How To Keep Your Cryptocurrency Secure
Crypto security is very much a matter of good personal habits. Your personal security is a cruicial part of how much you will make investing in crypto. While blockchain technology itself is designed to be extremely secure, and a blockchain database is nearly impossible to hack, human error and physical risks still exist.
Here are some of the ways to keep your cryptocurrency secure:
- Take basic Internet security measures.
- Use strong, updated passwords.
- Don’t visit suspicious sites or click on suspicious links.
- Don’t use “free WiFi”.
- Use Internet security tools like antivirus programs and VPNs.
- Activate 2-factor authentication for all your accounts.
2 Factor Authentication (2FA):
– Enable on everything possible (Email, Exchanges, Banks, even Reddit to protect your moons)
– Use 2FA Apps instead of SMS whenever possible, SIM Swap attacks are real, and more common than you think.
Authy (Linux | Windows | macOS | Iphone | Android)
Google Authenticator (iOS | Android)
Microsoft Authenticator ( iOS | Android)
LastPass Authenticator (Browser Extension | iOS | Android | Windows Phone)
These are physical 2FA device (article was chosen because it does a good job explaining the concept with pros and cons, we did not vet the sellers that are listed on the Amazon links. Always research and buy from a reliable source)
Unlike software wallets, hardware wallets store your private keys on an external device like USB. They are entirely cold and secure. Also, they are capable of making online payments, too. Some hardware wallets are compatible with web interfaces and support multiple currencies. They are designed to make transactions easy and convenient, so all you need to do is plug it in any online device, unlock your wallet, send currency, and confirm a transaction. Hardware wallets are considered the safest means of storing crypto assets. The only drawback is that they aren’t free to use.
Popular hardware wallets include devices by:
When you activate 2FA on any account you should have the ability to generate backup codes, these are used incase you lose access to your authenticator, TREAT these like your seed phrases. Use them by logging in with your user and pass, and use these backup codes in place of the 2FA code you usually enter.
- DO NOT take pictures of your QR codes, if you screenshot it might end up syncing somewhere you don’t want it to and if it ever gets compromised they have the ability to continually receive your 2FA code.
- DO NOT sign up for your 2FA app or any crypto service for that matter using your work or school email address. If you lose access to that email, then consider all accounts gone as you won’t be able to access the codes if you switch devices.
Remember that you are the weakest link. Actually hacking the code of a blockchain or getting through the security system of a website is very difficult and requires specialized skills that most criminals do not possess. It is far easier for a thief to impersonate a trusted party or send you compromised links in the hope that you will click on them.
Always be cautious and double-check every notification you receive. Caution keeps you away from dubious crypto promoters, suspicious exchanges that may vanish anytime, phishing emails and messages, etc. Choose your software and application downloading sources wisely – official websites and stores like Apple’s App Store can be a good choice (although the Google Play Store has been identified as a major source of Android malware). If a reminder pops up when you try to access or download anything, read the reminder and have a second thought about whether you still want to access and download whatever you planned to.
Given all the risks and scams mentioned above, cold hardware wallets like the Ledger Nano S or Trezor remain the safest option for securing your cryptocurrency assets. When your wallet is disconnected from the Internet, no hacker can directly see and attack it. Even if you fall for a phishing attack or download a trojan and then use your Trezor or Ledger Nano on the compromised computer, hackers will still be unable to access your private key. The only way to breach a hardware wallet is to physically take possession of it (via theft, trickery, or robbery) and also acquire the PIN code to activate it.
When setting up your hardware wallet for the first time, you will be generating a BRAND NEW SEED.
If you did not do this step during the setup, it’s possible that someone has set it up, hoping you don’t notice.
They then monitor your wallet for transactions and drain your wallet.
Every wallet has a process of generating your seed, then displaying it for you to record. This applies to every type of wallet, so if this isn’t something you did you should investigate immediately as your funds may be at risk.
After you have properly set up your new wallet and have noted down your seed, it’s time to wipe your device.
Yes, this is necessary.
Before sending a single transaction to your new address, factory reset your device and recover it using your seed. This ensures you have noted down your seed correctly and that you are capable of restoring your wallet if it gets damaged or stolen.
Common Cryptocurrency Scams
To help you avoid becoming prey to con artists, the following describes the most common crypto coin scams and the usual ‘modus operandi’ of crypto scammers so you can protect yourself when navigating the largely unregulated and still immature waters of the crypto market.
A key-stealing malware scans the hard drive of your computer or mobile device for your crypto private keys. A key-stealing malware can enter your device when you visit dubious websites, follow links from scammers, open unsecure email attachments, or download software from untrustworthy sources. Once you download a key-stealing malware on your computer or a mobile device, it instantly scans the hard drives for your crypto private keys and transmits them to a hacker. If you do not secure your crypto wallets with two-factor authentication in addition to the key, the person controlling the malware will now have the access to your accounts and be able to transfer your holdings in a matter of seconds.
A trojan is another type of crypto-stealing malware. Trojans do not actually “steal” your cryptocurrencies but scan your hard drives for the exact amount of cryptos you own. Then they maliciously encrypt your hard drives and send you emails and display messages to demand ransoms. Even well-protected exchanges might encounter such ransomware, and sometimes users have no other way to deal with the dilemma when the ransomware threatens to format the hard drives if the users do not pay the ransom within a certain period of time.
An exit scam refers to when exchanges, intermediaries, or managers disappear with investors’ money. It is a crypto spin on an old confidence trick that has been around for centuries. In the past, fund managers or startup founders may run off with investors’ money. In the crypto industry, exchanges may vanish with their users’ deposits; managers or owners of crypto projects could run off with the funds collected from an initial coin offering (ICO). Due to the decentralized and anonymous nature of the crypto world and limited regulatory frameworks, it can be more difficult to trace the scammers and recover the funds compared with traditional scams. Exit scams take place frequently: Confido in 2017, LoopX in 2018, and Yfdex in 2020. Users need to learn how to spot potential scams before they make any crypto investments.
A phishing attack is usually conducted via emails, messaging, or social media. You might receive an email or a message that asks you to take actions including sending your authentication code, password, credit card number, or other credentials. However, the email is not legitimate, or attempting to impersonate someone else. If you reply to those phishing emails and give them any information, your crypto holdings can be stolen.
After all there is the old-fashioned way to lose your belongings – to literally lose your mobile devices (or laptops). Anyone who finds your device or physically steals it can proceed to attempt to unlock it as well. If they succeed in unlocking your device, they can gain access to your crypto holdings stored in the wallets on that device, as well as your fiat money accounts, emails, passwords, social media accounts, and anything of value connected to your device.