GS01b - Crypto Security Guidelines

Whether you’re brand new to crypto or a seasoned crypto investor, most of us need to raise the bar on crypto security. Hacking incidents are on the rise, and previous ‘safe practices’ no longer provide adequate protection for your crypto assets. 

Here are the hard facts about crypto:

• Any computer you use for browsing, emails, and video calls is never secure. There’s a good chance your device has been compromised at some point in the past, and hackers may be waiting for a good opportunity to swipe your crypto. 
• No browser wallet is secure, no matter what measures you’ve taken to protect your password, secret recovery phrase, or private key. 
• If you’ve ever clicked on a malicious link (most people have and don’t even know it), your device may already be compromised. It’s best to assume it is compromised.
• If your device has been compromised, anything you type or copy to your clipboard may be visible to hackers (including passwords and seed phrases from password manager apps).
• If you’ve ever transacted on a browser wallet and the transaction did not execute fully, an incomplete transaction may have remained on your wallet that could be accessed by hackers to steal your credentials. They may already have them and could strike when you least expect it.

The bottom line is that your ‘normal’ online activities and transactions may have put your crypto at risk by exposing your wallet credentials, and it’s only a matter of time before a hacker comes for your crypto. 

How do we know this? Because some of our clients have been hacked by having their secret keys stolen, and so have we. Our management team has lost over $220k in 2025 from hacking attacks on browser-based wallets. 

Being careful with your crypto credentials is no longer good enough. It’s time to take your crypto security to the next level. 

Take action TODAY. It’s never convenient. Do it anyway. 

Here’s what you can do to protect your crypto assets: 

ESSENTIAL - Start immediately

Complete all the steps below:

Adopt ‘Safe Browsing’ practices

• Use a browser that blocks ads, such as Brave. You may still need to use Chrome and other browsers, however make Brave your default browser for general browsing.
• When searching for a website, carefully check the website URL before clicking any links
• NEVER click on ‘Sponsored’ links or ads. Beware of phishing sites that impersonate official websites (note: there are copy sites for most large exchanges)
• Bookmark the cryptocurrency website URLs you need in a folder on your browser
• When dealing with third parties, NEVER grant anyone remote access to your device
• If anyone contacts you regarding the safety of your money or crypto, do not respond or click on any links. Most of these messages are scams. If in doubt, contact your provider directly.
• Antivirus software is an optional extra if you doubt your ability to follow these practices to the letter

Use a hardware wallet for signing your crypto transactions and storing crypto assets

• Purchase your hardware wallet directly from the manufacturer or an authorised reseller endorsed by the manufacturer.

  Some of the most widely used hardware wallets include:

  • Ledger, which connects directly to Hyperliquid via ‘WalletConnect’ The Nano X is fine as a base model, or the Flex offers a larger touch screen (choose a model to suit your budget).
    • Pros:
      • Connects directly to Hyperliquid
      • Add unlimited accounts across the same network (subject to storage capacity) - e.g. FinRev Platinum customers can add multiple Arbitrum accounts to connect multiple FinRev sub-accounts
    • Cons: can feel complex to setup for beginners, however our Knowledge Base guides will provide the exact steps for onboarding onto FinRev.

    • Note: the Ledger Nano S is not recommended as support is being discontinued by Ledger in coming months

      
      
  • Tangem, a lightweight card which also connects directly to Hyperliquid via ‘WalletConnect’ 
    • Pros:
      • Connects directly to Hyperliquid
      • Simple and user-friendly interface on your mobile phone

    • Cons: supports a maximum of one account per network. To connect three FinRev accounts to Hyperliquid, you would need a minimum of 6 Tangem cards (2 compulsory cards are required for each connection), or 9 cards if you include an additional backup card for each Arbitrum account.

      
      
  • Trezor is a physical device, similar to Ledger. The Trezor Safe 3 is a good base model. The Trezor Safe 5 has a colour touch-screen. Choose a model to suit your budget.
    • Pros: simple interface and user-friendly for beginners

    • Cons: currently does not connect directly to Hyperliquid, you will need to connect your Trezor to Hyperliquid via a Metamask browser wallet. 

      
      
• Ledger and Tangem users: once you've set up your device, transfer any existing browser-based wallet funds across to your primary hardware wallet, then remove all browser-based wallets from your primary device. 

Store each of your seed phrases on 2 separate metal cards. Store the 2 cards in different locations.

• NEVER store any seed phrases online, not even in a password manager such as LastPass or OnePassword.
• NEVER take a photo of any seed phrases as they can be scanned by malware bots
• Purchase your metal card directly from the manufacturer or an authorised reseller endorsed by the manufacturer. 
• Our top recommendation is: CryptoTag (Zeus or any model to suit your budget). You can also buy CryptoTag Zeus from Ledger and Trezor.

Keep your software updated on all your devices

• Always install operating system updates and do not snooze them. When your device no longer accepts the latest OS updates, it's time to upgrade your device.
• This includes keeping your browser software updated. Always install updates as soon as they become available.
• Wifi Router:
  • Ensure your wifi router is running the latest update/firmware, if it is no longer accepting updates, it's time to replace your router.
  • Security settings on the router need to be set to 'maximum'
  • Set a wifi access password that is complex and not easily guessed
  • Set up a guest login on your router that can be shared with visitors (family, friends etc) who request access to your wifi

Set up Two Factor Authentication (2FA) for your online crypto accounts (e.g centralized exchanges)

• Authy allows you to set a Master Password that can be used to restore your account, if needed. 
• Google Authenticator is a popular option, however if your Google account gets hacked, your 2FA codes could be compromised. It's best to separate your 2FA from your email account.

Travel Tips

• DON’T use free public WIFI or charging points at any locations outside your home. This includes cafes, airports, hotels etc.
• DO get a SIM card for internet use when travelling internationally. SIM cards are available from most airports. 
• DO travel with your hardware wallet

• DON’T travel with your seed phrases

  
  

GOLD STANDARD - Start as soon as possible

Complete all the steps listed under ‘ESSENTIAL’ above, plus:

Get a separate laptop or desktop device ONLY for crypto & banking

• This device is not to be used for any other purpose, including emails, browsing, etc. 

• You can visit your crypto exchange and banking websites from your crypto & banking device, ensuring you adopt the ‘safe browsing’ recommendations above.

  
  

Purchase a second hardware wallet as a backup for your primary wallet

• Keep the second wallet as a backup in case you lose or break the first hardware wallet. You can restore your Primary wallet onto your Backup wallet using the Primary wallet's secret recovery phrase.

  
  

Get a separate email address to be used only for crypto activities 

• Use an email service with privacy features such as ProtonMail (the free version is fine)
• Do not use your crypto-only email address for personal email subscriptions
• Activate 2FA on your crypto-only email account with Authy or your preferred authenticator app

• Note: you can run a check on whether your current email address has been part of any data breaches here

  
  

Use a Password Manager tool to set and encrypt your passwords

• Popular options include OnePassword and LastPass
• Do NOT store seed phrases in your password manager

LARGE HOLDINGS - implement as soon as possible if you hold or intend to hold large amounts of crypto

Complete all the steps listed under ‘ESSENTIAL’ and ‘GOLD STANDARD’ above, plus:

Create a 'dummy' browser wallet and track access attempts

• Set up a Metamask wallet on your primary device (not your crypto-only device) with $100 deposited, and set up an alert on the address so you get notified of any access attempts 

• Setup instructions: https://support.metamask.io/configure/wallet/notifications

  
  

Create an 'Emergency' fund on a separate hardware wallet

• Set up a ‘dummy’ wallet on a new hardware wallet device. Fund it with $5k for emergencies. For example, if you’re ever in danger and need to urgently hand over your crypto, this is the wallet you’d hand over.