How to Keep Your Crypto Safe

This “How to” article is probably one of the most important in the series. In this edition, we look at how you can securely store your crypto and what we do behind the scenes to protect your data and cryptocurrencies.
Key Takeaways
-
2-Factor Authentication (2FA) is enabled by default to provide extra protection for your account
-
The closed system and trusted device pairing ensure that only you have access
-
All your data is encrypted and stored within the EU, and you receive instant notifications for transactions
-
Your crypto is securely stored in a vault at Fireblocks and your money is separated at bunq
-
Finst is the only Dutch platform with an independent Proof of Reserves audit
-
Withdrawals are subject to extra checks, for example with new addresses or high-risk destinations
-
You can contribute to your own security by using strong passwords, activating 2FA everywhere, and avoiding phishing
2-Factor Authentication (2FA)
2FA is perhaps one of the most well-known and widely used security measures in financial services, and crypto is no exception. To make things easy for you and give you peace of mind, we have enabled this by default. Simply put, it’s one less thing you need to worry about when it comes to protecting your digital assets.
How Secure Is My Finst Account?
In addition to the popular protection (2FA), there are several other security measures to keep you and your crypto safe. These include:
-
Closed system: This ensures that even if a malicious party gained access to your account, they could never send money to an account that does not belong to you.
-
Device pairing: Link your account to trusted devices so that only you have access to your account and assets.
-
Data encryption: Your data is fully encrypted, stored within the EU, and processed in a strictly confidential manner. Of course, we will never sell it to third parties.
-
Instant notifications: Stay informed about all your incoming and outgoing transactions and always know what’s happening in your account.
-
Discreet mode: You can hide your account balances with a single tap, ideal for using the Finst app in public.
This is already a strong list of security measures, but when it comes to security, we take no chances. So let’s go a step further and take a closer look at some of our additional, advanced security measures.
Security Measures at Finst
Let’s dive straight into how we deliver security and risk management at the highest level.
Cryptocurrency Vault
Your crypto belongs to you and is secured with the most trusted custodian in the world, Fireblocks. On a technical level, Fireblocks uses Multi-Party Computation (MPC) technology with hardware isolation to protect your assets against external attacks, internal collusion, and human error.
Money Safeguarding
Your money is segregated from our company assets on a 1-to-1 basis and securely held at Bunq, a fully regulated Dutch bank.
Asset Segregation
Your assets are separated from ours as a company, so you have maximum protection regardless of what happens to us.
Proof of Reserves (PoR)
Finst is the first and only Dutch crypto platform to successfully obtain a Proof of Reserves (PoR) from an independent and reputable audit firm (Audit Now).
Securing Crypto Withdrawals
The final security measure we’ll look at in this article concerns crypto withdrawals. Generally, a cryptocurrency withdrawal is processed within minutes, but it may take several hours depending on the asset and the network. For example, this differs with Bitcoin compared to Ethereum or Solana. Keep in mind that Finst cannot influence the execution time of a transaction on the blockchain, as this depends on network activity.
In some cases, however, a withdrawal may be delayed due to one of the following security measures:
-
You made a withdrawal to a new wallet address, which for security reasons has a cooling-off period of up to 48 hours.
-
The wallet address to which you want to send crypto may be associated with high-risk activity (such as gambling), and your transaction will be reviewed by Finst. This usually takes no more than 1 business day, but in some cases may take longer, and your funds may be frozen or subject to further due diligence.
We understand that these security measures for crypto withdrawals can sometimes be frustrating, but they are solely intended to keep you and your digital assets as safe as possible.
What Can You Do to Keep Your Crypto Safe?
In addition to everything we do at Finst to keep your crypto safe, a large part of security is also in your hands. Here are some things you can do to protect your crypto.
-
Use a strong and unique password: Never use the same password. You may consider using a password manager to store them securely.
-
Enable 2FA on all your accounts: Not only at Finst, but also for your email and other financial services.
-
Beware of phishing: Don’t click on links in emails, WhatsApp, or Telegram messages without checking. Always verify that you are really dealing with Finst.
-
Keep your devices up to date: Updates often contain important security patches.
-
Never share your private keys or screen: No one from Finst will ever ask you for this information.
Self-Custody or via a Platform?
You may have heard of self custody wallets, where you store your crypto yourself in a hardware or software wallet. The advantage is that you have full control, but it also means you are 100% responsible for your own security.
With a platform like Finst, you benefit from professional security, such as Fireblocks and our asset segregation. Many users choose a combination of both, depending on their preference and risk profile.
Final thoughts
While we do our utmost to keep your data and crypto safe, there will always be some risks when money—or in this case crypto—is involved. We have implemented advanced security measures to maintain the highest standards of security and risk management. However, we kindly ask you to be cautious, especially when approached by third parties who may offer investment or portfolio management services. These parties may ask you to share your device screen. Just like your bank, we would never ask you to do that.