Graduate Design Engineer
(These are my personal views and should not be taken as investment advice. Do your own research before making any investments)
As crypto-currencies and crypto assets gain increasing adoption, it is only natural that more malicious parties begin to their attention to the space. Stories of phishing attempts, scams and people’s crypto being stolen from their “secure” wallets are already fairly commonplace. These incidences usually arise from the exploitation of human carelessness or greed.
Crypto assets are great. They are decentralised, there’s no banks, no middle men, no centralised entity there to skim a little money of the top of every move your asset makes. But remember that crypto assets come with the decentralisation of responsibility as well. There is no more customer service. No more 1800 number for you to call if your wallet is suddenly empty. No one to help you dispute a unverified transaction. And most importantly, no one else to blame but yourself.
For the supposedly tech-savvy folks, you may be laughing and thinking to yourself,
“Cmon, who do you think I am? Grandma?”
Trust me, some of the most technologically knowledgeable people out there have been victims of scams and other nefarious schemes to steal crypto assets. These hackers and thieves are only getting better at their job. From fake sites that look exactly like the real ones, to the use of social hacking to try and get you to give up your private keys and straight up blatant “promise of more return” scams. All they need from you is just one lapse in judgement or one moment of greed.
To make things worse, the world of crypto assets (as it exists today) is not the most user-friendly one. Just the execution of a simple task requires many steps. Even simply sending some crypto to your friend is nothing like what exists today in fiat world. People having to copy addresses, some with 42 characters like “0xde0B295669a9FD93d5F28D9Ec85E40f4cb697BAe”. Things get complicated really fast.
As with everything in life, security doesn’t come for free. Good security comes at the cost of money and convenience. There are already many companies in place working to make the crypto world easier to navigate, while at the same time maintaining the level of security. But these will take time. In the mean time, I have put together this list of steps, tips and actions that we, as average crypto asset holders, should do at the very least to keep our crypto assets safe.
CoinCheck Hack: $730 million, BitGrail Hack: $170 million, BitFinex Hack: $120 million. The list goes on and on and on.
CoinCheck was the biggest cryptocurrency exchange in Japan. Bitfinex was once the biggest cryptocurrency exchange in the world. These hacks aren’t just happening to the smaller exchanges being run out of a dorm room in Texas. These are some of the biggest exchanges in world with plenty of qualified folks working on them. But yet hacks of such scale still do occur.
PLEASE DO NOT LEAVE MORE CRYPTO THAN YOU NEED ON EXCHANGES
Be it from hacks, malicious personnel at the exchanges or just plain old carelessness, leaving your crypto on exchanges is just an invitation for your crypto to be taken away from you. Only leave crypto assets that you are planning to trade soon. Everything else that you are planning to hold for some time should be moved to safer wallet.
There are mainly five different kinds of Crypto Asset wallets available on the market:
You can read more about the different types here. I would advise everyone to store your crypto assets on a hardware wallet (such as a Ledger Nano S , especially if the value of your assets feel like a fairly significant amount to you).
This type of wallet provides the best balance of convenience, price and security. The only way for anyone to access your assets would be through physical access to your actual hardware wallet or somehow getting hold of your private key. You can also put a pin on your hardware wallet before the user can gain access for further protection (just like your phone).
The best known hardware wallets are:
Make sure you enable 2FA on all your exchange accounts. Even if the exchange makes it optional. If you don’t do anything else on this list, please at least do this.
Please Enable 2FA
This will add a very good and hard to beat layer of security to your account, even if your other personal information is compromised. Lets say a malicious party managed to obtain your username and password, the attacker would still be unable to access your account without somehow getting the 2FA code. 2FA via text messages have already been exposed to have some vulnerabilities so do use authenticator apps such as Google Authenticator or Authy.
In today’s no rules internet world, there is no shortage of phishing attempts, fake websites and malicious links ready to infect your device with malware. The malware searches your computer hard drive for wallets. Once it finds one, it will attempt to copy the private keys and send them back to the malicious party. Key loggers are also very common. These things record every key that you have pressed and sends them back to the hacker. Fake websites and emails are probably the next most common way that these nefarious parties try to get a hold of your data so that they can get access to your assets.
I wouldn’t even know if I would have been able to spot the fake Binance site above. Imagine if the site was embedded and had the usual website underline for an embedded link. Those 2 dots below the n’s would be practically invisible and as a user we would be none the wiser.
So please do be alert, think twice if anything seems too good to be through and only used bookmarked addresses for your exchanges and wallets or any other site that gives you access to your crypto assets.
Please do not enter your credentials to access an exchange or your online wallet while connected to a public Wi-Fi like Starbucks, McDonalds or any kind of free Wi-Fi unless you are a security expert or have some background in surfing anonymously because the public open access point are the most vulnerable to hackers since it’s not secure.
This is something you should do not just for your crypto asset accounts but for everything else you do on the web. Now before you scream,
How the f*** am I supposed to remember all the different passwords for the 387 sites that I’m signed up on??
Thats what password managers are for. LastPass, 1Password and Dashlane have all proven to be strong reliable and safe password managers. While they may have their own fair share of problems, all manner of security researchers have concluded that its much much safer to use password managers that whatever password routine that you have existing. I would also advise to remove the autofill feature on the selected password manager that you use. You can find out more why over here.
Make sure that you have multiple copies of your private key and that they are stored in secure places. You do not want to end up in a situation where you lost your hardware wallet or forgot the password to your online wallet etc. AND you don’t have a copy of your private key. Now you’re not able to access your thousands of dollars worth of crypto assets. There will be no one to call and no one to help you. So please back everything up safely and securely.
I would just like to stress again how important it is to have some basic security habits when storing your crypto assets and participating in the wild west crypto world. There have been numerous stories of people having their crypto assets stolen or losing their access to their accounts, so trust me, you or me could be next. Remember in this world, you are responsible for your own assets and no one else. There is usually also no recourse to be had even if some other party was responsible for your lost assets. So be smart, take the necessary precautions, follow the instructions above and it can really help put you and your crypto assets out of harms way.
Just a reminder, if you would like to get a Ledger Nano S or any of their other products, do help a brother out and click through on the link below! You’re helping me get a cup of coffee to write my next piece. (As always you should hover your mouse over the embedded link to verify that it is the ledger site)
Before you go: If you’ve found the article to be useful and enjoyable in anyway do help a brother out by dropping a few coins so I can get some coffee at the cafe when writing my next piece. Any amount is appreciated. No amount is too little. Links below (:
If you disagree with anything or would just like to chat, drop a response below. I’m open to constructive feedback and thoughts.
Send ETH here : 0xEE70a49c4Ec5463d6a253cDBEB468B7d93cd98e9
Disclaimer: The trading of crypto-currencies has potential rewards, and it also has potential risks involved. Trading may not be suitable for all people. Anyone wishing to invest should seek his or her own independent financial or professional advice. This article is not financial advice and should not be taken as such. Invest at your own risk.