FRIENDS... THIS IS VITALLY IMPORTANT TO UNDERSTAND. THERE ARE HACKERS OUT THERE SENDING OUT FAKE TEXT MESSAGES AND EMAILS, PRETENDING TO BE UPHOLD AND OTHER CRYPTO EXCHANGES. IF YOU CLICK ON A LINK IN THE TEXT MESSAGE OR EMAIL AND LOG INTO YOUR ACCOUNT, YOU'VE LITERALLY JUST GIVEN THEM ACCESS TO YOUR USER NAME AND PASSWORD. ONCE THEY HAVE YOUR LOGIN INFO, THEY CAN USE A HACK TO BYPASS THE GOOGLE AUTHENTICATOR OR WHATEVER TYPE OF 2 FACTOR AUTHORIZATION YOU CHOSE WHEN YOU FIRST SIGNED UP.
The best thing to do is move all of your crypto off of Uphold or any online exchange, and store it on a hardware/cold storage wallet. With that being said, I know that Uphold has a ridiculous 63 day "cool off period" where they will not let you move your XRP off of their server. This is if you purchased your crypto with a bank account instead of a debit or credit card. Many people are still waiting for their cool off period to end, because many people wanted to buy more than $500.00 of XRP in a day.. including myself. You could also send them a wire transfer, but because they are not in the USA, it takes 5-7 business days for the wire transfer to show up in your account. I have about 15 days left in my cool off period, but I realized that after about 15-20 days from the date of purchase, their website will allow you to move about 500XRP off platform every other day. That's what I've been doing and now I only have a small amount of XRP sitting in my Uphold wallet.
The image above is literally the worst case scenario anyone can experience. Uphold clearly states that they are not responsible if you fall victim to a phishing attack, where you clicked a link on a fake text message or email without double checking the validity of the link first. It's really simple, the best way to prevent this from happening is to NEVER CLICK A LINK IN A TEXT MESSAGE OR IN AN EMAIL FROM UPHOLD OR ANY CRYPTO EXCHANGE. Just go to their website directly or on the app and log in normally.
It's important to understand that even if you are not a victim of a phishing attack and your crypto is sitting in an online wallet that gets hacked, you will still be put in a terrible position. Most exchanges say they insure your crypto against a hack, however, most exchanges will only credit you the dollar amount that was in your account at the time of the hack. This means that if you have 10,000 XRP in an online wallet, and you bought your XRP at $0.35 cents, but now XRP is at $10.00, you will never be able to buy your XRP back at $0.35 which will essentially take away your ability to make the profit you had planned when making your original purchase(s).
I'VE SAID FROM THE START THAT YOUR CRYPTO IS NOT SAFE ONLINE. BY LEAVING IT ONLINE YOU ARE TAKING A HUGE RISK.
The only safe way to store your crypto is by using a hardware/cold storage wallet. I've listed some of them below:
Ledger Nano X Industry Favorite - Very Safe / Easy To Use
Trezor Another Industry Favorite - Very Safe / Not As User Friendly
Ledger Nano S Best Option If You Cannot Afford One of The Above
Never buy from Amazon or any third party retailer. Only buy from the actual manufacturer and make sure you verify that your device has not been tampered with during the initial setup.
If you don't have a hardware wallet, but you hold XRP or other crypto, you need to purchase one ASAP. You need to understand that as the value of XRP continues to go up, there will be more and more attempted hacks to steal it from you. I CANNOT STRESS THIS ENOUGH... IF YOU RECEIVE A TEXT MESSAGE TELLING YOU IT'S FROM UPHOLD AND ASKING YOU TO LOG INTO YOUR ACCOUNT VIA TEXT MESSAGE... BLOCK THAT FUCKING NUMBER IMMEDIATELY. NEVER CLICK ON A LINK TO ACCESS YOUR ACCOUNT THROUGH AN EMAIL THAT IS FROM UPHOLD OR ANY OTHER EXCHANGE. JUST LOG ON THROUGH YOUR APP OR WEB BROWSER DIRECTLY. THERE IS NO REASON ANY EXCHANGE WILL ASK YOU TO LOG IN THROUGH A LINK OTHER THAN THE FIRST TIME YOU SIGN UP TO VERIFY YOUR ACCOUNT. PLEASE BE CAREFUL AND MOVE YOUR CRYPTO OFFLINE.
When you setup your hardware wallet on your computer, YOU NEED TO MAKE SURE YOU ARE DISCONNECTED FROM THE INTERNET. If you choose to type out your 24 word recovery seed phrase on a word doc or notepad doc, to transfer it to multiple flash drives in case you lose the paper versions that you create... make sure you only type it out and transfer it while disconnected from the internet. Do not name your word doc or flash drive anything that will be obvious like "XRP Recovery" or "Password For Ledger" etc. Name it something random like your high school principals name or the name of your favorite actor when you were a child. Once you transfer it to your flash drive, remove the drive and delete the documents immediately from your computer. If you have a mac, use an app that has a shredder. Take every precaution possible to ensure the safety of your recovery passcode. If your hardware wallet breaks, your 24 word recovery passcode is the only way you can load up your assets on a new device. Without this code, you are.. how do they say... FUCKED! Make sure you write down at least 5 copies of your passcode on paper. Laminate them or make sure you're writing on good stock paper that wont rip easily. If you buy a Ledger, it comes with 3 good quality cards where you can write this down.
If you hold an amount of crypto that is already worth BIG MONEY, then you need to purchase 2 or 3 hardware wallets and spread out your holdings between them. Take every precaution you can. If you do this, your crypto will be safe. If it's kept online or if you're sloppy when setting your hardware wallet up by being connected to the internet (or any other way) then you are literally risking everything... and once it's gone... It ain't coming back.
Let this man be an example to never forget. The poor guy was irresponsible when setting up his passcode, probably because the value of Bitcoin at the time was only $5.27 - $12.56. Apparently, he wrote his recovery passcode down on one piece of paper and lost the paper.
He owned 7,002 BTC, which today, is worth $440,905,507.02.
This is the monthly price of Bitcoin during 2012, the last time he was able to access his account.
This is exactly what you should not do. Make sure you have multiple copies stored in safe places. If you have to, go buy a mason jar, put two laminated copies of your recovery code along with a flash drive that contains the code on a word doc, and bury it in your back yard.
If you do have crypto in an online wallet, make sure you stop for a moment and take multiple screenshots of your account balance and make sure it shows the time and date of the screenshot. Do this every few days until you are able to move it off of the internet and on to a hardware wallet.