Hackers steal from people in the crypto ecosystem with alarming regularity. Their victims include newbies and seasoned veterans alike. No one is safe from the dastardly machinations of hackers and their rampant kleptomania. If people do not tend to their cryptocurrencies in the way a shepherd tends to his flock, they’ll potentially suffer great loses.
However, being hacked is not the only way to lose your wealth. Failing to prepare for market crashes and collapses can also cause significant loss. Some people simply purchase bitcoin, and embrace a HODL mentality, in the vain hope of accumulating incredible riches.
They may indeed become extremely wealthy, but as soon as severe volatility strikes, they’ll also lose their fortune. In this article, I’ll describe some methods to help protect your crypto wealth from hackers. In the next article, I’ll describe ways to insulate your crypto wealth from market volatility.
Securing Your Crypto Assets Against Hackers
As the bitcoin price skyrockets, everyone may forget about protecting themselves during all the braggadocios jubilation. It’s nice when the price rises, but if people only focus on it, they may shift attention away from security, leaving themselves vulnerable. I have three top considerations to protect your crypto stash from hackers.
- Hold your private keys
- Use offline wallets
- Don’t use your phone number for authentication
Many crypto traders use centralized or custodial exchanges to store their cryptocurrencies. Sometimes this is a necessary evil; the current infrastructure is still young. With that said, custodial exchanges maintain your private keys.
If you are unfamiliar, a private key is effectively the access code to your crypto stash. Whoever possesses the private keys fully controls those funds. What’s the risk of custodial control over your crypto?
If a hacker gains access to that exchange, they’ll be able to steal your assets. If government shuts down that exchange, say goodbye to your assets. In the event the exchange site goes down, you’ll lose access to your stash. In addition, if an exchange founder dies randomly in India and he has access to all the keys, you lose. Yes, that actually happened.
to receive our new client starter guide
These problems only represent the tip of the iceberg regarding custodial exchanges. If you have to use an exchange to trade or conduct some transaction, make sure you understand the risks. Try to keep as little money on an exchange or custodial wallet as possible
Even if you hold the private keys, you are not completely immune to hacking attacks. Certainly, you are safer than if you were to hold your money on an exchange. The reason exchanges are the worst form of crypto storage is because they are akin to honey pots with billions of dollars. In other words, these databases of private keys represent a deliciously rich target for nefarious actors.
Still, private phone wallets like bitcoin.com’s wallet, Mycelium, BRD, Jaxx, and others are generally safe since you control the private keys. However, they are still vulnerable, but for different reasons. Your private keys are only as safe as those devices.
For instance, if someone discovered your password or an FBI agent unlocked your phone, they could easily gain access to your wallet and thus your keys. It’s recommended that users only store “daily use” crypto on these devices, and not large quantities of digital assets.
The best form of storage are wallets that live offline some of the time or the majority of the time. These include hardware wallets and paper wallets.
Hardware wallets are USB stick-like devices that generally plug into your computer and allow you to access a wallet via an application or Chrome extension. These are fairly stalwart technologies that are difficult for hackers to break into, because they don’t touch the internet as much and they also require a strong pin code. Some of these devices even have plausible deniability features that allow you to hide cryptocurrency on the device in plain sight.
The list of beloved hardware wallets grows every year. Popular brands include: Trezor, Ledger, BitBox, KeepKey, among plenty of new incumbents and competitors. If you are going all in and possess a crypto savings account, having a reliable hardware wallet can save you a lot of time and heartache. Above all, they are extremely reliable and boast resilient security features. Be sure to research each one individually.
Arguably, the most secure wallet is the paper wallet. These wallets virtually never touch the internet, and are therefore immune to hacking attacks that exploit the weaknesses of the internet.
Paper wallets have the private and public keys written or inscribed on them. Bitcoin can be sent to these wallets using the public key. There are websites that allow individuals to create and print out paper wallets at their leisure.
The Achilles tendon of paper wallets is their physicality. The user has to print them, store them in a hidden location, and protect the private keys via that location. For instance, if they are discovered by some malicious bystander, they could easily steal the private keys and move the funds attached to the wallet.
It’s also been humorously suggested that paper wallets could represent crypto transactions in the event an EMP attack wipes out the internet. No internet, no problem; we have paper wallets to trade with each other.
Phone Number Authentication
The most insidious crypto hack involves user authentication via phone numbers. It’s how hackers have managed to steal funds from some of the most respected crypto players in the industry. Both Jared Kenna and Joby Weeks fell victim to this particular hack. Whole articles have been written about the incidents.
Here is how the scam works: a hacker finds out the phone number of an individual, then they call their phone provider and switch their phone account over to the hacker’s phone. Then, all the hacker has to do is attempt to access their victim’s account. If the victim has set up their phone number as a form of authentication, the hacker simply has to say “forgot password” and get it sent to the phone number. Presto. They can now have access to their victims email, accounts, bank accounts, crypto wallets, etc.
The overarching lesson regarding this hack is simple: protect your phone number and do not use it for security authentication. Instead, you should consider using google authentication and other two-factor mechanisms that can’t as easily be hacked. It’s also smart to use multi-signature wallets, and the aforementioned hardware wallets that don’t rely on SMS phone number authentication. Everyone should research every aspect of identity security and phone number fraud.
Conclusion: Don’t let Hackers In
The tips in this article represent a starting point for learning about security in the crypto space. The ideas contained here are by no means meant to be comprehensive. I advise everyone to learn as much about cryptocurrency security as possible, especially since the overall ecosystem is still in its infancy.
At Pathfinders, we will help new businesses and individuals leverage all of the best tools to protect themselves. Security best practices are an essential part of our on-boarding program as a startup management firm and growth advisory. In the next article, we’ll take a look at ways to protect your crypto wealth from market volatility. Stay safe and secure. Don’t let hackers in.