The cryptocurrency market is down from its all-time high, but that doesn’t mean cryptocurrencies are dead. Market caps are still in the tens of billions for the largest coins (and over 100 billion for Bitcoin), so there is still plenty of money in the market.
The Coincheck hack recently shows how easy it is for your money to simply disappear. Of course, Coincheck has started to reimburse users, but that may not always be the case. And if you lose your cryptos in a scam, it is nearly impossible to recover the assets – after all, cryptos tend to ignore jurisdictional borders and fraud is much harder to prevent internationally. So, how can you protect yourself?
Hot and Cold Wallets
When choosing a wallet, one must consider which temperature of wallet to choose: hot or cold. Hot wallets, residing on exchanges as accounts, are certainly better for trading. The assets and their records are stored directly on third-party servers, so security is largely dependent on the third-party’s capabilities. Hot wallets residing on personal computers are also vulnerable to attack, as even PC users with good computing habits might suffer drive-by infections from malware-infected advertising or websites.
Cold wallets are far more secure, as they are not connected to the internet. Having physical access to a device is nearly impossible for most hackers, who prefer to remain anonymous and remote, anyway. Hardware cold wallets are a good way to avoid attacks and to store crypto assets long term. Software cold wallets, meaning software wallets that reside on air-gapped PCs, are also a way to store assets that need to occasionally be transferred.
Clearly cold wallets are the clear security winner, but convenience is severely hindered. If you want to maintain a hot wallet (or want to trade), it is advisable to keep hot-wallet assets to a minimum. If you’re an all-in trader, utilizing all of your crypto assets, perform your due diligence against the exchange you choose before wiring thousands of dollars.
For the Traders, Use 2FA
If you use hardware cold wallets, there isn’t much more to say. You’re secure unless someone finds flaws in the crypto’s algorithm, and in that case, it does not matter how secure you are, because the system is insecure. Assuming you keep your assets on an exchange, use two-factor authentication whenever possible. And if your exchange doesn’t offer 2FA, rethink your choice of exchange.
As stated above, having a physical device (like your phone) adds a significant layer of security which is extremely difficult to circumnavigate. 2FA incorporates this physical device layer of security easily. It may come as a slight inconvenience at first, but when it was only your account that was drained, the exchange won’t help you.
Be Wary of Imposters
Phishing and imitation sites are quite popular these days. Etherdelta, a decentralized exchange for Ethereum tokens, had its domain spoofed, leading users to access a compromised server. The affected users entered their private keys, and suddenly the attackers had complete control over victims’ addresses.
But it may not even be that sophisticated. If a scammer can deceive someone into clicking a link in an email, the link may lead to an imitation site that looks almost entirely the same. Poor imitations may look the part but perform poorly. Well-done imitation sites might even have live chat. Be careful of the links you click and investigate immediately if you notice anything different.
This one cannot be stressed enough. With cryptocurrencies, there is no bank or central authority to call for help. Exchanges may be able to help with lost passwords, but the entire point of cryptos is to be entirely secured with mathematics and only accessible with the key. If you lose your key on a hardware wallet or even a non-exchange hot wallet, you will simply lose access to the funds. Forever. Unless you can afford to brute force the key, which should be nearly impossible (otherwise cryptos aren’t safe, anyway).
The moral? Back up your wallets and your keys. Do it digitally, do it on paper, and do it preferably in separate physical locations. Water-damaged USB backups are useless after a flood if everything is stored in one location.
Practice Good Security
Avoid inattentive web surfing. Avoid dangerous pages. Don’t click links you don’t know, and be wary of email and password scams. Scan your computer for malware, keyloggers, Trojans. Use more than one password for your accounts. These are basic security measures you should take anyway.
And don’t forget mobile devices area computers, too. If you are using a mobile trading app or wallet, practice mobile security. It isn’t much different from desktop security, and it isn’t hard to do. With all of the worry about exchange hacks, if you don’t practice good security, it doesn’t matter how secure the product is.
Written By: Nick Rojas