Crypto security: Keep assets in self-custody, use insured exchange

Those holding crypto keys in a cold wallet must store seed phrases offline in a secure location

Crypto exchange CoinDCX has recently confirmed that $44.2 million (approximately ₹ 387 crore) was stolen from one of its internal hot wallets. Customer wallets were not affected. This marks the second-largest breach of an Indian crypto exchange, after the $235 million hack suffered by WazirX in 2024. Indian investors, who are joining the crypto investment bandwagon in large numbers, should be extremely cautious on the security front.

 

“Customers must assess their personal exposure. They must understand how their assets are stored, the risk controls that are in place, and whether the platform offers transparency on wallet management,” says Himanshu Maradiya, founder and chairman, CIFDAQ.

 

Security features exchange must have 

  

Exchanges should segregate customer funds. “Customer funds should be completely separated from the company’s operational accounts using segregated wallets,” says Ashish Singhal, co-founder, CoinSwitch.

 

Ensure that most of an exchange’s assets are held in cold wallets, which, being offline, are safer from cyberattacks. “The cold wallet should ideally be managed by a renowned wallet service provider. It should also be insured so that losses incurred in the event of a hack are covered,” says Vikram Subburaj, chief executive officer (CEO) and co-founder, Giottus.

 

Indian exchanges typically conduct third-party audits and penetration tests, though experts suggest these may not be enough. “We hire white-hat hackers to test products before they go live,” says Subburaj.

 

The exchange you select should regularly publish proof of reserves (PoR) and maintain a 1:1 asset ratio. Subburaj warns that this metric alone is insufficient. “Only a regulator-approved audit can provide a full picture of an exchange’s solvency,” he says.

 

Certifications like ISO 27001 are also crucial. “They indicate that the company is serious about following global standards in data protection and operations,” says Singhal.

 

Ensure that the exchange is Financial Intelligence Unit (FIU)-registered, as this adds a layer of regulatory oversight. “It shows that the platform is operating under existing laws and following anti-money laundering norms,” says Singhal.

 

Hold bulk of assets in self-custody 

 

Long-term holdings should be kept in self-custody. “Storing with an exchange leads to centralisation. Once this happens, exchanges become the targets of hackers,” says Subburaj. He recommends transferring cryptos to an exchange only when they have to be sold.

 

Frequent traders may benefit from exchange storage, provided the platform is secure. “Store your crypto holdings with an exchange if it can be trusted, and you have done your homework on its safety,” says Singhal.

 

Other security measures 

 

Enable two-factor authentication. “This should preferably be done via an app like Authy or Google Authenticator, and not via SMS,” says Maradiya. Advanced users should consider hardware keys like YubiKey. Maradiya adds that hardware wallets significantly reduce the risk of exchange hacks, third-party failures, or phishing attacks.

 

Use withdrawal whitelists, which ensure that crypto assets can only be moved to specific wallet addresses upon withdrawal.

 

Enable login alerts for your exchange account, and set automatic logout after a period of inactivity. Avoid reusing passwords. Use a password manager to generate and store strong passwords.

 

If you keep cryptos in self-custody, back up your seed phrase offline and store it securely.

 

Regular security audits are essential. Wallet apps and firmware should be updated regularly. Avoid falling prey to phishing by never clicking on suspicious links or entering seed phrases online.

 

“Consider multi-signature wallets (multisig) for joint custody scenarios,” says Maradiya. 

How cold wallets ensure security 

A cold wallet stores private keys offline, disconnected  from the internet 

This makes it less vulnerable to hacking, phishing, or malware attacks compared  to online (hot) wallets 

Ideal for investors who want to store crypto securely for a long time without frequent access 

Types include hardware wallets; paper wallets  (printed QR codes or seed phrases); and air-gapped computers or USB drives