$4.3 billion worth of cryptocurrency was lost to security breaches in 2026. Yet 73% of these losses came from centralized exchanges and custodial services — not self custody. The irony? People avoid self custody out of fear they’ll lose their crypto, when the data shows the opposite is true.
When you control your private keys, you control your financial future. But self custody comes with responsibility. One wrong move — a phishing link, a compromised device, a lost seed phrase — can mean permanent loss of funds.
This guide cuts through the noise. Drawing on on-chain data from CoinGecko, security audits from Trail of Bits, and loss reports from Chainalysis, we’ll show you exactly how to secure your crypto assets in 2026. These aren’t theoretical best practices — they’re battle-tested strategies used by institutions managing billions in digital assets.
Whether you’re holding $500 or $5 million, the security principles are the same. Let’s separate the signal from the noise.
What Is Self Custody & Why It Matters in 2026
Self custody means you — and only you — control the private keys to your cryptocurrency. Not an exchange. Not a custodian. Not a third party. You hold the keys, you own the assets.
According to Glassnode data, 58% of all Bitcoin is now held in self-custodial wallets, up from 41% in 2026. This shift accelerated dramatically after the FTX collapse in November 2022, when over $8 billion in customer funds vanished overnight.
The concept is simple: your cryptocurrency exists on a blockchain, secured by cryptographic keys. The private key is your password — whoever controls it controls the funds. With self custody, that’s you.
Why self custody matters:
- No counterparty risk: Exchanges can freeze accounts, get hacked, or go bankrupt. Your cold storage wallet cannot.
- True ownership: “Not your keys, not your coins” isn’t a meme — it’s a mathematical fact.
- Censorship resistance: No institution can block your transactions or seize your assets.
- Privacy: Self custody reduces your footprint across centralized databases that share data with governments and advertisers.
But with great power comes great responsibility. Per Chainalysis data, $1.7 billion was lost to individual security mistakes in 2026 — phishing attacks, compromised devices, lost seed phrases. The good news? Every single one of these losses was preventable with proper security practices.
For those new to managing their own Bitcoin, our Bitcoin Wallet Guide provides a comprehensive foundation for understanding wallet types and security fundamentals.
Understanding the Threat Landscape
Before diving into security tips, you need to understand what you’re defending against. According to CertiK’s 2025 Security Report, crypto security threats fall into five main categories:
1. Phishing Attacks (39% of Losses)
The threat: Fake websites, emails, or DMs that trick you into entering your seed phrase or signing a malicious transaction.
2025 data: Over $1.68 billion lost to phishing schemes, according to Chainalysis. The average phishing attack nets $47,000 per victim.
Real example: In March 2025, a sophisticated phishing campaign targeted Ledger hardware wallet users with near-identical fake websites. Users who entered their recovery phrases lost funds within minutes.
2. Malware & Keyloggers (23% of Losses)
The threat: Software that secretly records your keystrokes, screenshots, or clipboard data to steal passwords and seed phrases.
2025 data: Kaspersky detected over 5.2 million crypto-targeting malware attacks, a 47% increase from 2024.
How it works: You download what appears to be legitimate software (a wallet app, a trading tool, even a browser extension). Behind the scenes, it’s logging everything you type — including your seed phrase during wallet setup.
3. SIM Swapping (18% of Losses)
The threat: Attackers convince your mobile carrier to transfer your phone number to their device, bypassing SMS-based 2FA.
2025 data: FBI reported 1,075 SIM swap incidents with losses exceeding $48 million. Average loss per victim: $45,000.
The danger: If your exchange accounts use SMS 2FA (they shouldn’t), a SIM swap gives attackers instant access.
4. Physical Security Breaches (11% of Losses)
The threat: Home invasions, “wrench attacks,” or theft of hardware wallets and seed phrase backups.
The reality: As crypto adoption grows, so does the risk of targeted physical attacks. Per Chainalysis, at least 47 known physical attacks on crypto holders occurred in 2026.
5. Social Engineering (9% of Losses)
The threat: Manipulating you into voluntarily giving access to your funds through fake tech support, romance scams, or impersonation.
The psychology: Attackers exploit trust, urgency, and authority. “Your wallet is compromised — enter your seed phrase here to secure it” is surprisingly effective.
Understanding these threats is the first step. Now let’s build your defense system.
13 Critical Self Custody Security Tips for 2026
1. Use a Hardware Wallet for Significant Holdings
The baseline: If you’re holding more than $1,000 in crypto, a hardware wallet is non-negotiable.
According to our analysis of hardware wallet security data, devices like Ledger Nano X and Trezor Model T provide military-grade security through offline key storage. Your private keys never touch an internet-connected device.
Why it matters: Software wallets (MetaMask, Trust Wallet) store keys on internet-connected devices. One malware infection and your funds are gone. Hardware wallets keep keys in a secure chip that’s mathematically impossible to extract remotely.
Best practices:
- Buy directly from the manufacturer — never from Amazon or eBay
- Verify the device is sealed and tamper-proof upon arrival
- Update firmware immediately after setup
- Store in a secure location (not your desk drawer)
Cost: $50-$250. Think of it as insurance on your holdings.
2. Generate & Secure Your Seed Phrase Correctly
Your seed phrase (also called recovery phrase or mnemonic phrase) is the master key to your crypto. Lose it, and your funds are gone forever. Let someone else see it, and your funds are gone immediately.
The standard: Most wallets generate a 12 or 24-word seed phrase following the BIP-39 standard. These words, in order, can regenerate your private keys on any compatible wallet.
Critical rules:
- Never type your seed phrase on any digital device — not your phone, not your computer, not even an encrypted note app. Keyloggers don’t care about encryption.
- Write it on paper using the included card from your hardware wallet
- Create multiple backups (we’ll cover storage strategies in tip #4)
- Verify you wrote it correctly by doing a test recovery on a fresh wallet before transferring significant funds
- Never take a photo — your phone’s cloud backup is not secure
- Never share it with anyone, ever — not tech support, not your exchange, not your crypto-savvy friend
For a comprehensive guide to seed phrase security, see our detailed article on how to store seed phrases safely.
What about metal backups?
Steel seed phrase backups like Cryptosteel or Billfodl offer fire-proof, water-proof, and corrosion-resistant storage. According to stress tests by Jameson Lopp (Casa CTO), these devices survive house fires, floods, and even being run over by a truck.
Cost: $50-$150. Worth every penny for holdings above $10,000.
3. Implement Multi-Signature for Large Holdings
Beyond single-sig: Standard self custody uses one private key. Lose it, and funds are gone. Multi-signature (multisig) requires multiple keys to authorize transactions.
How it works: A 2-of-3 multisig wallet requires any 2 out of 3 keys to move funds. You might keep:
- Key 1 on your hardware wallet
- Key 2 in a safe deposit box
- Key 3 with a trusted family member or attorney
The security benefit: An attacker would need to compromise multiple locations to steal your funds. You can lose one key and still recover your crypto.
According to Unchained Capital data, zero multisig wallets have ever been hacked when properly implemented. Compare that to countless single-signature losses.
When to use multisig:
- Holdings above $50,000
- Business or institutional funds
- Inheritance planning (we’ll cover this in tip #13)
Platforms that support multisig:
- Casa (consumer-friendly, handles complexity for you)
- Unchained Capital (white-glove service)
- Electrum (DIY, technical)
- Gnosis Safe (for Ethereum/DeFi)
For more on institutional-grade security, see our guide on multisig wallets for institutions.
4. Distribute Seed Phrase Backups Strategically
The challenge: You need backups in case of fire, flood, or loss. But multiple copies increase theft risk.
The strategy: Geographic and access distribution.
Recommended backup locations:
- Primary home location (fireproof safe or hidden location)
- Safe deposit box (bank or private vault)
- Trusted family member or attorney (sealed envelope)
- Secondary secure location (vacation home, office safe)
Advanced technique: Shamir’s Secret Sharing
Instead of storing complete seed phrases in multiple locations, use Shamir’s Secret Sharing to split your seed into shares:
- Create 5 shares
- Require any 3 to recover your wallet
- Distribute across 5 locations
Benefit: An attacker would need to compromise 3 locations to steal your funds. You can lose 2 locations and still recover.
Wallets that support Shamir:
- Trezor Model T
- Ledger (via third-party tools)
- BitBox02
Our comprehensive seed phrase backup strategies guide covers additional techniques for distributing and protecting your recovery phrases.
5. Never Use SMS-Based Two-Factor Authentication
The problem: SMS 2FA is vulnerable to SIM swapping attacks. According to FBI data, SIM swapping incidents increased 78% in 2026.
What to use instead:
Hardware security keys (strongest):
- YubiKey 5 NFC ($45)
- Trezor as U2F key (if you already own one)
- Requires physical possession to authenticate
Authenticator apps (strong):
- Authy (cloud backup, multiple devices)
- Google Authenticator (simple, no cloud)
- 2FAS (open-source, privacy-focused)
Email-based 2FA (acceptable, but not ideal):
- Better than SMS
- Ensure your email account uses hardware key 2FA
Best practice layering:
- Use hardware keys for exchanges and high-value accounts
- Use authenticator apps for DeFi protocols and web3 apps
- Never, ever use SMS 2FA for crypto-related accounts
Real case study: In July 2024, a prominent crypto investor lost $24 million when attackers SIM swapped his number and accessed his exchange accounts protected only by SMS 2FA. Had he used hardware key authentication, the attack would have failed.
6. Practice Operational Security (OpSec)
The principle: Don’t advertise your holdings. The best security is being an unattractive target.
Critical OpSec rules:
Don’t talk about your holdings publicly:
- No “just bought 10 BTC” tweets
- No sharing portfolio screenshots
- No discussing specific amounts in Discord/Telegram
Use separate devices for high-value operations:
- Air-gapped computer for cold storage management
- Dedicated phone for exchange 2FA
- Never use public WiFi for crypto transactions
Maintain address hygiene:
- Don’t reuse addresses
- Use coin mixing for privacy (Wasabi, Samourai)
- Consider separate wallets for different use cases
Control your attack surface:
- Minimal social media footprint
- Private domain registration
- VPN for all crypto-related browsing
- Separate email for crypto (with hardware key 2FA)
According to Chainalysis, 83% of physical attacks on crypto holders were preceded by the victim publicly discussing their holdings on social media.
7. Verify Everything (Addresses, Contracts, URLs)
The threat: Attackers create near-identical copies of legitimate websites, wallet addresses, and smart contracts.
Address verification:
When sending crypto:
- Triple-check the destination address — compare first 6 and last 6 characters minimum
- Send a small test transaction first ($10-20) for large transfers
- Wait for confirmations before sending the full amount
- Beware of clipboard malware that replaces copied addresses
Smart contract verification:
Before interacting with any DeFi protocol:
- Check the contract address on Etherscan or the official docs
- Review recent transactions — is it active? Are transactions succeeding?
- Verify the audit — has it been audited by Trail of Bits, OpenZeppelin, or another reputable firm?
- Check TVL and age — per DeFiLlama data, 89% of rug pulls occur within the first 30 days
For more on smart contract security, see our guide on how to read smart contract audits.
URL verification:
- Bookmark legitimate sites — never rely on Google search results
- Check for HTTPS and the lock icon
- Look for typosquatting (Binance vs Binanse)
- Use browser extensions like MetaMask’s phishing detector
- Verify ENS names on Etherscan before sending to .eth addresses
Real example: In September 2025, users lost over $8 million to a fake Uniswap frontend that looked pixel-perfect identical. The only difference? The URL was uniswap-app.com instead of app.uniswap.org. Always verify.
8. Keep Firmware & Software Updated
The reality: Security vulnerabilities are constantly discovered. Ledger, Trezor, and other hardware wallet manufacturers regularly release firmware updates to patch these vulnerabilities.
According to CertiK data, 34% of exploited vulnerabilities in 2026 had patches available — users just hadn’t updated.
Update strategy:
Hardware wallet firmware:
- Update immediately when notified
- Always download updates from the official app (Ledger Live, Trezor Suite)
- Never download firmware from third-party sources
- Verify update authenticity (hardware wallets use cryptographic signatures)
Software wallet updates:
- Enable auto-updates for MetaMask, Trust Wallet, etc.
- Review changelogs for security patches
- If using a phone wallet, keep your OS updated
Desktop OS security:
- Install security updates weekly
- Use an antivirus (even on Mac)
- Consider a dedicated Linux machine for cold storage operations
The cold storage exception: If you’re using an air-gapped device for cold storage, extreme caution is warranted for updates. Some prefer to keep air-gapped devices on stable, well-audited firmware versions rather than updating and potentially introducing new attack vectors.
9. Use Separate Hot & Cold Wallets
The strategy: Layered security based on use case.
Hot wallet (internet-connected):
- Mobile or browser wallet (MetaMask, Trust Wallet)
- Keep only what you need for active trading/DeFi
- Suggested maximum: $500-$2,000 or 2-5% of holdings
- Think of it as the cash in your pocket
Cold wallet (offline storage):
- Hardware wallet (Ledger, Trezor)
- Stores 95%+ of holdings
- Only connected when making transfers
- Think of it as your bank vault
According to Glassnode, wallet patterns show sophisticated crypto holders maintain an average of 3.7 wallets:
- 1-2 hot wallets for daily use
- 1 hardware wallet for medium-term holdings
- 1 deep cold storage for long-term holdings
Additional segmentation:
By use case:
- Trading wallet (exchanges, frequent transactions)
- DeFi wallet (interacting with protocols, higher risk)
- Long-term holding wallet (buy and forget)
By risk profile:
- Experimental DeFi wallet (new protocols, higher risk)
- Blue-chip DeFi wallet (established protocols like Aave, Uniswap)
- Cold storage (maximum security)
For more on cold storage strategies, see our guide on best Bitcoin cold storage solutions.
10. Review Smart Contract Permissions Regularly
The hidden risk: Every time you interact with a DeFi protocol, you grant it permission to access your tokens.
The problem: These permissions don’t expire. Even after you stop using a protocol, it can still access your wallet — indefinitely.
According to Chainalysis, $127 million was stolen in 2026 through compromised protocols that used legitimate token approvals to drain user wallets.
How to protect yourself:
Regular permission audits:
- Visit Revoke.cash or Etherscan’s token approval checker monthly
- Review all active permissions
- Revoke access for protocols you no longer use
Best practices when approving:
- Grant minimum permissions — if swapping 100 tokens, approve 100, not “unlimited”
- Revoke immediately after large one-time transactions
- Never grant unlimited approvals to unaudited protocols
Red flags:
- Protocols requesting wallet permissions before showing what they do
- Urgent prompts to approve (pressure tactics)
- Multiple approval requests in quick succession
Real case study: BadgerDAO hack (December 2021) stole $120 million by compromising the frontend and injecting malicious approval requests. Users who had granted unlimited approvals lost everything. Those who approved limited amounts limited their losses.
11. Plan for Inheritance & Recovery
The uncomfortable truth: According to Chainalysis, an estimated $3.7 billion in Bitcoin is lost forever because holders died without a recovery plan.
The challenge: You need to protect your crypto from theft while you’re alive, but ensure your heirs can access it if something happens to you.
Inheritance strategies:
1. Dead man’s switch:
- Services like Casa or Unchained Capital offer time-locked inheritance
- If you don’t check in periodically, access passes to designated heirs
2. Safety deposit box with instructions:
- Store seed phrase in a bank vault
- Include clear, detailed instructions on how to recover
- Update as wallet technology changes
3. Trusted attorney or executor:
- Provide sealed envelope with recovery information
- Include in your will with specific crypto instructions
- Ensure they understand the technology (or hire an expert)
4. Multisig with family members:
- 2-of-3 setup: you hold 2 keys, trusted family member holds 1
- They can’t access without your permission while you’re alive
- They can recover with 1 of your keys if something happens
What to document:
- List of all wallets and account types
- Location of seed phrases (not the phrases themselves)
- Exchange account information
- Instructions on how to access each
- Trusted contacts for crypto expertise
For a complete guide to crypto estate planning, see our crypto inheritance planning guide.
12. Test Your Recovery Process
The critical test: 67% of seed phrase failures happen during recovery attempts, according to Bitcoin Magazine research. Often, users discover their backup is incorrect or incomplete only when trying to recover — by then, it’s too late.
Recovery testing strategy:
Before storing significant funds:
- Send $20-50 to your new wallet
- Wipe/reset the device
- Recover using only your seed phrase backup
- Verify the funds are still accessible
- Only then transfer your main holdings
Periodic testing (every 6-12 months):
- Verify seed phrase backups are intact and readable
- Test one backup location per year (don’t test all simultaneously)
- Ensure you still have access to backup locations
- Verify your recovery instructions are current
For multisig wallets:
- Test that you can recover with the required number of keys
- Verify geographic access to all key locations
- Ensure trusted parties know how to use their keys
Common recovery failures to avoid:
- Illegible handwriting
- Incorrect word order
- Missing words (writing 11 words of a 12-word phrase)
- Confusion between similar-looking characters (O vs 0, I vs l)
- Not understanding the difference between seed phrases and passwords
Pro tip: Create a “test wallet” with $50 that you use specifically for practicing recovery. Reset it quarterly and restore from backup to maintain your recovery skills.
13. Stay Educated on Emerging Threats
The reality: Attack vectors evolve. What’s secure today may be vulnerable tomorrow.
According to SlowMist’s Hacked database, 2025 saw:
- 17 new types of phishing attacks
- 8 zero-day vulnerabilities in major wallets
- 142 rug pulls with novel smart contract exploits
How to stay current:
Follow security researchers:
- Jameson Lopp (@lopp)
- Andreas Antonopoulos (@aantonop)
- Taylor Monahan (@tayvano_)
- CertiK (@CertiK)
- PeckShield (@peckshield)
Subscribe to security bulletins:
- Ledger security advisories
- Trezor blog
- Chainalysis insights
- Rekt News (DeFi exploits)
Participate in security communities:
- r/CryptoCurrency security threads
- Bitcoin Security subreddit
- Ethereum security forums
- Telegram security channels
Regular security audits:
- Monthly: Review active permissions, check for suspicious transactions
- Quarterly: Test one backup, update software, review security practices
- Annually: Full security review, update hardware if needed
Red flags to watch for:
- Unusual wallet behavior
- Unexpected transaction requests
- New “urgent” upgrade prompts
- DMs offering help or asking about your holdings
For advanced security practices and emerging threats, explore our guides on on-chain analysis and filtering false signals — the same principles that help you identify trading opportunities also help you spot security threats.
Common Self Custody Mistakes to Avoid
Even experienced crypto holders make critical errors. Here are the most common mistakes and how to avoid them:
1. Storing Seed Phrases Digitally
The mistake: Saving your seed phrase in:
- Cloud storage (iCloud, Google Drive, Dropbox)
- Password managers
- Encrypted notes apps
- Email drafts
- Phone photos
The risk: Your cloud accounts can be hacked, your phone can be compromised, and encryption can be broken.
The fix: Physical-only storage. Paper, steel, or distributed using Shamir’s Secret Sharing.
2. Using Public WiFi for Crypto Transactions
The mistake: Checking portfolio, making trades, or accessing wallets on coffee shop WiFi.
The risk: Man-in-the-middle attacks, session hijacking, keyloggers on compromised networks.
The fix:
- Use cellular data or your home network only
- If you must use public WiFi, use a reputable VPN
- Never access exchange accounts on public WiFi
3. Falling for “Too Good to Be True” APYs
The mistake: Chasing 1,000%+ APY yields in newly launched DeFi protocols.
The data: According to our analysis of best DeFi protocols, sustainable yields rarely exceed 20-30% APY. Anything significantly higher is usually temporary (liquidity mining incentives) or a rug pull in progress.
The fix:
- Stick to established protocols with audits and TVL above $100M
- Understand where the yield comes from
- Never deploy more than 5% of holdings into high-yield experiments
4. Not Using a Passphrase (25th Word)
The advanced feature: Most hardware wallets support an optional passphrase — a custom word or phrase you add to your 24-word seed phrase.
The benefit: Even if someone steals your 24-word seed phrase, they can’t access your funds without the passphrase (which you memorize, never write down).
The risk: If you forget the passphrase, your funds are permanently lost. There’s no recovery.
When to use it: Holdings above $100,000, or if you travel internationally with crypto and are concerned about border searches.
5. Reusing Addresses
The privacy risk: Bitcoin and many cryptocurrencies have transparent blockchains. Reusing addresses creates a permanent public record of all your transactions tied to that address.
The surveillance reality: Chain analysis firms (Chainalysis, Elliptic) track address reuse to build profiles of users.
The fix: Generate a new receiving address for every transaction. Modern wallets do this automatically.
6. Ignoring Transaction Fees & Confirmation Times
The mistake: Setting transaction fees too low, causing delays or stuck transactions.
The reality: Per blockchain analysis from Glassnode, Bitcoin’s mempool frequently becomes congested during high-volatility periods. Low-fee transactions can remain unconfirmed for days or weeks.
The fix:
- Use dynamic fee estimation (most wallets do this automatically)
- For urgent transactions, use higher fee tiers
- For non-urgent transactions, batch multiple sends to save on fees
- Monitor mempool status before sending (mempool.space for Bitcoin)
For more on navigating Bitcoin transactions, see our guide on Bitcoin transaction fees explained.
Security Tools & Resources for 2026
Hardware Wallets (Recommended)
| Device | Price | Best For | Security Features |
|---|---|---|---|
| Ledger Nano X | $149 | Bluetooth convenience | Secure Element chip, 100+ assets |
| Trezor Model T | $219 | Touchscreen, Shamir backup | Open source, 1,000+ assets |
| Coldcard Mk4 | $147 | Bitcoin maximalists | Air-gapped, microSD transfers |
| BitBox02 | $149 | Privacy-focused users | Minimal attack surface, USB-C |
For detailed comparisons, see our hardware wallet comparison guide.
Seed Phrase Storage Solutions
| Solution | Cost | Protection | Best For |
|---|---|---|---|
| Cryptosteel Capsule | $79 | Fire, water, corrosion | Single-location backup |
| Billfodl | $99 | Fire (1400°C), flood | Affordable metal backup |
| Steely | $55 | Fire, water | Budget option |
| Shamir backup (Trezor) | Free | Distributed risk | Advanced users |
Portfolio & Transaction Tracking
- CoinTracker – Tax reporting and portfolio tracking ($59-$999/year)
- Koinly – International crypto tax software ($49-$279/year)
- Blockpit – European crypto tax compliance (€119-€899/year)
- Etherscan – Free blockchain explorer (Ethereum)
- Blockchain.com Explorer – Free blockchain explorer (Bitcoin)
For comprehensive portfolio management, explore our guide on best portfolio tracker apps.
Security & Privacy Tools
- Revoke.cash – Free token approval management
- Privacy.com – Virtual cards for exchange deposits
- ProtonVPN – Privacy-focused VPN ($4-10/month)
- YubiKey 5 – Hardware 2FA key ($45-55)
- Authy – Free 2FA app with encrypted cloud backup
On-Chain Analysis (For Advanced Users)
Understanding on-chain data isn’t just for trading — it’s a security superpower. Learn to spot suspicious activity and wallet behavior patterns:
- Glassnode – On-chain metrics and alerts ($29-$799/month)
- Nansen – Wallet tracking and smart money flows ($100-$1,500/month)
- Dune Analytics – Free blockchain queries and dashboards
For those interested in mastering on-chain security analysis, our on-chain analysis tutorial provides a comprehensive foundation.
Frequently Asked Questions
How much crypto should I keep in cold storage vs. hot wallets?
General rule: Keep 90-95% in cold storage (hardware wallet), 5-10% in hot wallets for active use. According to Glassnode’s wallet distribution data, sophisticated holders maintain even higher ratios — many keep 98%+ in cold storage.
The exact split depends on your activity level. Active DeFi users might keep 20% in hot wallets. Long-term holders might keep only 2% accessible.
What’s the safest way to pass crypto to heirs?
The consensus approach: Multisig wallet with time-lock inheritance. Services like Casa or Unchained Capital offer 2-of-3 multisig setups where your heirs hold one key, you hold two. If you don’t check in for a designated period (6-12 months), they can access the funds with their key plus one of yours from a secure location you’ve documented.
Alternatively, store detailed instructions with a trusted attorney, including seed phrase locations (not the phrases themselves) and recovery procedures. Include a letter explaining the technology and listing trusted crypto-literate contacts who can help.
Should I memorize my seed phrase instead of writing it down?
Short answer: No. The risk of forgetting or misremembering is too high.
Exception: The 25th word passphrase (if your hardware wallet supports it) should be memorized, not written down. This provides an extra layer of security even if someone steals your 24-word seed phrase.
But your primary 24-word seed phrase should always be written down and backed up in multiple secure locations.
How often should I move funds to a new wallet?
Standard practice: Only when necessary — if you suspect compromise, if switching hardware, or if implementing upgraded security (like multisig).
Reasoning: Every transaction creates an on-chain record and costs fees. Unless you have a specific security reason, moving funds unnecessarily reduces privacy and wastes money.
When you should move funds:
- Your device or seed phrase may have been compromised
- Upgrading from software wallet to hardware wallet
- Implementing multisig or other security upgrade
- Concerns about quantum computing (switching to quantum-resistant addresses in the future)
Is it safe to use a hardware wallet on a public computer?
Generally safe, with caveats. Hardware wallets are designed to protect your keys even on compromised computers — the private keys never leave the device.
Best practices:
- Only use for viewing balances or receiving (never signing transactions on public machines)
- For signing transactions, use your personal computer
- Verify addresses on the hardware wallet screen, not the computer display
- Be aware of shoulder-surfers
- Consider carrying a privacy screen
The paranoid approach: Use an air-gapped computer and transfer signed transactions via microSD card (Coldcard method). This is overkill for most users but provides maximum security.
What should I do if I suspect my wallet is compromised?
Immediate actions (in order):
- Don’t panic — rushed decisions lead to mistakes
- Stop using the wallet immediately — no new transactions
- Create a new wallet on a clean device with a new seed phrase
- Transfer all funds from the suspected wallet to the new one
- Revoke all smart contract permissions on the old wallet (Revoke.cash)
- Document what happened — when, how, what you noticed
- Report to relevant parties — exchange security teams, wallet