I have a friend that is really invested into crypto. She is very enthusiastic about it and I learned a ton about Bitcoin and crypto from her. But then she told me something that scared me: she keeps ALL her Bitcoin in the exchanges rather than a hard wallet.
I told her that was a security risk, she could get hacked, the exchange might play dirty with her money in the future, the exchange could disappear. Her response was that I was being paranoid, that her exchanges are safe, and that she is pretty careful anyway so she is certain hackers won't get her.
How do you convince people like that? I am worried Murphy's Law will hit her badly and she will lose her funds.
You said that you learned crypto from her but how come she doesn't understand the risk of putting crypto investment on a centralized exchange. Convincing someone to not store their cryptos outside of exchange is really not easy especially if it doesn't happen yet to her or someone she knows. You already warned her so I think that is enough, let's just hope that the exchange she trusts won't exit scam in the future.
About the hardware wallet, you don't need to buy those, even a non-custodial wallet like trustwallet or metamask is already enough to safely keep your cryptos for many years. Just make sure to keep the seed phrase in a safe place and also make a backup of it incase something happens.