NEWBIES - READ BEFORE USING EXCHANGES OR INVESTING
People say:
"Not your keys, not your bitcoin"
"Not your keys, not your crypto"This is true not only for bitcoin, but also right for altcoins.
From that, I will give you some points, that will play vital roles to keep you safe in crypto.
[1] Don't store your coins on exchanges for too long. It is the most stupid mistake
[2] Don't use wallets that you don't have full control of wallet's private keys.
[3] Do your own research on your interest coins, to find out about their wallets, and choose best ones in case you buy them and withdraw coins from exchanges
[4] Read tutorials on how to verify wallet (if possible), backup seeds, private keys, wallet backup; and steps to recover wallets
[5] Testing seeds, private keys, wallet backup first, and only deposit money in those wallets when testing results are good
[6] Don't use masternode / shared masternode hosting services
[7] Don't store your coins on mixing service platforms for too long. Withdraw them immediately after mixing process finished
[8] Check KYC requirements on exchanges that you have plans to buy coins on their platforms
[9] Pay your attention on very early signals of scam exchanges
[1]
Don't store your coins on exchanges for too long. It is the most stupid mistakeRisks of hacks, exchange scam exits. Big exchanges can be hacked, big exchanges can do scam exits. Take care of your coins is better.
At least, if I do research on exchange reputation and its current situation (deposits, especially withdrawals); then I have likely been safe in very short term. You are right that exchanges can turn into scam or can be hacked within seconds, no one knows.
Investigate first, have detailed plans to withdraw after buying coins on exchanges (preparation on wallets on your devices), and set up plans to withdraw, 5 minutes or longer.
BTW, I want to add one more point:
- After buying, it will be safer to withdraw small amount of coins to test withdrawal on that exchange for the coin you just bought.
- If small withdrawals get first confirmation, let's move all rest of your coins.
Depends on how small the withdrawal is. Most exchanges have a minimum and you can't withdraw below that minimum.
Also you will be paying double fees for 2 withdrawals. For example the withdrawal fee is 0.0005 BTC on Binance - more than $5. It is not exactly cheap if you are not dealing with a lot of money.
Their withdrawal limit is 0.002 BTC - more than $20. If it is a small amount the user might not be able to respect these limits to make two withdrawals.
Thanks.
I would like to give explanation: that point focuses on altcoins. Withdrawal fees with altcoins are cheaper.
BTW, you remind me that it is important point that I forgot to write in OP.
Read more:
[2]
Don't use wallets that you don't have full control of wallet's private keysYou should read about
custodial and non-custodial wallets.
I suggest you to choose non-custodial wallets to have full control of your private keys. No one can steal your bitcoins, ie. if you don't lose your private keys. It means you have to take care of your private keys, and your computer security, nevertheless.
Just a bit of advice for the people and mostly for the newbies out there who still use exchanges as personal wallets and are careless about the safety of their funds...
If you don't want to be a victim of another inside job from exchanges or even having your personal wallets hacked (malware), I highly suggest investing in a hardware wallet. You will sleep better at night.
This is more valid than before as the price is surging...
[3]
Do your own research on your interest coins, to find out about their wallets, and choose best ones in case you buy them and withdraw coins from exchangesThis step will help you having good preparation for what you will do next after successfully buying your interest coins.
You will know which wallets to use, where to download, how to install, backup, recover, and testing all those steps on your computers.
How to search?
- If your interest project already listed on coinmarketcap.com (~ CMC) > Start from CMC to get official website, github, etc. of that project
- If your interest project has not yet listed on CMC, and you know official website of that project > Start from official website to get other things
- If your interest project has not yet listed on CMC, and you know official website of that project > Start doing your own research from Google, with higher risks. This is last option you should think of.
Benefits:It will save your time. The more time you save after buying coins on exchanges, the more security and less risks you will have, because you can move your coins from exchanges to wallets under your control after a few minutes.
[4]
Read tutorials on how to verify wallet (if possible), backup seeds, private keys, wallet backup; and steps to recover walletsUsing non-custodial wallets don't mean that you are totally safe, because it depends on your computer security, and wallets you download are official, and zero-threats/malwares or not.
Reading how to verify wallet (to check it is official or not) is very important and vital. Doing this before using that wallet for transactions.
Appreciated help from @DdmrDdmr to remind that verify wallet quality and functions is important to, in case wallet has poor quality, and bad functional operation, you don't lose your money.
Read more:
[5]
Testing seeds, private keys, wallet backup first, and only deposit money in those wallets when testing results are goodAfter verifying wallets (if that feature is available), and installing wallet on your devices, and doing back ups (in the [4] step). Now, it is time to test those backups on same devices or on other devices.
Checking all of those backups to make sure that in case your devices broken technically, you will be able to recover your wallets (there is no mispelling on seeds, private keys, etc.)
Good practice is to turn off your internet connection when testing. Even its desktop or in mobile devices.
2. Turn off internet connection while generating your Bitcoin addressIt’s also possible to create a vanity address when your internet connection is active, but for security reasons no internet connection is recommended. It would be even safer if you run the program on a computer that was never connected to the internet, but you can decide for yourself which security level is sufficient. It's always recommend to prefer high security standards to avoid any problems resulted by hacks because it's always possible that your device is compromised.
If you want maximal security you can generate your vanity address via
split-key.
Read more:
[6]
Don't use masternode / shared masternode hosting servicesIt is nearly the same as storing coins on exchanges for too long; and you don't have control of your money.
Read more:
- GINcoin: Shutdown their masternode hosting service, without announcement in their ANN thread or on their website. They only announced it in their Discord.
[7]
Don't store your coins on mixing service platforms for too long. Withdraw them immediately after mixing process finishedIt is nearly the same as storing coins on exchanges for too long.
Read more:
[8]
Check KYC requirements on exchanges that you have plans to buy coins on their platformsThis step is another must-do thing. It is ridiculous that your original aim to create accounts on exchanges is to buy your interested coins, and withdraw them to store in wallets you have control on private keys; but at the end you are unable to withdraw due to failed KYC.
It ensures that if you don't want to do KYC, you will not create account, and send your funds (bitcoin, fiats, whatever) to those exchanges; then you will have to mandatory do KYCs (that what you never want to do at starts).
In addition, it also ensure that on exchanges that KYC is mandatory to be able to withdraw money, you have to successfuly do KYC verification first, before send your fund to your accounts on those exchanges.
Sometimes, I saw people complain that they failed to do KYC verifications. There are some reasons:
- ID cards, photos, ie. blurred
- Their nations in which they live listed in exclusive nations of exchanges
[9]
Pay your attention on very early signals of scam exchangesI meant, when one legit exchange starts to turn into a scam one, it usually shows very early signals. They are sort of very strange requirements and abnormal responses to their customers' supports, something like that. When you see it, I believe it is very early signal of highly potential scam exit.
A legit exchange can turn into a scam one in a minute. They can do it instantly if they want (with so many faked, nonsense accuses).
There is a very good example for the point #9: the Crypto Bridge exchage:
https://crypto-bridge.org/I will give you a very brief summary on their scam progress.
To save space in OP, you can read more details on Crypto Bridge with my summary
here