Cryptocurrency trading is still in its infancy. But already there have been numerous horror stories about speculators losing millions to thieves and fraudsters.
The natural volatility of these investments is plenty of risk and uncertainty to bear. And at least volatility has an excellent chance of working in your favor! But fraud and theft have no upside for any honest person – and it’s bad for the crypto asset class as a whole.
Whether you’re a speculator, or you’re just holding on to a few coin for everyday transactions, here’s the bare minimum you need to know to protect your crypto against hackers and thieves.
Exchanges are targets.
Yes, exchanges in some form are necessary to facilitate the buying and selling of bitcoin and other cryptocurrencies. But they are also targets for some of the most sophisticated criminals on the planet. Already there have been multiple instances of exchanges getting hacked and thieves getting away with a fortune. The Mt. Gox exchange lost 750,000 bitcoin to cyberthieves in 2014. NiceHash asset-holders were socked for $78 million in another massive cybertheft.
The exchanges have default online wallets that are convenient – but you should also realize that the default wallets are big, fat, hairy targets for greedy organized criminals with teams of highly skilled hackers. And there’s no equivalent of the Canadian Investor Protection Fund (CIPF) or the U.S.’s SIPC or FDIC to act as a backstop against theft or fraud. In the Wild West of the crypto world, you’re on your own.
So you may not want to keep your assets in the exchange default wallet for long. Even if third-party hackers don’t successfully invade your account, the site owners could, or even a clever and ruthless employee or insider.
Understand “cold” vs. “hot wallet” storage.
Remote hackers can’t get into your wallet if the hard drive it’s on isn’t connected to the Internet. Computers can’t talk to each other without a network. To protect your crypto assets from hackers, use “cold storage,” rather than “hot wallet” storage. That is, disconnect the computer or your portable wallet device that physically holds your coin from the Internet entirely.
It may not just be a matter of unplugging a cable. Depending on your device, you may need to disable your WiFi as well.
As long as you keep your cryptocurrency holdings in “cold” storage, outside hackers can’t access it. They would need to physically possess your device. Use “hot wallets” only for the crypto assets you are planning to use immediately.
Use strong passwords
This isn’t an application where you want to use your pet’s name and your birthday. Use a variety of ‘best password’ practices:
- Don’t use a password that can be easily guessed. Hackers are good at this.
- Avoid unmodified dictionary words. Hacking tools have these hard coded into them and use these first.
- Write down your password and keep it in a secure location, away from your wallet. There’s no 800 number you can call to reset your password on these digital wallets, so be sure to keep track of it.
- Use special characters such as $, %, & or *.
- Use 15 characters or more.
- Don’t use the same passwords on multiple accounts. Otherwise one lucky guess from someone who knows you can wipe you out.
Practice sound cybersecurity.
Execute computer security basics to perfection. Install anti-virus systems and use them.
Also, Microsoft and Mac operating systems, because they’re so common, are common targets for hackers. Consider using a more secure operating system, such as Unix, Linux or Qubes.
You may want to segregate your computer activity: Use a single dedicated computer for all your crypto activities, and do all your personal and business computing on another. This helps prevent “leakage” of sensitive information and access, and helps keep your crypto offline in a “cold storage” situation, secure from outside hackers.
Use multi-factor security techniques, such as a combination physical device key and a password.
Also, never log onto your cryptocurrency accounts over public WiFi. There are people out there with special “sniffers” looking for just that circumstance.
The NiceHash theft occurred because an employee’s computer was compromised. Don’t let it be yours.
Write down your device’s mnemonic seed.
Any hardware device can become corrupted. Your digital wallet comes with a code called a mnemonic seed. Usually, this takes the form of a series of random words – a password on steroids – that you can use to restore your access to your wallet.
But you’ll need to generate it and store it ahead of time.
When you create a new wallet, your device will give you a list of 12, 18 or 24 random words.
This creates an additional layer of security for your wallet and the information it contains.
It’s a separate thing from your password, though – and for maximum security, you shouldn’t keep your password with your mnemonic seed. Hackers will need both to steal your money.
Keep track of your device.
If you keep your wallet on your own device, rather than using an exchange default wallet or another device, keep careful track of that device. James Howells of Newport, Wales threw out an old computer hard drive when he was cleaning out his desk, and it wound up in a landfill.
Only later did he remember that that hard drive contained 7,500 bitcoin, which he had bought in 2009 when it was worth next to nothing.
When he tossed it, it was worth $500,000.
It’s worth $48 million today.
Treat your physical wallet devices like you would cash: Keep them hidden.
Criminals are beginning to physically rob people at gunpoint and forcing people to transfer their crypto assets. A group of four thugs broke into one crypto trader’s house and forced him to transfer millions in crypto assets to untraceable accounts.
Don’t be too public about your trading activities and crypto holdings. Someone knew about this trader’s crypto wealth, or he wouldn’t have attracted their attention.
In another incident in Kiev, Ukraine, Pavel Lerner, managing director of the EXMO cryptocurrency exchange, was kidnapped leaving his office at the end of December, 2017. He was only released after being forced to transfer $1 million in bitcoin to his captors.
Don’t paint a target on your back by bragging about how well your crypto assets are doing, and don’t walk around with all your currency on a single drive in your pocket. Just take what you need.