Cryptocurrencies have grown from an obscure hobby project to a multi-trillion dollar asset class. But unfortunately, the same meteoric growth attracting investors, businesses, and consumers has drawn the attention of malicious hackers. According to Statista, hackers stole more than $500 million in cryptocurrency last year alone.
In addition to phishing scams and exchange security breaches, many attacks target vulnerabilities in the underlying blockchain technology. Bitcoin may have robust security due to its age, but modern platforms are more susceptible to problems. For example, Compound, a popular decentralized finance protocol, recently experienced a massive breach.
Let's take a look at how to secure your crypto assets from attack and avoid losses.
Start with Awareness
The first step in securing your crypto assets from theft or loss is simple awareness. Never assume that your assets are safe in the hands of third parties, and always verify their security measures and insurance policies. In addition, always be suspicious of individuals or companies making outlandish promises.
The most common crypto scams include:
- Phishing: Malicious hackers will send an email or message that appears to be from an exchange or other source. Often, the email will contain a malware download or a link to a spoofed website requesting your login credentials.
- Giveaways: Malicious hackers will use ads or spoof prominent celebrities to advertise giveaways. In many cases, they will ask you to send crypto to an account and promise more in return—but of course, you will receive nothing!
- Blackmail: Malicious hackers may use details they've found from research or other security breaches to try and blackmail you. In most instances, these threats are mass-mailed, meaning you don't have to worry about them as long as you don’t engage.
In general, you should always exercise a healthy dose of skepticism. And before sending crypto to anyone, take a moment to consider the situation rationally—there's never a reason to rush into a decision. The simple act of being skeptical and avoiding snap decisions can save you from the vast majority of cybercrimes related to crypto.
Hot vs. Cold Storage
Most people have bank accounts that hold their life savings. Similarly, most crypto users hold their assets in a "hot wallet" at exchanges like Coinbase. But, you can also keep both physical currency and cryptocurrencies in an offline "cold wallet." Of course, the trade-off is that these wallets may be lost or stolen.
"Cold wallets" are generally more secure than "hot wallets" because malicious hackers cannot access them. For example, the Trezor hardware wallet enables you to hold cryptocurrencies offline on a physical device. However, if you lose the device or forget the password (and backup codes), you may be unable to recover your assets.
The most popular hardware wallets include:
- Trezor provides a hardware wallet along with a software suite that you can use to send cryptocurrencies and store your passwords.
- Ledger provides a secure hardware wallet and mobile app that makes it easy to buy, exchange, or sell cryptocurrencies.
- KeepKey is a lesser known hardware wallet that provides similar functionality to the Trezor and Ledger, although it’s less popular.
In general, hot wallets are acceptable when the exchange has (or you have) an insurance policy covering against losses. However, if there is no insurance, you should keep only the amount of cryptocurrency you plan to trade in the near term in a hot wallet while keeping the remainder in a cold wallet, such as a hardware or paper wallet.
Most people are familiar with username and password-based authentication. Unfortunately, if your password is stolen, malicious hackers can easily access your account. Compounding the problem is the fact that many people reuse passwords, which means that a single security breach can lead to numerous compromised accounts.
Multifactor authentication addresses these problems by introducing one-time security codes in addition to passwords. For example, you may receive a text message containing a one-time code that you enter alongside your password to access your account on an unrecognized device, meaning that hackers need more than just a stolen password.
The most secure form of multifactor authentication is hardware keys like Yubico. These devices connect to your smartphone or computer to provide one-time codes without the need for text messages. As a result, they are immune to so-called SIM swap attacks whereby attackers contact cellular providers to get a copy of your SIM card.
The most popular hardware keys include:
- Yubico provides one of the most popular and widely-supported hardware keys in the market with support for many open standards.
- Thetis are another popular hardware key option that provides nearly identical functionality with durable aluminum casings.
- CryptoTrust provides a hardware key that is open source with easily upgradeable firmware and a PIN in case you lose the device.
Physical Device Security
Hardware wallets and keys prevent most security breaches, but unfortunately, they come with their own set of physical security risks. It's easy to misplace these small devices around the home or office, and of course, there's always a risk that they could be physically stolen in a coffee shop or similar public environment.
If you have a significant amount of crypto assets on a hardware wallet, it's a good idea to store them in a safe or other secure environment to prevent loss or theft. In addition to preventing theft, a safe can protect the device in the event of a fire, flood, or other natural disasters that could ruin the device and make it impossible to recover your assets.
Hardware keys are a bit more challenging to store since you need them regularly. Many users keep hardware keys on their keychains along with their car keys to avoid losing them. It's also a good idea to keep a backup hardware key in case you lose one and keep a paper copy of the backup codes in a safe place (such as a safe or safe deposit box).
The best security measures in the world don't guarantee protection from loss. As a result, crypto users with significant funds (>$1 million) should consider insurance against loss. Several insurance companies service high net worth individuals with these levels of assets, although smaller accounts may need to look elsewhere.
The easiest way for smaller accounts to insure against loss is to hold assets on an exchange with an insurance policy, such as Coinbase's insurance against cyber theft. However, it's essential to remember that Coinbase's insurance does not cover losses resulting from unauthorized access to your accounts due to a breach or loss of your credentials.
The Bottom Line
Malicious hackers have become prevalent in the crypto industry. Fortunately, there are several steps that you can take to keep your assets safe, such as using hardware wallets and keys.
If you're a crypto trader or investor, ZenLedger can help you calculate and prepare your crypto taxes each year. Our unique platform aggregates transactions across wallets and exchanges and then pre-fills popular IRS forms to ensure that you don't over or underpay. Try it for free!