Secure & Inventory
Lock down every email account, then catalogue every exchange and wallet they touch — in that order.
Before you go looking for what you have, make sure no one else can get there first. Almost every consumer cryptocurrency account in the world is anchored to an email address. That email is the master key — whoever controls it can request a password reset, receive verification codes, and walk straight into the account. So our work begins not with exchanges or wallets, but with the email accounts themselves.
The five email addresses in scope for this manual are [email protected], [email protected], [email protected], [email protected], and [email protected]. We will treat them all with the same care, in the same order, every time.
Part A — Securing each Gmail account
For every email account you can still log into, work through the same five steps. Take ten minutes per account; do not rush.
1. Sign out unfamiliar devices
Open myaccount.google.com/security and scroll to the section titled Your devices. Click Manage all devices. Anything you do not recognise — an old phone you sold, a tablet you no longer own, a laptop in an unfamiliar city — sign out and remove. If a device location looks plausible but unfamiliar, sign it out anyway. You can always sign back in from a device you actually hold.
2. Enable two-step verification
In the same security menu, find 2-Step Verification and turn it on. Where possible, choose an authenticator app such as Google Authenticator or Authy rather than text-message codes. Text messages can be intercepted through SIM-swap attacks; an authenticator generates the code locally on a physical device in your hand.
3. Verify recovery phone and recovery email
Confirm both the recovery phone number and the recovery email address are yours and currently reachable. If either belongs to someone you no longer know — an old roommate, a former partner, an old work line — remove it. A stale recovery contact is a backdoor.
4. Change the password
Use a long, unique passphrase you have never used elsewhere. A password manager such as 1Password, Bitwarden, or Apple Keychain will generate and remember it for you. Do not reuse passwords between Gmail accounts; if one falls, all of them fall together.
5. Review recent security events
Still on the security page, open Recent security activity and scan the last few months for anything you do not recognise: sign-ins from unexpected places, password changes you did not make, recovery information you did not update. Anything strange is worth pausing on.
Part B — Building the inventory
Once an email is secure, we use it to map every cryptocurrency platform it has ever touched. You are not looking for balances yet — only for evidence that an account exists. Open Gmail in a web browser, and run each of the following searches in turn, pausing to note what you find.
| Search Query | Likely Platform |
|---|---|
from:coinbase.com | Coinbase, Coinbase Pro |
from:binance.com OR from:binance.us | Binance (international and US) |
from:kraken.com | Kraken |
from:gemini.com | Gemini |
from:crypto.com | Crypto.com |
from:blockchain.com OR from:blockchain.info | Blockchain.com wallet |
from:bitstamp.net | Bitstamp |
from:bittrex.com | Bittrex (defunct — Chapter 4) |
from:poloniex.com | Poloniex |
from:robinhood.com | Robinhood Crypto |
from:cash.app | Cash App Bitcoin |
from:paypal.com "crypto" | PayPal crypto holdings |
from:mtgox.com | Mt. Gox (defunct — claims open) |
subject:("seed phrase" OR "recovery phrase" OR wallet) | Self-custody wallets (MetaMask, Exodus, Ledger, Trezor, etc.) |
subject:("verify your email" OR "welcome") bitcoin | Catch-all for smaller or forgotten platforms |
As you work, keep a running inventory in a single document — a notebook, a Google Doc, an Apple Note. The format need not be fancy; clarity beats elegance.
Email: [email protected] - Coinbase (welcome 2014, last receipt 2017) - Bittrex (signup 2015 — defunct, see Chapter 4) - MetaMask (wallet setup 2018 — see Chapter 3) Email: [email protected] - Binance.US (signup 2019) ...
Part C — A short word on the next chapter
Once you have secured every email you can, and inventoried every platform those emails have ever spoken to, Chapter Two will begin the slow, careful work of logging back in. We will type URLs by hand. We will ignore email links. We will redo identity verification where required. And we will discover, one by one, what is still where you left it — and what isn't.
