Skip to main content
All CollectionsSecurity
How do I keep my money safe? How to store cryptocurrency safely
How do I keep my money safe? How to store cryptocurrency safely

At Exodus, we are passionate about giving you full control over your crypto. Learn how to store cryptocurrency safely with Exodus.

Updated over a week ago

Everything you need to know about keeping your crypto safe in Exodus.

Need a crypto wallet that gives you full control of your assets? You can download Exodus here.


In this article:



How do I keep my crypto safe in Exodus?

Keeping your crypto safe in Exodus is about ensuring that only you can access your device, your secret recovery phrase, and your private keys.

Exodus is a self-custody wallet. When you create an Exodus wallet, it generates a unique secret recovery phrase on your device. This secret recovery phrase grants and controls access to your wallet and its funds.

Your wallet is like a vault for your private keys. If your wallet is the vault, your secret recovery phrase is like the key that opens the vault.

When you create an Exodus wallet, you are the only one with the information needed to access it, which gives you full control.

With full control over your wallet, you also have the responsibility of keeping it safe.

This article will show you how to make sure that you always have access to your wallet, how to protect your funds from threats that could compromise it, and steps you can take to keep your funds safe.


How can I make sure that I always have access to my wallet?

You can ensure that you always have access to your Exodus wallet by writing down and safely storing your secret recovery phrase.

Common ways people lose their crypto is by losing, or never writing down, their secret recovery phrase.

For a guide on how to back up your wallet, visit: How do I always have access to my wallet with my secret recovery phrase?


How do I keep my secret recovery phrase safe?

It is crucial to keep your secret recovery phrase a secret. Anyone who has access to it will have full access to your wallet and its funds.

It's also crucial to keep your secret recovery phrase secure. If you lose or forget your secret recovery phrase, and something happens to your device, you will lose access your wallet.

Below, you can find information on what you should avoid and what you can do to protect your secret recovery phrase.

What should I avoid?

  • Never store an unencrypted digital copy of your secret recovery phrase: Do not store your secret recovery phrase in any digital format, such as in a text document, screenshot, email, text message, PDF etc. You might expose your secret recovery phrase to unknown threats such as malicious software, malware, viruses, and hackers.

  • Never take a screenshot or photo of your secret recovery phrase: If you take a screenshot or photo of your secret recovery phrase, the secret recovery phrase will be stored on a digital device and leave it vulnerable to unknown threats such as malicious software, malware, viruses, and hackers.

  • Never share your secret recovery phrase with anyone: Anyone with your secret recovery phrase has complete control over your wallet. Your secret recovery phrase should be kept private and secure.

  • Never let anyone see your secret recovery phrase: This includes keeping your secret recovery phrase safe when you view it on your device's screen during the backup process. Never view your secret recovery phrase in public or where others can view it, and make sure that there are no cameras that can record or view your secret recovery phrase. After backing up your wallet, ensure you are the only one who can access your secret recovery phrase and never let anyone see it.

  • Never enter your secret recovery phrase in any websites or online forms: Be careful of fake websites, apps, web forms, and phishing emails. Scammers might use this to try and steal your secret recovery phrase. If the scammer gets access to your secret recovery phrase, they will have full access to your wallet. To learn more about scams, visit: What scams should I watch out for?

  • Do not copy your 12-word secret recovery phrase: Avoid copying your secret recovery phrase. If you copy your secret recovery phrase, it will be stored on the clipboard of your device. It's possible for some websites or apps to access the contents of your clipboard. Moreover, anyone with physical access to your device can access your clipboard's contents.

What are some best practices?

  • Write down your 12-word secret recovery phrase and store it offline: To store your secret recovery phrase offline, you can write it down on a piece of paper. Hackers can access digital files and information, but they can't access a piece of paper. If you have written your secret recovery phrase down on paper, you can even laminate the paper to protect your paper backup further. You can also store your secret recovery phrase on metal crypto wallets. Metal wallets are metal plates with engraved secret recovery phrases and are more durable than a paper backup. They are also fire- and water-resistant.

  • Keep at least 2 copies of your 12-word secret recovery phrase: By having more than 1 copy of your secret recovery phrase stored in different locations, you increase the chance of being able to recover your wallet. All copies should be stored in secure and private locations so only you can access them.

  • Store your 12-word secret recovery phrase in a safe location: Store copies of your secret recovery phrase in private and secure locations. Only you should have access to the backup of your secret recovery phrase so it remains secret. Ensure your secret recovery phrase is protected in case of disasters such as floods, earthquakes, and fires.


How do I keep my private keys safe?

In Exodus, all your private keys are generated from your 12-word secret recovery phrase. While your secret recovery phrase gives you access to all of your funds, private keys control access to your individual crypto wallets.

For example, with the Bitcoin private keys, you have access to your Bitcoin wallet, and with your Ethereum private key you have access to your ETH and all your Ethereum (ERC20) tokens. If someone got access to your private key for one of your wallets, they would have access to that wallet.

With Exodus, as long as you have a written copy of your 12-word secret recovery phrase, it is unnecessary to write down your private keys.

Here are some tips on how you can keep your private keys safe:

  • Never share your private keys with anyone or anything: Anyone with your private key will have full control over the asset controlled by the private key and the funds in it. Never share your private keys with anyone.

  • Never export your private keys into any untrusted websites and apps: Scammers might use fake websites, forms, and emails to trick you into entering your private key or secret recovery phrase. If a scammer gets access to your private keys, they will have full access to your wallet and the funds in it. To learn more about scams, visit: What scams should I watch out for?

  • Never let anyone see your private keys: Never view your private keys in public or where others can view them, and make sure that there are no cameras that can record or view your private keys.

  • Be careful copying private keys: If you copy your private key, it will be stored on the clipboard of your device. It's possible for some websites or apps to access the contents of your clipboard. Moreover, anyone with physical access to your device can access your clipboard's contents. If you copy a private key, be sure to clear your clipboard.


How do I set a password for my Exodus wallet?

Setting a strong and secure password can help protect your Exodus wallet if someone gets physical access to your device. Without the password, they won't be able to open or access your Exodus wallet.

While your password can create an extra layer of security for your wallet, if your device gets lost or stolen, your password alone is not enough to recover your wallet.

Only your 12-word secret recovery phrase can restore a wallet. To learn how to keep your secret recovery phrase safe, jump to the section: How do I keep my 12-word secret recovery phrase safe?

For more information on how to create a strong and secure password, please visit: The importance of a good password.

Here is how you can set a password or passcode for your Exodus wallet:

Mobile

You can set a 6-digit passcode for your mobile wallet after backing up your wallet. For a guide on how to back up your mobile wallet and set a passcode, visit: How do I back up my wallet and write down my 12-word secret recovery phrase?

Desktop

You can set a password for your desktop wallet during the backup process. For a guide on how to back up your desktop wallet and set a password, visit: How do I back up my wallet and write down my 12-word secret recovery phrase?

Web3 Wallet

You will be prompted to create a password when setting up your new Web3 Wallet: How do I install and set up Exodus Web3 Wallet?


If you created your Exodus wallet before February 2019, you might have an email backup link.

Be careful where you store your backup link. Keep in mind that if the link is stored in your email inbox and a attacker gets access to your email, they will be able to see your backup link. If they also have the password, or if your wallet had no password when you were emailed the link, they'll be able to access your wallet.

Never share your email backup link with anyone.

While you can still restore your Exodus wallet with the email backup link, we recommend that instead you back up your wallet by writing down the secret recovery secret recovery phrase.


Trezor: an easy way to keep your funds safe

Trezor is a hardware wallet and one of the best methods to keep your crypto safe.

Trezor is a device that can generate and store the secret recovery phrase and private keys of a wallet in its memory. A Trezor device doesn't connect to the internet, and the secret recovery phrase is generated offline.

By keeping the secret recovery phrase and private keys in an offline environment, you can protect your funds from malware and hackers.

A Trezor wallet is only as safe as the secret recovery phrase. Like the secret recovery phrase for your Exodus wallet, it is important to keep your Trezor's secret recovery phrase safe and stored in a secure location.

For more information on how to keep secret recovery phrases safe, jump to: How do I keep my 12-word secret recovery phrase safe?

If you have a Trezor, you can connect it to Exodus Desktop. To learn more about Trezor integration in Exodus, visit: Getting started with Exodus and Trezor


Security best practices

Use 2-factor authentication (2FA)

2-factor authentication (2FA) creates an extra layer of protection for your accounts that you access with an email or username and password. With 2FA, if an attacker steals your password, they still won't be able to access your account.

If possible, avoid SMS and email-based 2FA. SMS 2FA can be vulnerable to sim-swapping attacks, and email-based 2FA can be vulnerable if your email account is compromised.

Instead, use an authenticator app such as Google Authenticator or Authy, or a hardware authenticator like YubiKey.

Use unique and strong passwords

Having unique passwords for every online account ensures that if an attacker gets access to one of your passwords, they will not be able to access any of your other accounts.

The best passwords are random and at least 16 characters long. They contain a random mix of lower and upper case letters, numbers, and symbols (like "@" and "#"). To learn how to create a strong password, please visit: The importance of a good password.

Use a password manager

Password managers allow you to store, manage, and generate strong passwords. They are a great way to keep track of all your passwords.

There are both free and paid options for password managers, but make sure that you completely trust the password manager you use.

When generating a password, always make sure it has a mix of upper and lower case letters, numbers, and symbols. Make the password at least 16 characters long, but you can make the password stronger by increasing how many characters that are used.

Password managers are a great way to manage your passwords, but it is important that you keep the backup for your password manager safe and secure. Your passwords are only as safe as your backup.

Some devices and browsers might ask to remember or save a password after you enter it. Avoid this feature, because if one account is hacked or compromised, then all accounts you've used the same password for are also at risk of being compromised.

Watch out for scams

Other than not writing down your secret recovery phrase, the biggest threats to your crypto are scams and phishing attacks.

There are many ways a scammer could try to steal your funds or get access to your wallet. Some scammers might promise high returns, free crypto, or use fear tactics to make you think if you don't take urgent action, your funds or wallet could be at risk.

Scammers can also impersonate people, companies, or support teams to convince people to reveal personal information or information that can be used to steal or access their funds. These types of scams are referred to as phishing attacks.

To protect yourself, never share your secret recovery phrase or private keys. This includes entering this information into an online form or support portal. The only reason someone would ask for your secret recovery phrase or private keys is to steal your funds.

Exodus Support will never ask for your secret recovery phrase or private keys.

To learn more about scams, how to identify them, and what to watch out for, please visit: What scams should I watch out for?


Protect your device

Your crypto is only as safe as the device it is stored on. Here are some tips on how to keep your device safe.

Use anti-virus and anti-malware software

Use anti-virus and anti-malware software on your device to help protect your device against attacks.

While anti-virus and anti-malware software can help help you stay safe, you will still need to be mindful of which websites you visit and the software and apps you use with your device.

Avoid any website, software, or app you do not fully trust or find suspicious. Never use pirated or cracked software or operating systems, because they have an increased chance of containing malicious software, viruses, and malware. Examples of anti-virus and anti-malware software include Malwarebytes and Bitdefender.

Encrypt your hard drive

Most devices and operating systems support encrypting the data on your hard drive.

Encrypting your hard drive adds an extra layer of protection because to decrypt the data on your hard drive, you will need a key or password.

Use a dedicated computer

To minimize the chances of online threats, you can use a dedicated computer for Exodus.

When you use the internet, there is always a chance of exposing your device and data to online threats. By having a dedicated device for Exodus, you are limiting the exposure your device has to the internet and any potential online threats.

If you want to dedicate a device to Exodus, consider formatting the hard drive and reinstalling the operating system, so you are sure there are no files, software, or apps that could weaken your security.

Besides Exodus, the only thing that should be installed on the computer is software that helps you stay secure such as a firewall, VPN, password manager, anti-virus, and anti-malware software.

Never use your dedicated device for anything except Exodus. Do not install other software or apps, and do not browse the internet.

An alternative to using a dedicated computer for Exodus is a Trezor hardware wallet.


Protect your network

Ensuring that your device only connects to a trusted and secure network can help you protect your device from unauthorized access and attackers.

What can I do to protect my network?

When you use your own private network, you can restrict who has access to it, as well as encrypt it with a password.

Avoid connecting to public networks because public networks can have weak security, and your connection might not be encrypted. An attacker connected to the same network might be able to track your activity.

Secure both your router and WiFi with unique and strong passwords. Enable encryption for your WiFi, ideally WPA3. Do not use WEP encryption, as it provides limited protection.

Regularly check for router and modem firmware updates. If your router supports WPS, make sure it is turned off. If WPS is turned on, it could make it easier for an attacker to get unauthorized access.

To further secure your network, you can hide the SSID so your WiFi is not publicly visible.

To find out how to change your network settings, consult your router manual.

Use a firewall and VPN for extra security

Firewalls monitor and control incoming and outgoing network traffic to protect your network from unauthorized access.

Most operating systems come with a built-in firewall, but there are also paid options that might offer more options and better protection.

To stay secure, it is necessary that your device and internet router have a firewall you trust.

Virtual private networks (VPNs) encrypt the connection between your device and network, and make it more difficult for an attacker to track your activity. VPNs are commonly used to protect a network connection when using public networks.

Unlike a firewall, it is not necessary to use a VPN, but it can offer an extra layer of protection, especially if you connect your device to public networks. However, keep in mind that it's not recommended to connect to a public network.


What can weaken my security?

To keep your crypto safe in the long term, it is important to know what could potentially weaken the security of your crypto wallet.

What could weaken the security of my 12-word secret recovery phrase?

To keep your crypto safe, the most important thing is keeping your secret recovery phrase safe. No matter how safe your device is, if anyone gets access to your secret recovery phrase, they will have full access to your funds.

Storing your secret recovery phrase as an unencrypted digital copy will weaken your security. This includes taking photos and screenshots of your secret recovery phrase. Once your secret recovery phrase has been in a digital environment, there is no way to reverse the exposure.

Do not import your secret recovery or private keys into wallets you do not trust. Keep in mind that if you import your secret recovery phrase or private key into another wallet, then attackers will have one more wallet that they can potentially target and attack.

What could weaken the security of my device?

Always remember that the device you use with your wallet can be used to access your wallet. This means that anything that will weaken the security of your device will also weaken the security of your wallet.

Be mindful of websites, software, and apps that you use with your device. Visiting untrusted websites and installing unknown software can weaken the security of your device.

Also make sure you protect both your device and your Exodus wallet with strong passwords. This way, even if your device is lost or stolen, it will be difficult to gain access to your wallet.

How can scams weaken my security?

Watch out for scam and phishing attacks that try to steal your funds or get access to your wallet. Even if your secret recovery phrase and device are kept safe and secure, a scam or phishing attack could still compromise your wallet.

Never share your secret recovery phrase with anyone, and do not enter your secret recovery phrase into online forms or websites.

To learn more about scams and phishing attacks, you can visit: What scams should I watch out for?

Did this answer your question?