Crypto Security Bootcamp
Eight operational-grade lessons on the security practices that actually prevent loss — threat modelling, phishing-resistant 2FA, hardware wallets done right, approvals, and incident response.
About this course
If the Beginner course teaches you what crypto is, the Security Bootcamp teaches you how to keep it. Eight lessons of about 20 minutes each move you from understanding security in principle to running it in practice. You will pick your own threat model, retire SMS 2FA forever, use a hardware wallet without blind-signing, run a weekly approvals audit that catches the most common drainer pattern before it works, recognise the four highest-frequency phishing flows on sight, and know exactly what to do in the first 60 minutes if something does go wrong. There is no financial advice anywhere in this course, no preferred wallet or exchange, and no affiliate link. Just the operational discipline that separates people who hold crypto safely from people who learn the hard way.
What you'll be able to do
- Diagnose your own threat model and stop over- or under-defending.
- Eliminate SMS-based 2FA and migrate every account to phishing-resistant authentication.
- Use a hardware wallet with verified firmware, no blind-signing, and transaction simulation.
- Run a weekly token-approval audit that catches stale approvals before they're exploited.
- Recognise the four highest-frequency phishing patterns in the moments before they work.
- Execute the first-60-minutes incident-response playbook if you are compromised.
Who this is for
- Anyone who finished the Beginner course and wants operational-grade security practice.
- People holding meaningful amounts (4-figure USD and up) on hot wallets or exchanges.
- Anyone who has already been phished or sim-swapped and wants it never to happen again.
- Builders, DAO contributors, or dev-shop employees who handle wallets professionally.
Who this is NOT for
- People with zero crypto experience — start with the Beginner 7-Day course first.
- People looking for a specific wallet or exchange product recommendation — we explain what to evaluate, not what to buy.
- Anyone wanting financial advice or trading guidance — there is none here.
Lessons
- 1
Lesson 1 — The threat model: who actually attacks crypto holders
~20 minDefensive effort scales with realistic threats, not paranoia. Today: who is actually after you, what they want, and where to spend your time.
- 2
Lesson 2 — 2FA done right: from SMS to hardware keys
~22 minRetire SMS forever. The full ladder of phishing-resistant authentication, in the order you should adopt it.
- 3
Lesson 3 — Hardware wallets in practice
~22 minChoosing one without endorsement, verifying it is genuine, blind-signing risk, and the misconfigurations that quietly undermine the whole thing.
- 4
Lesson 4 — Token approvals: the silent attack surface
~22 minWhat a token approval actually is, how drainers exploit stale ones, and the 90-second weekly routine that closes the gap.
- 5
Lesson 5 — Phishing & social engineering patterns
~22 minThe four high-frequency patterns and the personal-policy rules that make them ineffective on you.
- 6
Lesson 6 — Device, browser, and network hygiene
~22 minThe boring layer that matters most: separate browser profile, extension discipline, OS hygiene, and the public Wi-Fi rules that actually apply.
- 7
Lesson 7 — Exchange account security
~22 minWithdrawal whitelists, API-key scoping, the underused 'disable everything I do not use' principle, and SIM-swap defence at the carrier level.
- 8
Lesson 8 — Incident response: the first 60 minutes
~22 minCompromise indicators, triage order, evidence preservation, who to call — and why the wave of 'recovery experts' arriving 24 hours later is a second scam.
Final quiz
When you've worked through every lesson, pass the final quiz to mark the course complete. You can retry any number of times.
Educational only.
Nothing in this course constitutes financial, investment, tax, or legal advice. Cryptocurrency carries significant risk, including total loss. Always consult qualified professionals for advice specific to your situation. We earn nothing from any project, exchange, or tool mentioned anywhere on this site.