๐ก๏ธ How NOT to be scammed: cold wallets and secure protocols (2026)
๐ข Google AdSense ยท Security hardware
This guide contains zero trading advice, zero price predictions, and zero "get rich quick" content. It only covers the technical security of self-custody cryptocurrency. If you hold any amount of crypto that you cannot afford to lose, read this entire guide.
โ ๏ธ The most common way people lose crypto is NOT hacking โ it's social engineering and user error. No hardware wallet can protect you if you approve a malicious transaction or share your seed phrase.
Hardware Wallet Setup (Step by Step)
- Buy direct from manufacturer: Trezor (trezor.io), Ledger (ledger.com), or Jade (blockstream.com/jade). Never buy from eBay, Amazon third-party sellers, or Facebook Marketplace.
- Verify tamper-evident seals: All reputable hardware wallets come with security seals. Check that they're intact.
- Initialize offline: When setting up, disconnect your computer from the internet. Generate the seed phrase on the device's screen โ never on your computer.
- Write seed phrase on metal: Paper burns and gets wet. Use a steel seed backup (Cryptotag, Billfodl, or DIY with metal washers). Store in two geographically separate locations.
- Never photograph your seed: Not with your phone, not with a camera. Any digital copy can be stolen by malware.
- Add a passphrase (25th word): This creates a hidden wallet. Even if someone finds your 24-word seed, they cannot access funds without the passphrase. Store the passphrase separately from the seed.
- Test recovery: Before sending significant funds, wipe the device and restore from your seed + passphrase. This confirms you wrote everything correctly.
Common Scams and How to Avoid Them
- Fake wallet extensions: Search for "MetaMask" or "Phantom" in Chrome Web Store โ many fake ones appear first. Always use the official URL and verify developer.
- Transaction approval scams: A malicious website asks you to "verify wallet" or "claim airdrop." When you approve, it drains your wallet. Never approve a transaction you didn't initiate yourself. Always check the contract address on Etherscan or Solscan before signing.
- Fake hardware wallet support: Scammers call pretending to be Ledger/Trezor support. They will never call you. Ignore all unsolicited calls.
- Seed phrase phishing emails: Emails claiming "your wallet is compromised โ click here to verify seed." Legitimate companies never ask for your seed phrase.
- SIM swapping: Attackers convince your phone carrier to transfer your number. They then reset your exchange passwords. Use Google Voice or a dedicated crypto phone number not linked to your identity.
๐ก The golden rule: Your seed phrase is the key to your money. Never type it into any website, app, or computer. Never. Not even to "verify" or "recover" or "sync."
Multisig: The Only Way for Large Amounts
Multisignature (multisig) requires multiple private keys to authorize a transaction. For example, a 2-of-3 multisig needs 2 out of 3 keys. Setup:
- Use different hardware wallet brands (e.g., Trezor + Ledger + Jade)
- Store keys in different physical locations
- Consider using Specter Desktop or Electrum for multisig configuration
- Test with small amounts first
Transaction Verification Protocol
Before sending any transaction:
- Double-check the recipient address on your hardware wallet screen (not your computer screen)
- Send a small test transaction first (e.g., $5 worth)
- Verify the amount is correct
- Check the fee is reasonable
- For smart contract interactions: verify the contract address on the official project's documentation
๐ข Google AdSense ยท Hardware wallets
โ Back to all guides