The crypto world is new and exciting with boundless opportunities and as a result it’s seen rapid growth. Maybe you have joined the crypto world by investing, trading or holding cryptocurrencies like bitcoin. Well, if you have, you want to be sure that your crypto is protected from hackers, scammers and other bad actors in this industry. With the bow up of centralized exchanges, gaping holes have become visible. These holes exist primarily because of greedy, power-hungry players, just like in other financial sectors, and not because the underlying technology behind blockchain. So, follow these steps to stay safe and prevent hackers, spammers and other greedy slimeballs from stealing your crypto!
Stories of “Hacked” Bitcoin
The Justice Department reported that it had successfully recovered $2.3 million worth of bitcoin from Colonial Pipeline, which was used to pay ransomware hackers in April 2021.
The news created confusion online. Many speculated that bitcoin had been “hacked”. And the bitcoin price seemed to drop due to security concerns.
Experts believe that the FBI was able to recover the ransomed bitcoins from the criminals because they stored their private keys where the authorities could find them rather than any vulnerability in the cryptocurrency.
To unlock a cryptocurrency holder’s account, private keys are a string of numbers and letters that is similar to a password. It is crucial that your private keys are not disclosed to the public.
Parker Lewis, head for business development at Unchained Capital’s bitcoin custody and loan company, told CNBC Make It that anyone can move funds, “anybody, anytime” Private keys are the only way funds can be moved. That’s why it is important to secure private keys.
The Federal Trade Commission reported that crypto-scams were responsible for nearly $82 million in losses during the fourth quarter of 2020 and the first quarter of 2021. The FTC reported that this is more than 10x the amount lost in the same time period the prior year.
It is important to know the types of wallets available to protect your crypto against hackers and any other threat.
Custodial and non-custodial wallets
It’s crucial to first understand the differences between wallets.
To store your cryptocurrency funds, you have two options: a non-custodial or custodial wallet. This decision is dependent on your personal preferences and each has both pros and cons.
What is a Non-Custodial Wallet?
You are in control of your private keys with a non-custodial or self-custody wallet and you have full ownership of your cryptocurrency assets.
That also means that you are responsible for keeping your private keys safe and taking security precautions to protect your funds when you use a non-custodial account. You will not be able to access your cryptocurrency if you lose your private keys. Unfortunately, this is a common occurrence.
“You have the responsibility of making sure that you don’t lose keys. And you’re the only one with that responsibility,” Nick Neuman, CEO and founder of Casa, a bitcoin security and self custody company, says.
Neuman states that you are responsible for making sure you have backup mechanisms such as cold wallets and hardware wallets. These physical devices store your keys offline. Many hardware wallets are similar to a USB stick.
Although hardware wallets are generally considered the most secure way to store private keys there are still risks. You should use a trusted provider of the hardware like Ledger or Trevor, and keep your hardware wallet safe. A physical device can still be stolen, or destroyed.
Hot Wallets
As Lewis states: if your bitcoin keys are connected to the internet then while you sleep, there might be a hacker trying to gain access to your keys. That’s why “Hot wallets” (or those that are connected to the internet) are more vulnerable than cold wallets.
Storing Your Private Keys
Some investors use a physical wallet to protect their keys. Others write their private keys on paper, and then lock it in a vault. Non-custodial wallets with multisignature protection are also preferred by some investors.
Multisig Options
For most bitcoin wallets, you only need one private key to access the cryptocurrency and move it. Multisig requires multiple keys. Each key is stored on a different device. This includes your phone, offline wallets and other hardware wallets.
Neuman states that “the main point is, regardless of how you back it up, you must find a way to backup your key in the event you lose it so you don’t lose your entire crypto due to a mistake.”
What Is a Custodial Wallet & How Do You Use One?
Custodial wallet services allow third parties like Kraken, Coinbase or Gemini to have control over your private keys.
This means that when you purchase cryptocurrency via an exchange, you get an “IOU” for it, while the exchange holds the private keys and keeps the cryptocurrency in their wallet.
Neuman states that, for example, if Coinbase sells bitcoin, Coinbase “owes” you bitcoin until you withdraw it.
While some bitcoin enthusiasts like to say “not your keys, not your wallet”, many still prefer a custodial account. This is because you don’t have to worry about misplacing the private keys to the wallet.
But it is important to understand the risks. A custodial wallet allows hackers to access your funds without your private keys. The exchange has the keys and not you. Neuman states that this eliminates the need for you to provide protection for your funds. Many exchanges are very concerned about security and have other methods to prevent your account being hacked.
Custodial… Like a Bank
It’s kind of similar to a bank. Your money is held in the bank. The bank uses your money for all kinds of other things, primarily lending the money to businesses or other people and charging interest. However, the bank keeps a record of how much you deposited and have on account with them and which they owe you should you wish to withdraw it. You don’t have to worry about storing the money and hiding it under mattress. The same would apply to a custodial account. However, this is a new industry, the crypto market is volatile, and many people would say that crypto exchanges are not as reliable or trustworthy as a traditional bank.
That’s why Philip Martin, Chief Security Officer at Coinbase, says that before you make a decision to use an exchange, it is important to research the exchanges, learn which ones have been around for a long time, and check which ones have some kind of regulatory framework.
How to Protect Your Wallet from Hackers
No matter where you store your private keys and cryptocurrency, bad actors can be found throughout the crypto space.
Avoid SMS 2FA to prevent SIM Swap Scams
Sim swapping is a common scam. In most crypto wallets you will need to create a username, password, and two-factor authentication (or two FA) when you sign up for an exchange. A hacker could gain access to your account by gaining login information. But they would also need to have the 2FA. How can they obtain that? Isn’t that unique to me and my device with one-off codes? Well, the scammers will call your phone company to convince them to change your number to their device.
Neuman states, “It’s quite unfortunate, but they can convince your telecom company that they will transfer your number. This is why we flat out say never use SMS message for 2FA if it’s possible to avoid it.”
For some exchanges, however, the SMS 2FA may be the only option. Martin suggests that you call your carrier to request a password or another barrier be added to your account.
Hardware Keys for Extra Security
Martin recommends that you use a YubiKey if the exchange allows it. This is a USB-based hardware authentication key that can plug into a device and provides long-term cost savings because you don’t have to re-issue new tokens every quarter or year.
Neuman agrees that hardware keys are the best way to protect your account.”I think it’s safe to say that even if you store your tokens in a custodial wallet, using a hardware key is definitely safer than not.” However, he also points out that there are still vulnerabilities with these devices. “Hardware security can be broken
Use Password Managers
Martin also recommends using password managers to store login credentials, and warns against using the same password across accounts. For login information, a password manager can be invaluable to generate unique secure passwords and to manage and store them securely.
Store Seed Phrases Securely Offline
After you have chosen a wallet service, the software will often generate a unique phrase. This is a collection of 12-24 random words that can be used to recover your cryptocurrency wallet. You should keep your seed phrase completely confidential and store it in a safe location offline. Do not store the seed phrase electronically anywhere (e.g. on your phone as a photo). If anyone gains access to your device or file that contains that information they could potentially become the new owners of your crypto!
Never Share Your Information
You should be skeptical about receiving messages from outsiders regarding your crypto wallet.
Martin states, “If it sounds too good to be true it probably is.” “No one on Twitter will send you back twice what you sent.” Avoid people making such claims like the plague!
Avoid Remote Viewing Software
Be wary of anyone who offers remote screen viewing software for your laptop. The big players in Crypto (like Coinbase, Binance) will not do that. Remote viewing software can open up your machine to vulnerabilities like file copying and pasting. These files could contain malicious content, including those that put your crypto at risk. Further, once a hacker is on your machine, they can then obtain other information that might not be secured properly, including credentials for your crypto assets, wallets and exchanges. You can learn about malware risks here.
The Final Score
While nothing is 100% secure, there are some simple steps you can take to protect your crypto assets. Even a basic awareness of how different crypto wallets work will help you understand the vulnerabilities that exist and the options available to secure your assets. Following some of the above steps will get you on track to securing your digital assets. If you are looking to get into Crypto and purchase some bitcoin or other assets, I have had good experiences with Crypto.com, Cex.io and Nexo.io. But, remember, when you store your crypto on a centralized exchange like these (which are custodial wallets), you are putting your tokens at risk. So, when you purcahse tokens, consider removing them to a non-custodial wallet like a Ledger or Trezor device.