All related to simple common sense and operational security, none concerning anything gray or illegal here.
In short, here are the basics of what not to do for good opsec in crypto.
Good OPSEC fail #1: Buying hardware wallets second-hand
This is a scam that surprisingly many crypto beginners fall for. Instead of buying a crypto wallet from the official e-shop like
shop.ledger.com, they go to a marketplace like Amazon or eBay and buy it from a random person for a little less.
These cheaper wallets usually have been tampered with.
Once you set up a wallet and send coins in, they will be transferred to a different owner.
How to do it right:
- Buy hardware wallets from official stores, or authorized retailers:
- Always check packaging of your wallet. There will be a safety seal that should be immaculate.
Good OPSEC fail #2: Backing up private keys electronically
Never store your seed or wallet backup files in Dropbox or any other cloud storage.
Your seed should be written on paper and stored safely.
There are kinds of data that should never be stored digitally.
Good OPSEC fail #3: Never updating your wallets
A typical problem of long-term holders is they will chuck their crypto on a Ledger Nano S and forget it. Then, two years later, they cannot access it.
Just go the Ledger wallet forum on Reddit on any day. There will be someone freaking out.
How to do it right:
- Subscribe to your wallet’s forum. For the Ledger wallet it’s at
r/ledgerwallet- this is the official subreddit, the Ledger CTO posts there. Check it out bi-weekly to see if an update was rolled out.
- Set some time every month to plug in your hadware wallet, log into the wallet app and just see if all works and if you can update something.
- Get multiple wallets and try to send random small transactions between them every couple of months, to see if that works too.
Good OPSEC fail #4: Never trying to recover your wallets
This can be a problem for the early adopters of any cryptocurrency. Be it BTC, ETH, XMR - all those had major changes in the codebase at some point. If you rely on being able to just type in a seed into the latest wallet and recover your account, you might be in for a not so nice surprise.
Don’t just buy and forget. Try to recover your funds every couple of months.
Good OPSEC fail #5: Keeping money on exchanges without trading or lending