Once you’ve decided to get into crypto, keeping your assets safe is one of the most important things you can do. We’re going to walk you through all of the best ways to protect your crypto.

Seed Phrase

Some people refer to this as a recovery or backup phrase, but at Blockchain.com we refer to it as your Secret Private Key Recovery Phrase.

What is a Secret Private Key Recovery Phrase?

A string of 12 or 24 words that provides complete access to your Private Key Wallets.

What does it do?

If you ever forget your password or your device gets lost or damaged, you can still log in to your account using your Secret Private Key Recovery Phrase.

Why is the recovery phrase so important?

Anyone who has access to your recovery phrase will have unlimited access to funds in your Private Key Wallets and can restore access to those wallets via ANY Blockchain.com Wallet account.

How to manage your seed phrase

Make sure that your Secret Private Key Recovery Phrase is…well, secret.

Some people write this phrase down and keep it in a safe deposit box. Others engrave it onto wood or metal, and some people keep it in a dedicated password management tool.

However you choose to store it, never share this recovery phrase with anyone. Not even us.

If someone asks you to share your code, don’t. If someone is insistent that you screen share or share access to your recovery phrase, be very suspicious.

Private Keys are the tool to keep your crypto fully in your possession, but they are only as secure as your best security practices.

If you haven’t already backed up your funds with your Secret Private Key Recovery Phrase, you may want to do that right now.

Just open the Blockchain.com app, tap the Person Icon in the upper left corner, scroll down to Security and tap Backup Phrase. From there, just follow the steps in the app.

Two-Factor Authentication (2FA)

Two minutes.

Securing your account using Two Factor Authentication (2FA) can be done that fast.

You should consider enabling 2FA on all your apps and digital accounts.

What is 2FA?

2FA is an extra layer of security that helps ensure that you’re the only one who can access your account. Even if a hacker gets your password, they won’t be able to get into the account without the one-time passcode.

The “two-factor” part of 2FA combines something you know, a knowledge factor, with something you have, a possession factor. This could be a password plus an authenticator app, or a PIN and a hardware security key.

Having multiple security layers strengthens your account, and this process is easy to do.

How to enable 2FA on Blockchain.com

On desktop:

On the app:

Common Scams

Now let’s talk about some of the most common crypto scams–junk coins, fake investments and romance scams.

Junk coins

One of the most pervasive crypto scams is junk coins. Scammers will lure crypto hopefuls into buying a little-known but “soon-to-moon” coin with a limited supply but the promise of huge benefits.

This can be deceiving, because there’s actually a real coin that you can buy. The trouble is, anyone can create a new coin and this one was only minted by the scammers to drive up the price before they liquidate the coin and transfer out all of the funds.

This is called a rug pull, and there’s no way to get your money back from it. The solution? Only buy products you have thoroughly researched, and only buy what you can afford.

Fake investments

Another common scam takes place when a fraudster reaches out about a special opportunity, such as a business or real estate opportunity, but they’ll only accept crypto as payment.

Like before, the scammers will promise all sorts of enticing benefits, but the reality is that it is just your crypto going to a criminal’s wallet.

The simplest way to deal with this is to understand that no one except a criminal is going to randomly contact you about your holdings. Blockchain.com and its employees will never ask you for funds.

Romance and blackmail scams

Nothing gets us more emotionally involved than love, but threats of a ruined identity and humiliation take a close second. These two scams are very similar, and here’s how they work:

A scammer reaches out to you, usually through social media or email, and they’ll either prompt a romantic relationship or claim that they have some kind of dirt on you.

In the romance scam, criminals will try to build trust with you, and then ask you to send them crypto for one reason or another.

With blackmail, scammers will threaten to release compromising information about you to the world, unless you pay them a certain amount in crypto by a certain time.

Both of these are just more ways that thieves are trying to steal crypto — don’t fall for it.

Phishing

Phishing is when scammers attempt to convince you to share your personal information, giving them access to your accounts. Phishing is so prevalent it gets its own section in this guide.

Some of the typical phishing attempts will be obvious, with misspelled words, bad grammar and a strange way of writing.

“Hi dear , you are to resset your password IMMEDIATELY…”

We’ve all seen those emails and just deleted them, but scammers are getting more sophisticated all the time, so it’s important to stay ahead.

What is phishing?

There are many forms of phishing, and we’ll go over some below, but phishing is all about a criminal getting you to give them access.

Whether that’s through login credentials, or by downloading a virus, phishing attacks are trying to get your private information.

If you receive an email, direct message or text that wasn’t prompted by you and is asking for sensitive information, be wary. There’s a few ways to spot a phishing scam:

Verify the sender

Scammers will try to replicate trusted email addresses or social media profiles, so always verify that the email address or account name matches the source.

Below are our official handles–make sure you’re interacting with these verified accounts.

Verify links

On a computer, if you hover the mouse over a link, the real link address will show up. On mobile, you can tap and hold until a dialog box shows up, which will show you the destination of the link.

Here, try it out–hover your mouse or tap and hold this link: neverclickonstrangelinks.ever

See? It’s just Blockchain.com— nothing to fear.

Scammers will try to get you to go to a page where they may have re-created a website that looks real to get you to enter your login details or download malware to your device.

Unexpected attachments

Attachments, especially in emails from first-time or unknown senders, are a major red flag for a phishing attack.

It’s also possible to send attachments through most social media messaging platforms and text messages now, so always be alert.

Ask for help

We’ll only email you from our official addresses, never from a public domain account (like a Gmail or Yahoo address).

If you ever receive a suspicious message from someone claiming to be from Blockchain.com, reach out to us in the Support Center and we’ll be happy to help.

Crypto Security Recap

Let’s review everything you’ve learned in this guide:

Secure your crypto

We hope you feel empowered to use crypto safely. This guide isn’t an exhaustive list of security measures you could take to keep your crypto safe, but it’s a great place to start.