Part 2 of our crypto security series. If you have not set up your devices yet, start with Part 1: Securing Your Computer and Devices. Nothing here is a recommendation to buy or sell anything. Always do your own research.
In Part 1 we locked down the device you trade on. Now we move to the exchange, the place where your money actually lives while it is in the crypto world. This is where most people imagine the danger comes from a hacker breaking into a giant company. In reality, the weak link is almost always far closer to home.
Your Exchange Is Only as Safe as You Are
You have to hold an exchange account to buy, sell, and move money around in crypto. That does not make the account safe by default. It is only ever as safe as the person using it, and that person is you.
Picture an exchange that is genuinely impossible to hack. Wonderful. But if someone gets into your account through your device, your password, or a code they tricked out of you, it does not matter how strong the exchange was. They did not break the exchange. They broke in through you. Every habit in this lesson exists to close that gap.
Choosing an Exchange You Can Actually Trust
Start from the base layer: use an exchange with a serious security track record. The catch is that no exchange stays trustworthy forever. Reputations shift as companies grow, cut corners, or quietly run into trouble. FTX is the cautionary tale here. Plenty of respected people in the industry vouched for it, right up until it collapsed in fraud and took customer funds down with it.
So do not lean on a single recommendation and switch your brain off. A better question than "which exchange is best?" is "what are the signs of a quality exchange?" Look at security history, transparency, how it handles withdrawals, and what credible people are saying right now, not two years ago. Keep up with the news on any platform holding your money. If you are starting out, a large and established exchange such as Bybit is a reasonable base to learn on, as long as you stay alert and never assume any platform is permanently safe.
Switch On the Right Kind of Two-Factor Authentication
Always turn on two-factor authentication. Even the most basic form is one full level stronger than a password alone, and it will save you more times than you will ever know.
Avoid SMS two-factor where you can. Text-message codes can be defeated by a SIM swap, where an attacker takes control of your phone number remotely and starts receiving your codes. App-based codes close that door. Use an authenticator app that generates time-based codes, such as Google Authenticator, and turn SMS authentication off wherever the platform lets you. If a service only offers SMS, keep it on anyway. Basic two-factor still beats none.
Never Hand Over Your Password
Do not give your password to anyone, including people you trust. The risk is not only the person. It is whoever might be watching them, or whatever might be reading the message you send it in.
Type a password into a chat and an unencrypted message can be intercepted, logged, and replayed by a third party who then walks straight into your account. There is no safe way to share a password casually, so simply never do it.
Always Check You Are on the Real Site
Scammers clone exchange websites so they look identical to the real thing. The giveaway is the address: a swapped letter, an extra number, a slightly wrong domain. Always verify the exact URL, verify the name, and only ever download apps from the legitimate source. One careless login on a cloned page hands your credentials straight to the attacker.
Do not fall for phishing emails. You will receive messages like "an unauthorized transaction was made on your account, click here immediately to block it." There are endless variations, and they are built to make you panic and click before you think. Look at the sender address, which is usually obvious gibberish, and slow down. Roughly all of it is a scam. Do not click the links, and never download attachments unless you have triple-checked exactly where they came from.
An Exchange Is Not a Bank
This is the one people forget. An exchange exists to exchange. The name is the clue. It is not a bank, and it is not built to be a vault for your savings.
Wherever you reasonably can, keep your capital off the exchange. Move long-term holdings into a hardware or software wallet, or take profits back to your bank. Exchanges are companies run by fallible people. Many operate with light or incomplete oversight, and even regulated ones can suffer a bank run, become insolvent, and take customer funds down with them.
This is not a reason to panic. Parking money on a reputable exchange for a few days or weeks while you trade is normal and fine. The rule is simply this: get in, do your business, and move your capital somewhere safer for the long haul. An exchange is a place you pass through, not a place you store your life savings.
- The exchange is only as safe as you are. Most break-ins come through you, not the company.
- Pick a proven exchange, stay informed, and never assume any platform is permanently safe (remember FTX).
- Use app-based two-factor, not SMS, to defeat SIM-swap attacks.
- Never share a password, and always verify you are on the real site, not a clone.
- An exchange is not a bank. Trade on it, do not store long term on it.
Lock these habits in and you have closed the doors attackers use most often to drain exchange accounts. In Part 3 we go one level deeper, into being your own bank: seed phrases, hardware wallets, fake decentralized apps, and the wallet-draining transactions that catch even experienced users.
