning the nuances of crypto cybersecurity may feel more confident keeping their investments in an established brokerage.

The bottom line on keeping your crypto safe

Hacking stories may be scary, but the reality is there are ways to lower the chances of losing your investments if you follow commonsense steps.

For most, the least stressful strategy will be to keep it on a trusted brokerage platform, where security measures are taken care of for you. If you'd rather provide your own custody, consider transferring your investments to a cold wallet.

Never click on links without first verifying the source, and think about sticking to blue-chip coins if you are new to crypto. Take these precautions and bad actors will likely have a harder time getting your coins.

Next steps to consider



Research investments


Get industry-leading investment analysis.



Trading guide


Learn what you need to know before trading the market.



Learn about another way to invest


Managed accounts offer professional, personalized portfolios.

  • Facebook.
  • Twitter.
  • LinkedIn.
  • Print
close
Please enter a valid e-mail address
Please enter a valid e-mail address
Important legal information about the e-mail you will be sending. By using this service, you agree to input your real e-mail address and only send it to people you know. It is a violation of law in some jurisdictions to falsely identify yourself in an e-mail. All information you provide will be used by Fidelity solely for the purpose of sending the e-mail on your behalf.The subject line of the e-mail you send will be "Fidelity.com: "

Your e-mail has been sent.
close

Your e-mail has been sent.

Sign up for Fidelity Viewpoints®

Get a weekly email of our pros' current thinking about financial markets, investing strategies, and personal finance.