Today, buying and holding crypto in a wallet is not such a mystery as it was a few years ago. There are many wallet options out there – some are friendlier and easier to navigate, some are more suited to advanced users.
Despite this evident growth and innovation, crypto news abounds with scams, hacks, exchange failures, and rug pulls that lead to substantial losses for crypto holders.
So, if you are new to the space, or if you’ve already suffered a loss and want to be safer in the future, you may wonder – how do you find a secure way to hold your crypto? There are three important things to consider when evaluating a crypto wallet.
1: Is it a non-custodial wallet?
The biggest differentiator of wallets in crypto is whether they have custody of your tokens. In other words, do they actually hold and manage all your tokens for you, like a bank does with your fiat money? Because if they do, that means they can lose it in bad investments, run away with it, or never give it back to you if they go broke.
Centralized exchanges like Binance and Coinbase, and mainstream financial services like Venmo or PayPal, are custodial. With them, your assets are not really yours, but only by the good grace of these companies, which could change if they get into trouble.
This is not to imply that all these companies will fail. Some of them are insured by the government in case of failure, to a limited degree. However, as we’ve seen, bank and exchange failures can happen suddenly, and how the government will act in each of those cases is unknown.
Non-custodial wallets, like MEW, allow you to generate wallet keys that only you will have, giving you complete and full control over your crypto. The main challenge with self-custody is that you need to be solely responsible for your recovery phrase and nobody can help you if you lose it (more on this later).
2: Is it a client-side wallet?
This term may seem more technical, but all it means is whether your secret wallet information is generated and kept on your device. If the wallet is client-side, the information is created on your phone or computer (or hardware wallet device), and stays with you. It’s never sent to a server, so it’s never accessible to the wallet company at all.
If the wallet is not client-side, then it’s centralized and your wallet data is saved on a server, which can potentially be hacked or used by the wallet company. This way, your wallet access is not secret and not exclusive to you. If something goes wrong with the server or the company, your wallet could be drained.
3: Is it an open source wallet?
Open source wallets have their code openly available on sites like Github, where anyone can review it, and report any bugs or concerns to the developers. Users who write or read code can verify for themselves that the wallet is not doing anything fishy with their tokens.
What if you don’t understand code? What good is it to you if a wallet is open source? The transparency that comes with being open source keeps teams accountable to the community. You may not be able to review the code personally, but the fact that others can (and do!) means that the company can’t get away with stealing users’ assets and can’t make code changes undetected.
How to find a wallet with these features?
At MEW, user privacy and security have always been top priorities. Both the MEW wallet app and the Enkrypt browser extension check all the boxes on wallet security, so you’ll be well set with either option.
Now that you are armed with the terms and what they mean, you can also look up other wallets that have these features and see what works for you. Do some research about which wallets are popular in the community.
Always make sure you are downloading the official wallet and not a fake app or extension! Check reviews, check the team information and update history, get the download link from the official webpage, and only interact with official support. People sending you direct messages on services like Telegram and Whatsapp are scammers.
If you have a large amount of crypto or intend to hold your crypto for a long time, hardware wallets are still the highest standard of security. You can use a hardware wallet like Ledger or Trezor with MEW web for an easy and secure way to manage your assets.
Hardware wallets are not usually open source, so they require some level of trust in the company. Only buy hardware wallets directly from the manufacturer, and consider how long they’ve been in the space and whether long-time crypto users recommend them.
What else can you do to protect your crypto?
Even when you choose a wallet built by a highly professional, reputable company that is fully committed to users’ privacy and security, the main wallet security factor is YOU.
Non-custodial, decentralized wallets don’t actually get ‘hacked’ – not in the sense of an attacker typing some code to remotely break into your wallet. The cryptographic protections on crypto wallets are very high, and wallet keys are more complex than your average email password. Hacking them by brute force would take tremendous amounts of time and computer power, so the best way for attackers to get the crypto is by finding the wallet keys or scamming the user.
Therefore, the most important tip for keeping a wallet secure is to follow best security practices and always keep learning. This is absolutely in your power.
- Don’t store your recovery phrase on your computer or any cloud service. Have it written down physically on paper or on a special phrase storage device, kept in a secure location known only to you.
- Never give or show your phrase to anyone for any reason. Customer support will never ask for it. If someone is pretending to help you and wants to see your phrase, they are a scammer.
- Don’t enter your phrase on websites. Don’t click on links sent to you by people you don’t know. Don’t send crypto to unfamiliar people or addresses, especially if they promise you a big return on investment.
- Keep your wallet up to date with security updates and stay on top of news concerning the assets you are holding.
- For much more info, see our article: Pro Tips on Avoiding Phishing and Scams.