How to Secure Your Accounts on Crypto Exchanges? The Guide

Secure Your Accounts: After the recent crash of one of the biggest cryptocurrency exchanges, FTX, investors are concerned about the safety of digital assets.

In the case of FTX, investors lost their money due to the mismanagement of funds by the company promoters (SBF and team). In addition to the commingling of funds by exchanges, investors have repeatedly lost funds due to hacks.

While you can’t do much if the crypto exchange is hacked on a broad level, but you can secure your account on the exchange, which will protect your funds from specific (or individual) hacks and maybe from company-wide hacking attacks.

Here are some steps that you should follow:

1. Check for Proof of Reserves (PoR) 

Given FTX’s mishandling of clients’ funds, it’s evident that transparency is essential for protecting your digital assets. A Merkle tree proof of reserves (PoR) certificate is the best option for crypto exchanges to demonstrate that they are qualified custodians.

Check for the exchange’s POR ahead of time to ensure that customers’ balances are completely stored in the exchange and can be withdrawn at any moment.

2. Use a strong password

This is the least you can do. A weak password is very much like giving away your funds to hackers. You can’t be careless about this.

Use a long, random, and unique password for your exchange account. Do not reuse a previously used password or use the new (exchange account’s) password anywhere else. If you’re anxious about forgetting the password, write it down and keep it somewhere safe.

You can also use a password manager, such as LastPass, 1Password, or Dashlane, to generate and store unique passwords for all of your online accounts. Keep in mind, though, that you will need to remember the password for the password manager. Remember or write down the Password Manager’s password and keep it in a secure place.

Critical: It is imperative that you never reveal your password to anyone. Any employee of an exchange will never ask for your password.

3. Use 2-Step Verification

2-Step Verification adds another layer of protection between your account and hackers attempting to steal usernames and passwords. The single most critical action you can take to safeguard your account is to enable 2-Step Verification.

With this, users need to sign in to their accounts in two steps, using something they know (their password) and something they have (their phone or a Security Key).

Security keys are the most secure type of 2-Step Verification and offer protection from phishing attacks. Security keys are classified into two types:
A hardware security key (or a Titan Security Key)
Your phone’s built-in security key

When a user signs into their account, their device detects that the account has a security key. The user signs in with their security key for the second verification step. Depending on the type of key, users can connect their security key to their device by USB, Bluetooth, or NFC (Near Field Communication).

If you aren’t ready to invest in a security key or just do not want to use one, the next best choice is to use Time-based One Time Password (TOTP) using a mobile authenticator application like Google Authenticator. By using TOTP, you significantly reduce the likelihood of your account being compromised.

4. Protect your email.

Exchanges use your email address to confirm new devices, provide you crucial account alerts, and interact with you if you require assistance. You must ensure that it is secure!

To begin, go to to see if your email address has ever been compromised as a result of a third-party data breach. If this is the case, you need to change the password for that email account. You should also enable two-factor authentication for your personal email account.

Apart from this, check your email account for any strange rules, filters, or forwarding addresses. Examine the account for unauthorised recovery emails or phone numbers, as well as unauthorised devices.

5. Secure your phone

Keyloggers, remote access trojans (RATs), and cookie-stealing malware can all be used to steal your sign-in credentials and gain unauthorised access to your accounts. You need to make sure that your devices are secure from these types of threats.

  • Update your device with the latest operating system and security fixes.
  • Update your web browser and other softwares. Use anti-virus software and scan your device on a regular basis.
  • Uninstall any suspicious or unwanted applications from your device, particularly tools that allow remote access.
  • Install an ad blocker in your browser, such as uBlock Origin, to help protect yourself from malicious ads.
  • Use secure web browsing practices and avoid clicking on suspicious links or downloading sketchy apps.
  • Installing and using browser plug-ins or add-ons created by unknown third parties is not recommended.

A SIM-swap or phone port attack poses a risk to any account that uses SMS-based 2-step verification, as well as any account that may be retrieved using phone-based authentication.

To protect yourself from such attacks, contact your mobile service provider and request a port freeze and SIM lock. In order to port or transfer your phone number to a new device, ask them to issue an account note requiring you to be in-store with a valid photo ID.

Also Read: Metaverse Devices: Best Gears To Enter the Fictional Universe