A Practical Security Guide for Using a Crypto Exchange

cryptoexchange guide

Do you know how secure your coins are when stored on an exchange? The answer is likely no. Usually, both the user and the exchange leave open security breaches that can be exploited by malicious hackers and the list of hacked exchanges is very long – in 2018 alone, more than $1.1 billion was stolen and 54% of exchanges still have various security threats.

In addition to this, the amount of money stolen from hacked accounts via cryptojacking (mining crypto on victims’ computers) from people who didn’t take any security measures is equal to $200 million.


So it is crucial to pay attention to your own security and to the security of the exchange you’re planning to use. In this article, we’ll cover some of the possible dangers of the cryptomarket and how to avoid them to keep your money safe. Let’s dig in.

Thanks to agency.howtotoken.com for support in creating this topic (First platform with proven ICO contractors)


Passwords are one of the most essential things to look after. If you have a weak password, you’re basically leaving your front door open without a lock. Do you have the same password for various accounts? If not, and your password doesn’t look like “123456,” “qwerty,” “starwars,” or “password” then you’re better secured than most people.

People love to use simple passwords and more than 10% of users use one of the mentioned above or equally weak passwords, containing an easy phrase, their favourite movie, their date of birth or a generic sequence of numbers. It doesn’t help to replace the letter “O” with “0,” as these shenanigans are taken into account by hackers and don’t improve your security.

security guide

Also, 59% of people reuse a password on multiple sites and they try to use it as long as possible. That means if a password gets compromised on any site, hackers get access to the many other accounts of the careless user, thus compounding the problem.

Many crypto exchanges don’t enforce the creation of a strong password. So it’s important to remember it on your own. Your security is up to you.

What are the best practices when creating and managing your passwords?

  • Make a very long and random passphrase, containing uppercase and lowercase characters, numbers, and some meaningless words.
  • Avoid using common phrases, such as the examples we’ve already introduced.
  • The longer the phrase is, the better. The average length for a secure password is 16 characters.
  • Update your passwords from time to time, every 90-180 days.
  • Never reuse passwords.
  • Don’t store it on your devices in plaintext, unencrypted. Use a password manager. We’ll get to that later.


2-factor authentication is a way to improve your security by adding a second authorization in addition to the password. This authorization requires something that only you can have: a mobile phone, another account, or a fingerprint. You enter your username and password, and then you are prompted to confirm your identity again with the additional method you choose previously. The list of authentication methods include:

  • SMS is the easiest way to confirm your identity. One of the most popular exchanges, Binance, offers this method as the default one. It’s better than nothing, but it’s still risky, because someone can hijack your SIM card and authorize themselves, bypassing the 2FA.
  • Special smartphone apps such as Google Authenticator, available only on mobile phones, or Authy, available both on phones and as a browser extension. Using this type of 2FA, you should launch your installed app and get a special code that changes every five seconds, giving your account good protection. If you lose your phone, it may get complicated in the case of Google Authenticator, as it would be almost impossible to restore access, so don’t lose it. With Authy, it’s easier to recover it, but Google has the trust of an established company.

The majority of secure exchanges offer these two methods of security and it’s better to use the second one, the application-based method. Among the exchanges that support it, we can once again mention Binance as well as EXMO. Always keep the 2FA on, because hackers want your money badly and 2FA prevents them from gaining access to your funds.


Encryption means encoding your data a key that only you and your receiving party have, meaning that someone can intercept it but would be unable to read the encrypted info. You can encrypt it only to yourself, without a receiving party.

What data must be kept safe when we talk about exchanges? Of course, again, it’s your password. Do you know that your password can be stolen via cookies by a third-party when you connect to an exchange? It’s called session hijacking. To prevent this:

  • Don’t save your passwords in your browser.
  • Use a password manager, like 1password, that keeps your passwords in an encrypted state and doesn’t require you typing them in each time you want to log in. No typing = no storing cooking = no hijacking.

It’s worth mentioning that some exchanges, such as EXMO, send a warning to the account’s owner if someone tries to log in using stolen cookies.

Browser security

The browser is the most common portal used to access the Internet. There are many browsers and any user can choose the browser he\she likes, but regardless of the browser, there are some security tips that should be useful if you want to keep your crypto safe.

  • Clean up after surfing or use incognito mode that doesn’t store any info or cookies.
  • Don’t save any credentials in the browser. We have already covered this in the “Encryption” section.
  • Turn off autofill.
  • Don’t login anywhere from public devices. They can have keyloggers installed. If you really need to do it, always use incognito mode if you log in to your exchange account.
  • Check for the green padlock in the address bar of the browser. Hackers love to book similar domains of popular exchanges, so you won’t notice the difference until it’s too late. But the certificate with the green padlock can be found only on the verified page. Bookmark it and always check where you’re logging in.

crypto exchange

E-mail security

The first gate to hacking your exchange account is your email account. You may already be familiar with some of these tips, but there are certainly some new ones listed below.

  • Have a strong password. Don’t reuse it. Change it from time to time. Password hygiene is the same for every account.
  • Use 2FA if possible. Yes, you can use it on your email accounts too! Gmail, Yahoo, Outlook, Protonmail, all of them support 2FA.
  • Never open the links in phishing mails. Such mail can contain a link, similar to the address of your exchange, saying that you won some prize and can receive it by logging in, and when you do it, it steals your login and password. Just don’t fall for this trap.
  • Always scan every email attachment. It may contain a keylogger, a virus, or some other type of malicious malware that will lie dormant in your system, trying to steal some of your valuable information, including that which is crypto-related.


The most important type of software that we haven’t covered yet is the antivirus. These programs are designed to detect any malicious activity on your computer and contain viruses when they try to do something bad to your system. The tip here is simple: always have an antivirus turned on. There are a lot of free antivirus software out there for you and we’ve found some links to some of the best ones:

  • Kaspersky Free Antivirus – Not many people know that Kaspersky has a free edition. But here it is. A simple but strong software, however, it requires a lot of resources from your computer.
  • Bitdefender Antivirus Free Edition – You can get it here. The is another good antivirus software. It offers fewer options than Kaspersky (no scan schedule), but it’s a good option for a cheap or middle PC, as it doesn’t require that many resources.
  • Avast Free Antivirus – Aside from protecting you from viruses, it also has a password manager (remember what we talked about earlier?) and a secure browser. You can get the complete package here.

Credible exchanges

Of course, this talk about exchange-related security wouldn’t be complete without some examples of well-established exchanges. We’ll mention only three of them; those that have never been compromised and are focused on security.

crypto security

The preferred option for newcomers is Coinbase. It’s popular all over the world with 50,000 users signing up every day. It has its own Custody service and is considered the best exchange for institutional investors. Sadly, it’s not available in some countries. Also, it supports only seven cryptocurrencies. It has never been hacked.

The most popular one among traders is Binance. Binance aims to be a very diverse exchange for everyone. It has branches in Uganda, Singapore, and has support for 14 languages. It offers a wide array of coins and tokens available for trading – more than 100 cryptocurrencies. It supports 2FA and is considered secure, as it, too, has never been hacked.

The exchange that values security the most, however, is EXMO. Being the oldest exchange among these three, EXMO was founded in 2013 and since then there has never been a successful attack with a loss of funds. It’s user-friendly and it has more than 1.5 million users. EXMO is highly security-oriented. It allows to use 2FA (both SMS and application-based) and it allows users to restrict the authorization from any IP address except for a trusted one. After logging in, they send you an email containing an IP address from where an entry was made. Also, they have multi-level protection against hacking. Most of the exchange’s funds are stored in cold wallets and can’t be accessed by hackers in case of a successful attack. Keeping its security intact since 2013 is a long time for an exchange (especially in crypto!).


Okay, that was a lot of information and it may be hard to remember it all at once, so let’s summarize it again, and make a short, but nevertheless important list of the necessary security measures that will keep you safe when you trade on the exchanges.

  • Have a strong, long password or a passphrase that contains uppercase and lowercase letters and numbers.
  • Don’t store your passwords on your devices; use special encryption programs instead.
  • Always use 2FA. Application-based 2FA is better than using SMS authentication.
  • Use incognito mode in browsers, clean up your history, don’t use autofill.
  • Don’t open phishing links and suspicious email attachments.
  • Never access your exchange from public places.
  • Use an antivirus.
  • Use a secure exchange such as Coinbase, Binance, or EXMO.


We hope that these tips will help keep you out of any trouble. Don’t ever forget that your security means the security of your hard-earned money. It would be great to keep your money safe and multiply it, right? So follow the advice from this guide and stay safe.

All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice.