Bitcoin’s price has skyrocketed in the past few months, hitting $19K and inching closer to breaching its 2017 all-time high. While this recent uptick is good news for most crypto investors, surely you’ve paused to consider the safety of your crypto holdings at some point.
Regardless of how much your cryptocurrencies are worth, your ultimate goal should be to store them safely. Now we’re faced with the question, “Why should you keep your cryptocurrencies safe?”
Well, the obvious answer is that cryptocurrency, just like other asset classes, functions as a medium of exchanging and storing value. For instance, it stands to reason that a cybercriminal could steal your Bitcoin. The so-called bad guys are now becoming more sophisticated, stealing over $100 million from DeFi projects in 2020 alone.
Moreover, it’s perfectly normal to wonder why you should bother securing your crypto when some investors have claimed that Bitcoin is meant to be the world’s safest financial solution.
While Bitcoin and other cryptocurrencies themselves might be secure, the weak link in the equation is something you might not expect: you’re the weak link.
Unlike the traditional financial landscape, the cryptocurrency space is largely decentralized. Blockchain, the underlying technology, is essentially an open, distributed ledger that processes transactions via a peer-to-peer network of nodes.
The absence of a central authority or ‘trusted’ third-party places the burden on you. In plain English, you’re your own bank and as such, you’re largely responsible for safeguarding your crypto assets.
The scary thing is that any of the following scenarios will leave you potentially vulnerable to losing your crypto holdings:
- Your exchange account, mobile wallet, or email account could get hacked.
- You could transfer funds to the wrong wallet address, with no chance to reverse the transaction.
- Your computer — or even smartphone — could be infected with various malware designed to steal your coins.
- You might forget to backup your seed phrase, making it impossible to recover your wallet in the event of loss, damage, or theft.
Fortunately, there are different ways you can avoid these threats. In this article, we’ll provide you with seven quick tips to safeguard your crypto and protect yourself from a potentially disastrous situation.
Although you may have come across some of these points in the past (probably didn’t think too much of it then), now we’re bringing it back to you — along with newfound information!
1. Use Strong Passwords
One of the easiest ways to safeguard your cryptocurrencies is by using strong passwords to protect your wallet and crypto-related accounts. Most hackers use different tools to crack stolen passwords, so the longer and more complicated your password is, the harder it is to crack.
It’s also important to keep the following password best practices in mind:
- A strong password contains a long, complex string of characters so it’s harder to crack. Ideally, a strong password is at least 12 characters long, with a healthy mix of numbers, symbols (most common ones are !£$%^&#@), uppercase and lowercase letters.
- Avoid using the same password for different accounts across multiple platforms. This makes you vulnerable to a brute-force attack, particularly if the password has been leaked in a previous data breach.
- Always log out of your account whenever you’re done with a transaction. Doing this will protect you from hackers (particularly on public WiFi networks) trying to hack your account by stealing your session cookies.
- You can opt for a password manager, so you won’t forget your password or have to type it out every time. LastPass and Dashlane are two popular password management solutions.
2. Set Up Two-Factor Authentication (2FA)
Two-factor authentication (aka two-step verification) is usually added to different digital processes as an additional layer of security. Essentially, with two-factor authentication, you can only access a website or app after you’ve passed multiple security checks.
So, aside from your usual password, the platform may ask you to input a secret code sent to you either through email, SMS or push notification. These verification codes usually expire after some time, making it impossible for bad actors to use past (i.e., expired) codes to access your account.
Almost all cryptocurrency exchanges support two-step verification to better secure your account. Some exchanges offer simple email and SMS verification, while others take it a step further with 2FA apps like Google Authenticator.
Once you’ve set up 2FA, you will receive a one-time password every time you want to perform critical actions like logging into your account, transferring crypto to other people, changing your account information and completing withdrawals.
3. Securing Your Crypto Wallet
The safety of your crypto also depends on the type of wallet you use. Generally, you can choose between a custodial and non-custodial wallet for storing your coins.
Custodial wallets are digital wallets controlled by third parties (typically crypto brokerages and exchanges) who hold your private keys and help secure your crypto holdings. Although custodial wallets are a user-friendly option to store your coins (you can manage your crypto easily and your keys are safe), they are a bad idea for holding your cryptocurrency long term. Here’s why:
- Custodial wallets are centralized, which makes them no different from banks since they have control over your money.
- You don’t have access to your private keys, which means you need the wallet provider to grant you access to your own funds.
- With a third-party involved in your ‘business’ creates a loophole for shady owners to steal your funds.
- The wallet could get hacked, leaving you with the possibility of losing your crypto.
Non-custodial wallets, on the other hand, are decentralized since you’re the sole custodian of your private keys. They put you in control of your crypto and nobody can access your funds without your authorization.
Basically, you get a keystore file containing your private/public key pairs and a mnemonic (or seed) phrase. The mnemonic phrase is usually an ordered sequence of 12 to 24 words long.
You should have your mnemonic phrase copied and stored properly; you’ll use it to recover your wallet and funds.
As a rule, stay away from custodial wallets when possible.
Always Use Cold Storage
Cold storage is a broad term used for cryptocurrency wallets that function without an internet connection. Cold wallets are physical electronic devices created specifically to securely store your cryptocurrencies offline.
With this type of wallet, you can only process a transaction when it is connected to your computer or smartphone. Cold wallets are more expensive than hot wallets (which are usually free) but if you can afford it, you’ll sleep like a baby knowing your crypto is safe.
Hardware wallets are arguably the most secure type of cold storage. They are physical devices similar to USB flash drives but designed to only store your wallet information (read: funds) offline. As with air-gapped computers, hackers cannot remotely access these wallets to steal your crypto.
There are several hardware wallets but the popular ones are Ledger Nano S and Trezor.
Multi-signature wallets (or multisig) are like the intersection of custodial and non-custodial wallets. Each copayer has a private key for accessing the wallet but needs other copayers’ keys to authorize transactions from the wallet.
Essentially, multi-sig wallets require two or more private keys to be provided at the same time before any funds can be uploaded or accessed. Without the required number of keys (depending on the type of multi-sig wallet), no one can perform transactions using the wallet.
Multisig adds an extra layer of security when you want to conduct cryptocurrency transactions.
4. Lose Your Keys, Lose Your Crypto
Private keys are undoubtedly the most important aspect of keeping your cryptocurrencies safe. A private key is a string of numbers that represents the cryptocurrency in your wallet.
Primarily, private keys prove ownership of crypto assets on a specific blockchain address and grant you access to your funds. Needless to say, if it falls into the wrong hands, hackers can have full access to your wallet.
Regarding wallet security, the rule of thumb is, you don’t own your crypto if your private key isn’t in your possession.
Since the importance of private keys is obvious, it is essential that you backup your private keys. An easier way to keep your wallet safe is to write your mnemonic phrase down and hide it from prying eyes.
If you didn’t backup your private keys and you lose your wallet, you can easily recover it with this phrase. A mnemonic phrase usually looks like this:
dad cheap north reopen stomach tribe bamboo tiger volcano soup miracle oven
(That’s not a valid mnemonic phrase, by the way.)
Although a mnemonic phrase offers you a user-friendly option of restoring your wallet, there are instances where the phrase might be useless; say
- You printed it out and now the paper degraded or got damaged.
- The wallet provider is out of business.
- You wrote down one or more words incorrectly.
In any of these scenarios, you might need to use another wallet, and you can only do this if your private keys were backed up.
Backing up your wallet entails exporting your keys from your wallet. You can export your keys and then print it out to keep it somewhere safe. You can also save your private key backup in a USB drive but remember to encrypt the file.
5. Trade and Invest Only On Reputable Crypto Platforms
The crypto space has exploded over the years. We now have lots of coins streaming into the market, and new exchanges, investment schemes etc. are equally popping up now and then. With so many platforms available, it’s becoming increasingly difficult to know for sure which ones can be trusted.
To that end, here are three crypto scams you should be aware of:
Fake Crypto Platforms
There are so many fake crypto wallets and exchanges out there; it’s like something out of a scary movie.
They usually pose as legitimate platforms where you can trade your cryptocurrencies or store your coins. They may even offer you juicy bonuses and perks like zero trading fees, no KYC, etc. However, once you make a deposit, you’ll find it difficult to withdraw your crypto and they’ll empty out your crypto into their wallets.
When in doubt, you should verify the legitimacy of a particular platform by reading reviews by other people online. You can also browse cryptocurrency forums and communities — Reddit usually helps — for more information.
Fake Investment Schemes
Fake crypto platforms are but even more, you should keep an eye out for crypto investment platforms offering you outrageous returns. These platforms will offer you an opportunity to make double or triple any investment you make. In fact, you might get returns on your first deposit, however, the next one isn’t promised.
Most of the time you can find these ads on different social media platforms like Facebook and Instagram. The fraudsters often use pictures of legitimate-looking articles from fake news publications to lure unsuspecting victims into parting with their money.
Cryptocurrency Ponzi Schemes
Ponzi schemes have been in existence for decades and are still very much around today. Crypto or not, these schemes operate under the premise of ‘guaranteed’ returns, depending on how many people you can get to sign up. However, all Ponzis eventually collapse once they become saturated.
A perfect example is OneCoin, a company that convinced many people to invest in a new cryptocurrency that would be more valuable than Bitcoin. OneCoin creator and self-proclaimed ‘Cryptoqueen’ Ruja Ignatova is still at large after she disappeared in October 2017, according to the FBI. The BBC reports an estimated €4bn invested into OneCoin between August 2014 and March 2017, in what was termed “crypto’s most notorious Ponzi scheme.”
Many users have been victims of exit scams, losing their hard-earned funds to shady crypto projects and platforms. Here are some important pointers to note when choosing a crypto exchange, wallet app, or investment platform:
- Unrealistic profit claims: A lot of fraudsters make a lot of promises that are usually not based on factual data or backed with research; instead, they prey on your emotions with outrageous claims. If what you’re being offered sounds too good to be true, that’s because it most likely is (a scam). Always do your research before taking the leap into anything in the crypto space. A simple Google search “[Platform Name] + review” would do.
- Little background information: Another common feature of illegitimate crypto platforms is that there’s no mention of a team. Although many exchange platforms do not list out the entire team, you can find the name of the director and chief officers. If you can’t find these details, you should be wary. Also, if there are names, carry out research and find out if they are credible.
All in all, you need to always watch out for anything suspicious before you send your crypto to any exchange or wallet. Better still, only use reputable exchanges and platforms reviewed and recommended by trusted websites.
6. Avoid Unsecured Networks Like the Plague
The next vital tip for protecting your cryptocurrencies is to avoid conducting any crypto-related activities using a public WiFi network. Always ensure you perform any cryptocurrency transactions via a secure network you trust.
In 2017, a man in Vienna lost over $117,000 worth of Bitcoin to hackers while he was logged in on a restaurant’s public WiFi network. Even worse, he simply logged in to check the value of his cryptocurrency, a decision that ended up costing him greatly.
According to a police statement, the Bitcoin was transferred to an “unknown, non-traceable account” in an entirely avoidable situation. Although it’s unclear if his account was already hacked before he connected to the network, it still a possibility that the public network left him exposed.
As you now know, choosing to log into your crypto exchange account or upload funds using a public WiFi is a huge security risk. Hackers can easily steal your login details and moreso, open networks are a perfect place for them to infect your computer with crypto-stealing malware.
“Better safe than sorry”… you should resist the urge to check on your crypto every minute — they’re not going anywhere! Do not access your wallet when you’re not in a secure location unless it’s a matter of urgency.
No doubt, there are times when you’ll have to connect to a public Wi-Fi network. In this situation, simply hold off on your crypto-related affairs until you’re connected to a secure network.
7. Tips and Best Practices for Securing Your Crypto (and Yourself)
Here are some other points we didn’t cover but are equally as important as the above points.
1. Be wary of suspicious phone calls, emails and messages from scammers claiming to be from popular cryptocurrency platforms, exchanges or news websites.
A case in point is the recent phishing scam involving fake CoinDesk emails. In this scheme, scammers create fake emails designed to look like newsletters from CoinDesk and include a malicious link. The link directs users to a fake version of the CoinDesk website asking them to pay an amount in BTC for ad space on the CoinDesk website. Once you pay, the hackers will vanish and you’ll be left to lick your wounds.
2. Be smart and use common sense.
Also, it probably goes without saying, but don’t brag about your crypto holdings on online forums or social media. Doing this will make you a heavy target for hackers, scammers, and even criminals in your neighborhood.
Back in May 2018, Pavel Nyashin, a 23-year old Russian crypto investor and blogger was found dead in his apartment. Prior to his death, he’d boasted online about his huge crypto wealth and shortly after, was attacked by masked robbers who made away with $425,000.
It’s sensible to be careful about what you say online because you never know who is watching. Although this was an extreme scenario, it’s always better to be safe than sorry.
3. Install a good antivirus and check for malware regularly
Primarily, hackers will infect your computer with crypto-mining malware, which will use your computer’s CPU (or GPU) to mine cryptocurrencies. Other attack forms involve:
- keyloggers which monitor and record your keyboard presses for sensitive information;
- ransomware which encrypt your files, asking you for a ransom to unlock your files; and
- clipboard hijacking malware that replaces your copied wallet address with the hacker’s address.
To prevent this, be sure to delete every suspicious file — particularly executables (i.e., EXEs) — and do a full malware scan of your system regularly.
4. Be wary of anyone asking to remotely access your computer.
Finally, never give anyone remote access to your smartphone or computer.
A rising trend of attacks that have happened over the years is a hacker taking over a victim’s computer via remote access software. With the help of sophisticated tools, hackers can take over your device once you give them access and steal your crypto.
This is common with scammers posing as tech support agents who fix computer-related issues remotely. They’ll make you believe your computer has a serious issue like a notorious which could crash it at any moment, and ask you to pay in crypto so they can ‘help’ you fix it.
They may also ask you to install a remote desktop software so they can fix the issue from their PC. Once you install the software and they connect to your computer, they’ll access your wallet. Of course, it’s more elaborate but that’s basically how it works.
Cryptocurrencies are no doubt becoming an increasingly important part of our everyday lives. Investing in crypto is worth every penny because of the growing global adoption and the massive earning potential.
However, with more hackers and cybercriminals directing their activities towards the crypto space, you need to ensure your coins are safely tucked away. Remember, you’re responsible for keeping your crypto safe and, unlike centralized platforms, blockchain doesn’t have a private key recovery feature.
As such, it’s important to develop a healthy habit of securing your digital assets properly and backing up your wallet. Thankfully, this detailed guide is exactly what you need to get started with safeguarding your cryptocurrencies.