You can dramatically improve your digital security with just a few easy steps
Secure crypto
Secure Your Crypto
The strategies employed by cybercriminals are growing in popularity along with cryptocurrency trading. Our security team at Coinbase has observed a dramatic increase in sophisticated attempts to steal digital assets. Although that may sound concerning, the good news is that you don’t need to be an expert techie to keep your cryptocurrency safe. Protecting your assets, not just on Coinbase but throughout your entire digital life, can be greatly aided by a few easy steps.
These days, account takeovers (ATOs) are among the most frequent threats. This happens when a malicious actor manages to access one of your accounts and commits fraud using it. The SIM-swap scam is a common technique employed by cybercriminals. This attack involves someone posing as you and persuading your mobile provider to change your phone number to one that they own on a different SIM card. They then get all of your calls and texts, including the two-factor authentication (2FA) codes that were sent to you via SMS.
Fraudsters may be able to access your email, cloud storage, social media, and yes, even your Coinbase account, armed with your SMS 2FA codes and a stolen password. Because of this, maintaining crypto security is more crucial than ever.
At Coinbase, we continuously monitor for signs of SIM-swap activity and take steps to prevent unauthorized access. While we believe that any 2FA method is better than none, relying solely on SMS-based 2FA is no longer the best practice.
To keep your crypto secure, we strongly recommend two simple upgrades:
Use an authenticator app or hardware security key instead of SMS for 2FA.
Regularly update your passwords and never reuse them across different accounts.
These steps may seem small, but they offer powerful protection—not just for your Coinbase account, but for your entire digital footprint.
Crypto Secure with a Password Manager
Staying crypto secure starts with strong, unique passwords. Ideally, each of your passwords should be at least 16 characters long, highly complex, and never reused across accounts. Sounds overwhelming? That’s where password managers like 1Password or Dashlane come in—they generate and safely store your passwords so you don’t have to.
Worried your current password might already be compromised in a past data breach? It’s worth checking. Visit haveibeenpwned.com/Passwords to find out if your password has been exposed—and take action to stay crypto secure.
Crypto Security with 2-Factor Authentication (2FA)
Strong passwords aren’t enough to keep your cryptocurrency safe. Turn on two-factor authentication (2FA) whenever you can. Select a hardware security key, such as a Yubikey, the industry standard for crypto security, for the best level of protection.
Choose an app-based solution such as Google Authenticator or Duo Security if your service provider does not support Yubikey. Compared to SMS-based 2FA, which is susceptible to SIM-swap attacks, these are far more secure.
If SMS 2FA is the only option available, however, make sure that each time you log in, a one-time code is sent to your device. Even if your password is compromised, this extra precaution helps keep your account safe.
In the end, it might be prudent to stay away from a platform if it doesn’t support any of these 2FA techniques. You can’t afford to take chances with your crypto security.
Stay Smart and Keep Your Crypto Secure
In the fast-moving world of digital assets, it’s not just about using the right tools — staying alert is just as crucial. To keep your crypto secure, follow these smart habits both online and offline.
Avoid Becoming a Target
Think of your cryptocurrency like a pile of cash — would you post a photo of that online? Probably not. So:
Don’t brag about your crypto holdings on social media. Sharing that kind of info makes you an easy target for scammers.
Check your online presence. Use a simple online self-audit to see what personal data you’re unintentionally sharing.
Stay One Step Ahead of Scammers
Cybercriminals are getting creative. Fake tech support agents — some even pretending to be from Coinbase — may try to trick you. Here’s what to keep in mind:
Coinbase will never ask for your password, two-factor authentication (2FA) codes, PIN, or remote access to your device.
No test accounts or ID requests will ever come via social media or email from Coinbase. We don’t support users through Facebook chat, and we will never call you.
If anyone contacts you and you’re unsure, email security@coinbase.com to verify if it’s legit. And remember, big tech companies like Microsoft, Google, and Apple never cold-call users about their devices.
Always Verify the URL
Scammers love to clone real websites. Their fake platforms are designed to steal your login credentials. Before logging in:
Double-check the web address. Make sure it’s the correct site before you type in any details.
If you get an email with a link, copy and paste it into a text editor first. This simple trick helps you see where it actually leads before opening it in your browser.
While Coinbase works hard to protect its systems, securing your crypto starts with you. Staying aware and taking a few simple precautions will help you keep your crypto secure. For more guidance, visit the Help Center.
FAQs
🔐 1. How strong should my password be?
Use a minimum 16-character, complex and unique password for each of your accounts. A password manager (like 1Password or Dashlane) can generate and remember strong passwords. If you suspect your password was breached, check it using haveibeenpwned.com.
2. What type of 2‑factor authentication (2FA) should I use?
Always enable 2FA—and choose the strongest method available:
Hardware security keys (e.g. YubiKey) are best.
If unavailable, use an authenticator app (e.g. Google Authenticator or Duo).
As a last resort, use SMS‑based 2FA—but ensure a code is required every login.
3. What is a SIM‑swap attack and how do I avoid it?
A SIM‑swap occurs when attackers transfer your phone number to their device—letting them intercept SMS 2FA codes. To protect yourself:
Avoid SMS 2FA when possible.
Use authenticator apps or hardware keys.
Coinbase monitors for these attacks, but personal caution remains essential.
4. How can I spot and avoid scams or phishing attempts?
Never share passwords, 2FA codes, PINs, or grant remote access—even if asked by someone claiming to be Coinbase support.
Coinbase will never:
Call you unsolicited or ask you to install software.
Ask for test accounts, IDs, or banking info through social platforms.
If unsure, email security@coinbase.com to verify legitimacy.
5. How can I verify I’m on the real Coinbase site?
Always double-check the website URL before logging in.
For emailed links, copy-paste the URL into a plain text editor first to inspect it, ensuring you’re not being redirected to a fake sitE.
🧠 Extra Tips (Beyond the FAQs)
Don’t brag about your crypto holdings publicly—stay low-profile wired.com.
Learn and apply Coinbase’s overall security advice: use strong passwords, robust 2FA, and stay vigilant.
The Bottom line
Crypto is built on security. That means you have a role to play in keeping your assets safe. With strong passwords, two-factor authentication, and offline storage, you can make it much harder for hackers to access your funds.
