Implement Strong Multi-Factor Authentication (MFA)

The single most effective defense against unauthorized access is enabling Multi-Factor Authentication (MFA) on *every* exchange and wallet service you use. Password protection alone is insufficient. We strongly recommend using authenticator applications (like Google Authenticator or Authy) rather than SMS-based MFA, as phone numbers can be hijacked in a process known as SIM-swapping. Ensure you securely back up your MFA recovery codes in an offline location.

Verify Every URL Before Entering Credentials

Phishing attacks rely on deceiving users with fake websites that look identical to legitimate platforms. Before you ever enter your username or password, you must meticulously check the website's address bar. Look for subtle misspellings, strange characters, or non-standard domain extensions. Always manually type the address of your exchange or wallet into the browser, or use a trusted, saved bookmark, instead of clicking links in emails, text messages, or social media posts.

Manage Funds with Cold Storage and Prudence

For significant holdings, the gold standard for security is "cold storage"—using a hardware wallet (e.g., Ledger or Trezor) that keeps your private keys offline. Only keep the necessary amount of funds on an exchange for active trading. Furthermore, never share your private keys, seed phrases, or recovery words with anyone, under any circumstances. No legitimate exchange or support staff will ever ask for this information.