Self custody crypto the right way.

When you do have a private key that you want to keep, you should get a metal wallet to protect it. Stainless steel vs paper isn't a competition.

2FA Stands for "Two Factor Authentication" also known as "Multi-Factor Authentication" It's a security feature that includes an additional step with your password to gain access to an account.

The common and worst way is using text messages or SMS. This method is open to attacks that you can prevent and best to not use it in the first place. Instead buy a second phone, preferably an android. Use this phone to install your 2FA apps and set up the account to it. Now install those same apps on your main phone and copy the codes between them so you have multiple copies.

The more spare phones you have the better.

Ebay for spare Android phones

Another form of MFA is using a security token like a Yubikey, this device will act as a digital key for MFA which can prevent anyone else from getting into the account who doesn't have the physical key.

Yubikey:

2FA apps:

Authy

Duo

Android:

Google Authentication

Last Pass Authentication

Microsoft Authentication

Aegis Authentication - android only

iOS

Google Auth iOS

Last Pass Auth iOS

Microsoft Auth iOS

Step Two - ios only

When picking an exchange, you want to have at least three you have accounts on. These exchanges are the exchanges where you link your payment details so that you have multiple on/off ramps into crypto as you desire.

This is important to do before you start buying so that you have the flexibility with your assets in a timely manner.

Below are exchanges that hold a high reputation in the crypto community of general competence in providing crypto exchange services. That being the case, there are still possibilities of any exchange going down and being unusable for an undefined amount of time.

There will be new exchanges that appear alongside regulations that eventually will come to crypto exchanges so you want to ensure your crypto is always withdrawn.

There is a saying, Not your keys, not your Bitcoin. It means, if you didn’t make the account, you don’t own the assets because you can’t confirm that you are the only one with access to accounts.

When you use an exchange, they are making a new public address and private key pair for you, they however keep total control of the private key. They have an interface you log into and are able to withdraw and add more, that's it. There is no security in leaving your crypto on an exchange. Always withdraw after you make a purchase.

Withdraw your crypto to your own wallet, that is true self-custody.

A whitelist on an exchange is made up of addresses you add to it. Doing that ensures only those addresses can be used for withdrawals.

Most exchanges have a form of whitelist and it's recommended that you enable them and add addresses of crypto you're interested in holding.

Using this feature will add an additional layer of security for any crypto that hasn’t been withdrawn yet. If a hacker manages to gain entry into your account, the whitelist makes it harder for them to immediately withdraw to their address.

Before you pick an exchange, lets find a password manager for you. Using a password manager can reduce your security risks when it comes to your passwords not being strong enough or simply being able to track all of them.

Here are some password managers you want to consider for your option in password management.

• Keepass - free

• Bitwarden - paid

• 1password paid

• Nordpass - paid

• Dashlane paid

Exchanges are not the only things you can use a password manager for, you can use it for website passwords you want to keep.

Hacking in crypto currency revolves around getting access to exchange accounts you own and liquidating them into the hackers account.

Hackers have various ways to attack your devices that involve but not limited to, copying files, screen monitoring, keylogging where they record each keystroke you make at a keyboard.

There isn't a permanent solution for hackers attacks, but if you back up your private key in a metal wallet and use a hard wallet when doing crypto activities, Hackers will have a slim chance of attacking your crypto directly.

Sure your laptop can be infected and possibly must be completely erased to undo the damage a hacker has done, but with your private key only existing inside a hard wallet you are safe from their reach.

Hackers' best way to target someone who's private key is protected by a hard wallet is tricking the person into signing a malicious smart contract.

When using defi which are smart contracts, you have to trust that they wrote the contract correctly as well as are not trying to rob you.

Contracts that you sign can add in token allowances. Token allowance is a clause in a smart contract that gives the contract itself the right to withdraw x amount of one or multiple tokens that are in that address.

This is used in a dirty scam where a user will try out a new Defi smart contract then hours later see all their funds sent out of their wallet. What's even more nefarious is that a hardware wallet won't protect you from this because you did sign the transaction interacting with the smart contract.

The good news is there is a way to fight back, First check your accounts to see if there are token allowances you may have active. The token allowance can activate at any time so act fast.

Next, make an account on your hardware wallet. This can be done with Metamask and that new account is what you will use only with defi. This way you don't put your NFTs and other tokens you are holding at risk of a contract being bad.

Use multiple Ethereum addresses separately. One Address for holding Ethereum, a second address that signs your defi transactions, a third address to hold your NFTs and a fourth address for buying NFTs.

You will have to send Ethereum to each address to perform those tasks and when you buy an NFT send it to your NFT holding address.

“A strange game. The only winning move is not to play.”

-WarGames

Defi stands for Decentralized Finance, essentially any financial product that a bank or investment firm can do, a smart contract on blockchain can do too.

It has some good ideas in applying cryptocurrency technology with smart contracts to run trustless contracts between two parties.

Many defi products have bugs where hundreds of millions of dollars are lost from a single exploit. This is attributed to a combination of inventiveness and a willingness to be first to market. That only complicates defi as some projects are running a scam themselves on top of writing buggy smart contracts.

NFT’s are Non fungible tokens. When you buy Pokémon cards those are non-fungible tokens that can't be used to buy food, but if you have someone who wants it and will pay you a price you agree to, then you can sell them. This has been digitized to run on blockchain technology.

The NFT can have a picture, video, or music attached to them along with metadata. Different blockchains create NFT’s differently, On Ethereum you need a smart contract which has its own issues in itself. On Cardano you don’t need a smart contract so there are less security risks minting NFTs on Cardano than Ethereum just by the merit of not using a smart contract to mint.

Congratulations, that is the end of the course in its current version. Take your time going through it and read articles in the links in each section.

You've reached the end of the course, at this point you have gone through each module, ordered your metal wallet and hard wallet, set up your exchange with 2FA and whitelists and have in mind what scammers sound like.

You are more secure with your crypto than when you started and its knowledge kept in your library that will be updated as new trends in crypto arrive.