PRDV151: Bitcoin for Everybody

• Leaving coins in custodial services presents a risk of not being able to withdraw your Bitcoin. There is generally a strong preference for self-custody of your Bitcoin. It is common for newcomers to leave Bitcoins on custodial services or exchanges. It's generally advised to minimize the number of Bitcoins that must be stored on custodial services, and instead to hold most in self-custody.
• As Bitcoin value rises, you should also consider improving your level of security by considering hardware wallets, multi-signature, and other open-source software and techniques. 
• You might be paranoid of the risk of hackers stealing your Bitcoin, but a more common story is people who lose access to their own Bitcoins because they didn't keep or test backups of their setup. Some people have lost their Bitcoins by not using a standard setup. Non-standard setups can be difficult to recover, or can be unrecoverable by the heir of the Bitcoin holder after the original holder passes away.
• Beware of anyone asking for your seed phrase. One common scam is for hackers to masquerade as Bitcoin support staff, and ask people for their seed "in order to help them".
• Never enter your seed phrase into a computer. If you must recover a seed, recover it into a hardware wallet, such as a Coldcard, Trezor Model T, or Ledger device that allows you to re-enter your seed directly into the hardware. Some people have lost their coins because of keyloggers on their PCs recording the seed as it was typed in.
• Beware of anyone promising returns that are too good to be true, whether from mining, trading, or otherwise. For example, some platforms have chat scammers or scambots that attempt to trick people into scams that promise very high returns. 
• Always have your seed phrase backed up, ideally on a metal backup such as BillFodl, CryptoSteel, CypherSafe, SEEDPLATE, or something similar.
• When paying or receiving, check the address and transaction details on the hardware device. There have been some attacks based on swapping out the address to be paid into.
• Use software and hardware that is ideally open-source and well-tested by the community, with a good reputation that has been built up over time.
• Be wary of "simjacking", where fraudsters assume control of their target's phone by manipulating the phone service provider's processes. After doing this, they may make use of SMS 2-factor authentication and gain access to their victim's online accounts. Bitcoin users have sometimes been targeted by simjackers. One good way to protect against this is to avoid using SMS 2FA in general, and instead favor more secure methods like authenticator apps or YubiKey devices.

Source: Saylor Academy
This work is licensed under a Creative Commons Attribution 4.0 License.