Delve into some of the best ways to help keep your cryptocurrency safe.
Are you worried about these horror stories you occasionally see in the media of people losing access to their cryptocurrency? If you take some small steps to ensure you are protected from the most common issues, you can rest assured that you are unlikely to face any issues. Most issues related to the loss of cryptocurrency are primarily the result of carelessness or just being in a rush.
Take your time to learn a few important things related to securing your cryptocurrency and become more comfortable with this modern technology that puts much more control in your hands than you may have been used to before. Once you’ve learned a little more about managing your cryptocurrency safely, you’ll become a better custodian of your own funds. In addition, you can share this information with those around you to help encourage better practices in the broader cryptocurrency community.
Managing Custodial Risk is Important
Looking broadly at how you manage and handle your cryptocurrency is a great place to start when thinking about the safety of your crypto. For starters, if you are using custodial wallets or exchanges that only provide custodial services, this is the first thing you should be thinking about. While custodial wallets can be highly convenient, they also come with some risks.
Over the last decade, there have been many high-profile hacks on custodial exchanges that have resulted in billions of dollars in value being lost. One of the best ways to protect yourself from being affected too badly should something happen with a custodial provider you use is to never put more funds into a managed wallet than you can afford to lose. It doesn’t matter if you enjoy investing in the latest altcoins on your favorite order book exchange, just beware and place some thought into exactly how much exposure you have to any particular custodial platform in case something were to happen.
When you are using platforms that provide managed custodial cryptocurrency wallets, you can reduce the risk of some types of attacks (most commonly your account being accessed by a third party) is by enabling IP whitelisting for withdrawals. Whitelisting is something that many cryptocurrency platforms choose to support. Just be sure to check if you actually have a static IP address (ask your ISP), as this isn’t something everyone has by default. Also, suppose you frequently find yourself using your mobile device outside of your home while managing these sorts of accounts. In that case, this may not be practical for you either, as mobile networks are unlikely to provision your phone with a static IP address.
Lastly, it’s essential to remember that whenever you are opting to use a custodial wallet, you are trusting someone else with your cryptocurrency, so if a platform isn’t responsive to support requests in a reasonable time frame or, worse yet, has a history of losing user funds, you may wish to avoid these kinds of platforms altogether or only selectively expose a small amount of funds to those you are comfortable using.
Dealing with Physical and Real-World Risks
As a cryptocurrency enthusiast, sharing your enthusiasm and knowledge of crypto with those you know is often a positive thing. However, it’s essential to consider that sharing exactly how much crypto you have, where you store it, and other personal information associated with your trading is something that is important to keep private. It’s easy to forget that while cryptocurrency isn’t as easy to take from you as cash can be, a $5 wrench attack (exactly what it sounds like) has a very low barrier to entry for those included to take part in one.
Suppose you have a moderately sizeable amount of cryptocurrency. In that case, it can be helpful to use wallets that make it easy to use different addresses to help obscure the total amount of funds you control. Of course, you likely wouldn’t want everyone you ever engage in a transaction with to know how much money you have in your bank account, and your crypto should be no different. Thankfully, many wallets are beginning to make this more accessible. Some platforms even provide the ability to generate fresh deposit addresses each time you use them, something that is worth taking advantage of where possible.
You also should consider what networks you are using when you are interacting with online services associated with your cryptocurrency, be those exchange accounts or anything else that could put some of your funds at risk if a third party gained access. For example, while public WiFi can be highly convenient, it has a lot of risks attached to it. Even if you are comfortable with the company or establishment that is providing the WiFi, that doesn’t mean that you are unknowingly being subjected to a man in the middle attack where an attacker is providing a fake hotspot in that location to trick you into connecting at which point a lot of information can be logged or otherwise manipulated.
While many risks in the real world can seem unlikely to occur, most of these things can be prevented with minimal care and common sense on your part. So don’t let the fear of “what if” get in the way of you exploring these new technologies and the growing world of digital assets.
Social Engineering and Phishing
You may have heard about people getting fake emails, calls, or even text messages claiming to be from banks, eBay, Amazon, or companies like PayPal trying to trick people into clicking dangerous links or providing their login information to their accounts to hackers and scammers.
Like everything that has value to someone these days, this is also something to be aware of regarding your cryptocurrency accounts and wallets. You may receive emails asking for your private keys, emails claiming to be offering rewards or airdrops if you connect your wallet to suspicious websites, or even text messages or calls claiming to be from an exchange or wallet provider you may use. Any good platform will never need to ask you for login credentials or other personal information that they should already have! If you ever receive a message, email, call, or anything else that feels suspicious or out of the ordinary, just stop and contact the business in question directly via their normal channels, be that calling, lodging a support ticket, or reaching out to an email address provided on their official website.
Never click links in emails you aren’t entirely sure are from the sender in question. Don’t connect wallets to websites you haven’t vetted yourself, never give anyone your private key or account mnemonic, and never respond to outreach that feels suspicious or is asking for personal information.
Ways to help minimize being affected by phishing attempts:
- Bookmark sites you regularly use to reduce the risk of rushed mistakes
- Avoid clicking advertisements or sponsored results at the top of search results
- Manually type links where possible to avoid look-a-like URLs
- Avoid responding to questionable emails and reach out to the company via official links
Multi-Factor Authentication is Always a Good Idea
You’ll find just about any website and even apps you use these days will offer MFA/2FA options. Some may even encourage you to use these when you sign up or enable them by default, and you should use them!
While it may feel like an inconvenience to have to grab your phone to get a code from your authentication app or grab a pin number sent to you via SMS, these can add layers to your security and make it harder for others to gain access to your accounts. However, they aren’t a one size fits all security measure; you have to ensure that you are giving them the best possible chance at protecting you by being careful to choose complex passwords for your accounts and confirming your email accounts associated with your important accounts are also as secure as they can be as well.
If you opt for SMS authentication, it’s worth noting that there is some risk involved in being “sim swapped.” How this occurs is a scammer will contact your phone company and pretend to be you in an attempt to gain control of your phone number, at which point they can then receive any codes sent to you by SMS. You can reduce the odds of this occurring by ensuring that the account with your phone company has any additional security measures such as verification questions and pin codes enabled and by avoiding throwing your number around online where it can be easily intercepted.
When using MFA/2FA, you will often be provided with a secret key to backup. One mistake that is commonly made but easily avoided is casually backing it up in a text file on your computer. Doing this means that anyone with access to your files can now go and generate codes to log in to that account, so you’ve made it harder for this measure to be effective. Instead, treat your authentication key backups like you would private keys and back them up offline and never in the cloud.
Everyone should take advantage of 2FA/MFA solutions offered by the platforms they use. Every additional layer of security you can add to your important accounts reduces the odds of your accounts being breached. Just don’t let this enable you to be lax with other security measures, such as using complex single-use passwords.
Hardware Wallets are Worth the Money
If you’ve been on the fence about buying a hardware wallet, it’s strongly recommended if you are dealing with more than a few dollars worth of crypto. While there is a growing trend by many just to keep large amounts of funds in hot wallets that operate as browser extensions or quite commonly mobile devices, there is a risk to this kind of thing that needs to be considered.
For those that aren’t familiar with hardware wallets, they can seem a little confusing, but when you break down what they actually do, it’s a lot easier to understand how they can be helpful and protect you from a number of things when used with some care. For example, when you sign a transaction to move some crypto that you control, you need to sign the transaction with your private key for this to be valid. A hardware wallet enables you to sign that transaction while keeping the key hidden in the device and never exposing it to the outside world or even the computer or other device it is connected to.
Hardware wallets can help protect you from some types of malware, stop you from leaking your private key in some circumstances, and ensure that your keys are isolated from your ability to sign transactions. In addition, when performing a transaction, any good quality hardware wallet will show you the transaction on the device to confirm the important details before signing is completed.
If you are someone who is building up your cryptocurrency holding, it’s well worth your time having a hardware wallet and making some considerations as to how you split up funds that you use if you have some higher risk needs. For example, suppose you use platforms that only provide managed custodial wallets. In that case, it can be useful to keep the majority of your funds stored safely with your hardware wallet and separated from these funds in managed wallets or stored in other riskier places like mobile wallets for convenient access.
One of the most important things to remember when getting started with a hardware wallet is to back up your seed words carefully and securely store them. If your device was to break, get lost, or otherwise be unusable, having these seed words stored safely can enable you to prepare a new hardware wallet that has access to your funds with minimal effort. Be sure to treat your hardware wallet seed words the same way you would a private key or other highly sensitive information, as anyone that has access to your seed words can gain access to your funds. Also, while many devices do encourage you to use a pin to lock the device, it’s still worth thinking carefully about how and where you store your device itself.
Just like using 2FA/MFA on your important accounts, a hardware wallet is another layer of security that can be pretty powerful when you take a little care and use a little common sense to use these devices to your advantage.
Avoid Investment Scams
For just about anyone that’s been involved in crypto for more than a brief time, you’ve probably had at least one (or many, many more) messages from strangers online offering you access or referring you to impressive-sounding investment schemes with “guaranteed payouts.” In many cases, they’ll even send you a handful of doctored screenshots and rave about how much money they’ve been making. But, unfortunately, you haven’t been gifted the goose that laid the golden egg but instead are being targeted as a potential victim of a scam.
You’ll likely hear buzzwords and extraordinary claims about binary options trading, and they will often even have a fancy-looking website that seems to match their claims of guaranteed riches. However, this is a common scam and not a new one. Before crypto grew to be as popular as it was today, these scams were (and still are) commonplace in the foreign exchange markets and come in a range of different formats. Still, at their core, they are all just high-yield investment schemes (commonly referred to as HYIP scams).
If you ever send money to someone promoting one of these scams, or even to the platform they have recommended, they will block you immediately or just quietly accept your deposit, never to be heard from again. On occasion, you may even find that you can withdraw small amounts; beware that this may be a trust-building exercise and can suddenly stop at any moment. While their questionable websites tend to get taken down every few months, another just pops up to replace it, and the scammers continue their journey to scam as many people as possible.
It doesn’t matter who is recommending it to you, friends, family members, or strangers. If it’s too good to be true, save yourself some “guaranteed” tears and just opt out.
Don’t Get Complacent with Security
One of the best ways to keep your crypto safe (as well as your other online accounts) is to perform a regular self-audit of your security. You can do things like update old passwords, check you have all your important documents, seed words, and private keys backed up and stored safely, and even look for ways to improve your security.
If you haven’t yet moved to using a password manager, it may be worth considering. It can be a nightmare trying to maintain unique passwords as it is, let alone keep track of rotating those that are important and avoiding gotchas like password reuse. Password managers can help make all this quite a bit easier while helping you think a little more about your personal online security.
Complacency can slowly creep in via several avenues, especially when it comes to backups. While the cloud may seem like the perfect place to store things you don’t want to lose, you are putting them in someone else's hands and trusting them not to look, as well as relying heavily on whatever security measures are protecting those accounts. Many significant losses have occurred when traders have carelessly left private keys or seed words backed up in the cloud. These will likely continue to happen as they seem like an easy solution to dealing with backups. Still, in reality, they can be extremely high-risk options and are not something you should consider using for anything that could provide access to your crypto, your MFA/2FA backup key, or anything else that would be a hazard in someone else’s hands.
Maintain Control of Your Security and Your Crypto
If thinking about your security and the safety of your cryptocurrency, don’t feel overwhelmed. Many common mistakes can be avoided by checking things twice, confirming anything questionable, and maintaining good account security practices. Much of what is required to keep your cryptocurrency safe overlaps with what you should be doing to protect personal documents and crucial online accounts. By taking extra steps and thinking proactively about your security, you can improve your online security and help protect your digital assets.
Cryptocurrency gives you the ability to have so much more control over your assets than the traditional alternatives, but with that power comes a little extra responsibility to ensure that you are protecting yourself and being responsible for how you handle your assets.
Spending a little extra time now thinking about your security can help you to spend less time worrying later and more time exploring the incredible world of cryptocurrency.