Module 2 : Security
Wallets & Capital Protection
"Not your keys, not your coins." Learn how to store your crypto safely, avoid common scams, and set up your exchange accounts with maximum security.
Hot Wallets vs. Cold Wallets
In the crypto world, a wallet is where you store your digital assets. Choosing the right wallet is the most critical step in protecting your capital.
Hot Wallets (Connected to the Internet)
These are software wallets like MetaMask, Trust Wallet, or exchange wallets (Binance/Bybit). Because they are always connected to the internet, they are highly convenient for daily trading but are more vulnerable to hacks and phishing attacks.
Cold Wallets (Offline Storage)
These are physical hardware devices like a Ledger or Trezor. They store your private keys completely offline. To move funds, you must physically press buttons on the device. This makes them immune to online hacking, making them the ultimate choice for storing long-term, large investments.
The Golden Rule: Never store your life savings on a centralized exchange. If the exchange goes bankrupt (like FTX), your funds are gone. Use Hot Wallets for trading, and Cold Wallets for holding.
Securing Your Exchange Account
If you are actively trading on platforms like Binance or Bybit, you must treat your account like a bank vault. Follow these non-negotiable security steps:
- Enable 2FA (Two-Factor Authentication): Always use an app like Google Authenticator or Authy. Avoid SMS 2FA, as it is vulnerable to SIM-swap attacks.
- Anti-Phishing Code: Set up a unique anti-phishing code in your exchange settings. This code will appear in all genuine emails from the exchange, proving they aren't from scammers.
- Whitelist Withdrawal Addresses: Lock your account so it can only withdraw funds to specific, pre-approved wallet addresses that you own.
Identifying Scams & Phishing
The crypto space is filled with malicious actors trying to steal your funds. Be extremely vigilant against these common tactics:
- Never Share Your Seed Phrase: Your 12 or 24-word seed phrase is the master key to your wallet. No legitimate support agent, admin, or website will ever ask for it. If you give it away, your funds will be drained instantly.
- Fake Support Accounts: Scammers often create fake "Customer Support" accounts on Telegram or Twitter. They will DM you offering help and ask you to click a link or share details. Always remember: Admins will never DM you first.
- Malicious Smart Contracts: Be careful what you connect your MetaMask/Web3 wallet to. Approving a malicious contract on a fake website gives the hacker permission to drain all your tokens.
