Before a Large Crypto Transfer, Which 10 Checks Should You Actually Run?

For any serious transfer, I break the process into 10 steps and move slowly. Not because I distrust the wallet, but because skipping any single step measurably raises the chance of an accident. A transfer is not like a trade. There is no undo. The checklist below takes under 10 minutes once you are used to it, and it blocks almost every preventable failure mode.

Step 1: Lock down the environment

Large transfers do not happen in public, on the road, or in a bad mood. Environment is part of safety. Concretely: close every unrelated window, mute the phone, disconnect Bluetooth headsets, turn off notifications that can pop in. If you are in a café, today is not the day. The reasoning extends beyond network risk and is laid out in Public Wi-Fi Crypto Safety Risks; it also covers visual privacy and mental focus.

Step 2: Inspect the device

Look at the device you are about to sign on. Has the system been updated recently. Are there any unfamiliar apps installed. Is the battery fine. Is the network trusted. On a laptop, glance at the browser extension list for anything you do not recognize. On a phone, open the “recently installed” view in settings. For a hardware wallet, verify the firmware is a current stable release, not a pushed-out experimental one.

Step 3: Confirm where the destination address came from

This is the core step. Trace how that address first reached you. If a counterparty sent it in a private message, re-confirm through an independent channel: a call, a video, a second platform. If it came from an exchange or institutional page, double-check the page is real. Clipboard-replacement attacks are common, and the mechanics are covered in Clipboard Address Swap Malware; once you understand the mechanism, you understand why the second channel matters.

Step 4: Compare more than the first and last four

After pasting the address, do not just glance at the first and last four characters. Read six characters at each end aloud and pick a random middle slice to verify. Ideally, compare screen against paper, not against memory. Lookalike attacks specifically craft addresses with identical first and last four characters, designed to defeat the lazy scan. Six characters per end usually defeats them.

Step 5: Confirm the chain

Many people get caught on the wrong chain. USDT on ERC20, TRC20, Arbitrum, and Polygon are different assets in practice, and sending to the wrong chain is equivalent to losing the funds. Ask the recipient again, on the day of the transfer, which chain they expect and which contract address corresponds to it. Trust the question, not your memory.

Step 6: Run a test transaction

The single most important step in the list. Send a small amount first, perhaps five or ten dollars worth, and walk the entire flow: send, wait for confirmation, get the recipient to confirm receipt, then send the real amount. A test transaction verifies four things at once: the address, the chain, the recipient’s ability to actually receive, and the signing device’s behavior. If any of those is broken, it breaks cheaply. Never skip this step.

Step 7: Final pause before signing the real amount

When the real popup is ready, force yourself to wait three seconds before tapping confirm. In those three seconds, look only at three things: the amount, the first and last six of the address, and the contract call if this is not a plain transfer. If anything makes you hesitate, exit and come back in a few minutes. Almost all failures happen in the “looks fine, confirm” half-second, not during the careful review. The same logic is reinforced throughout Basic Crypto Security Habits.

Step 8: Wait for on-chain finality

Submitting is not finishing. Wait until the confirmation depth crosses your chain’s safety threshold: roughly 12 blocks on Ethereum mainnet, around 32 slots on Solana, at least 3 blocks on Bitcoin. Thresholds vary, check yours in advance. Do not start a second transfer during the wait. If the current one has not finalized, stop.

Step 9: Have the recipient confirm receipt

Arrived on chain is not the same as received. The chain says success, but whether the counterparty can see and spend the funds is a separate question. Wait until they tell you explicitly that they see it. For exchange deposits, watch the balance move from “pending” to “available” in your account; any stall in between needs an explanation.

Step 10: Record and review

After completion, archive the key facts: transaction hash, chain, recipient, amount, purpose, timestamp. Keep one copy in an encrypted note and one in your regular finance log. Review monthly or quarterly. It helps with taxes, and more importantly, it spares you from rummaging for “who exactly did I send that to” months later. The same record-keeping discipline is in Large Exchange Withdrawal Checklist, and the logic carries over.

10-step quick map

One closing note

Ten steps sound like a lot, but the rhythm flattens quickly with practice and the whole loop runs under ten minutes. The work is not in the actions; it is in building the habit of always doing them. If anything about a transfer feels off, address mismatch, silent counterparty, strange signing device behavior, the safest move is to stop. Do not try to patch, do not try to resend immediately. The “pause first” thinking from Suspected Seed Leak Response generalizes here. Large-transfer safety is never a technical contest; it is a discipline contest. Finish the discipline and you have already won.