How To Keep Your Cryptocurrencies Secure
But you can do so many things to avoid losing your valuable assets and hitting yourself in the forehead, wondering, why haven’t I done this before?
Security experts claim that almost $2 billion worth of cryptocurrencies were hacked or stolen during 2020. Hackers often target digital assets because the market isn’t regulated. Crypto is easy to move around and mix with other coins, and transactions are irreversible. If it happens to you, there is no central authority that can undo your losses. In crypto, it’s your responsibility to maintain proper security measures and safeguard your coins and private data.
Cybercriminals can take advantage of your faults and weaknesses to attack you when you least expect it. Cryptocurrency exchanges and digital wallets are their primary targets. But they will settle for your identifiable data if that’s all they can get.
How To Protect Your Crypto the Right Way
Here are some tips and guidelines you can follow to protect yourself and your valuables. We’ll start with general cybersecurity and then narrow it down to crypto-related precautions.
Basic Computer Security Tips
- Ensure that you are using genuine operating systems on your PCs and laptops. Don’t settle for cracked software.
- Install known antivirus, firewall, and anti-malware apps, and scan your devices regularly.
- Get an antivirus for your mobile as well. After all, you use it for your finances, emailing, and work.
- Download software from official sources only, and if possible, verify its signatures and authenticity. That can be done with tools like Kleopatra or OpenSSL, for example.
- Use open-source software whose codebase is publicly available and verifiable.
- Install ad blockers to protect you from malicious ads and trackers. Some add-ons you can try include uBlock Origin and AdGuard.
Network and Internet Connections
Subscribe to and download a private VPN that you can use in public places to encrypt your sensitive data. In case the internet network you are connected to is unsafe, the VPN will protect you. Ensure that your home router is configured with a strong admin password to prevent others from accessing it. And no, using login credentials such as “username” and “password” is not the way to secure your router. Instead, try to monitor the connections to your private network and blacklist anything that shouldn’t be there.
Tips For Secure Internet Browsing
- Use more private browsers like Mozilla Firefox and Tor.
- Use a password manager if you are having a difficult time keeping track of your passwords. KeePass is a good open-source tool.
- Bookmark the most essential sites that you visit. This should include your online banking, payment processors, crypto wallets, and exchanges. Visit the sites from your bookmarks.
- Make sure that you are on the right domain before entering your passwords. Pay attention to.org, .com, .net.
- Don’t surf the internet with Chrome. Google keeps track of everything you do, stores your data, and targets you with ads.
- Saving passwords in your browsers makes it easier to access websites. But don’t do it because if your computer gets hacked, the criminal could access all saved passwords.
- Don’t install new and unknown browser extensions and add-ons. They can make your computer vulnerable to malware, log your keystrokes, and steal your passwords.
- Don’t google crypto-related websites. Hackers have been known to create fake phishing sites that get advertised at the top of the search results in Google. Their goal is to steal your credentials.
How To Deal with Email Security
There are privacy-focused and encrypted email services that you can use for free. Two good examples are ProtonMail and Posteo. If these clients were to be breached, your private correspondence would remain safe because of robust encryption technology. You can add an additional layer of security on top of the base layer by using 2FA with Google Authenticator or Authy, for example.
Never for any reason click on phishing emails and the links included in them. Cybercriminals often send malware-infected PDFs, Google Docs, RARs, etc. Consider any unknown email to be a scam and simply delete it. Don’t investigate what it is and where it came from.
Exchange and Wallet Safety
- Whitelist your withdrawal addresses on exchanges. That would prevent a malicious 3rd party from withdrawing funds to non-whitelisted destinations.
- Safelist your home IP address for the same reason. Anyone attempting to access your exchange account would be blocked unless they prove they are the legit owner.
- Some crypto exchanges allow configuring phishing phrases. A phishing phrase is a set of words that will be included in all email correspondence from the exchange as proof that those notifications are legit.
- Use only trusted and community-tested open-source wallets which allow you to control your private keys.
- For increased security, consider purchasing a hardware wallet or set up an airgapped device.
- Make physical back-ups of your recovery phrases. Use pen and paper or steel plates. Never save your seeds digitally or on any online services (emails, clouds, online drives).
- Some people prefer keeping their mnemonics in bank deposit boxes or in a home safe.
Some General Crypto Security Tips
Generate new addresses whenever you expect a new Bitcoin transaction. Don’t reuse old addresses or use the same ones with multiple parties. Remember, Bitcoin uses a public blockchain. Everyone who knows your address can check the blockchain and find out exactly how much you have. Don’t brag about your holdings in public, and don’t make yourself a target.
Enable 2FA across all websites and platforms you regularly visit. Then, if someone gets hold of your log-in details, they still won’t be able to access your accounts without the required 2FA code. When we are talking about password security, ensure that you use unique passwords for all your accounts and services. Using the same password for everything you do online is not recommended because all your online activities would be compromised if it leaked somewhere.
Recent Crypto Hacks and Exploits
The Hack of Bilaxy Exchange
On the 28th of August, 2021, the Republic of Seychelles registered cryptocurrency exchange Bilaxy suffered a severe security breach that led to the loss of almost 300 different coins and tokens. Hackers successfully penetrated the exchange’s hot wallet and stole assets such as USDT, USDC, UNI, and others. Unofficial reports claim that the total loss was around $450 million worth of digital assets.
The Poly Network Hack
Poly Network suffered one of the biggest cryptocurrency hacks in crypto history in August of 2021. Due to vulnerable and not properly audited smart contracts, cybercriminals managed to steal over $600 million worth of coins. Tens of thousands of customers were affected by the heist, according to representatives of the Poly Network.
The platform wrote an open letter to the thieves asking them to return the funds because their actions would otherwise set in motion an international pursuit for the criminals. Then, in an unexpected turn of events, they started paying back the damages. Poly Network has, in the meantime, confirmed that they have recovered everything that has initially been stolen.
The ThorChain Exploit
ThorChain is a decentralized exchange and liquidity provider. In July 2021, the platform suffered two significant hacks. A hacker stole $7.6 million of Ether in the first instance, but the second hack was even more serious. Over $8 million worth of ETH, SUSHI, USDC, XRUNE, and some other assets were taken.
The hacker successfully deployed a malicious smart contract that imitated the deposits of fake coins after noticing vulnerabilities in the code. The cybercriminal even messaged the DEX, warning them not to rush with their releases until the code was properly audited. The hacker could have stolen more but chose not to because the idea was only to “teach ThorChain a lesson”.
The hack could have easily been prevented had the developers performed proper code audits before the exploit instead of after the funds were stolen. Their explanation that they decided to launch with potentially faulty code instead of waiting for a security review is worrying, to say the least.
The Fake MetaMask Scam
A popular NFT developer fell victim to a sophisticated phishing scam on July 30, 2021. He received a private message over Discord from what he believed originated from the creators of CryptoPunks. The notification mentioned that the project was celebrating its 4th anniversary and organized an NFT giveaway event. Unfortunately, the link in the message led to a fake Larva Labs website (Larva Labs is the creator of the CryptoPunk NFTs).
Once he loaded the site, a MetaMask lookalike pop-up appeared. It informed the game developer that his account was compromised, and he needed to re-enter his seed phrase to restore his wallet. Without thinking about what he was doing, he did what was asked of him and gave some cybercriminals access to his wallet. Soon after, his ETH account was drained of his valuable NFTs, Ether, and other tokens.
Bottom Line
All this might seem a bit overwhelming at first and a lot to take in. But after a while, you will realize that following recommended security tips is mostly about using your common sense.
You know the saying “curiosity killed the cat”? So, when we are on the subject of the safety of your cryptocurrencies, try not to be nosy and ready to try out everything you see. Most experts would agree that sticking to reliable and well-tested software, which has been around for years, is better than experimenting with unknown apps and platforms.
It’s recommended to make it a habit of verifying the authenticity of downloaded software to ensure that it originates from where it’s supposed to. Remember the old motto: “Don’t trust, but verify!”
Phishing websites created to steal your credentials represent one of the biggest threats today. Try to memorize the domains you visit regularly and bookmark them. It’s been proven repeatedly that search engines can’t be trusted to point you to the right website.
Treat crypto as a personal investment. Not everyone needs to know what you are doing in your private time. Remember that Bitcoin transactions are irreversible and can’t be undone, so if the offer seems too good to be true, it most often is.