idhra

Crypto security best practices

To safeguard your assets and ensure you don’t fall foul to common crypto-based scams, there are a number of steps you should familiarize yourself with.

Never keep digital copies of private keys/seed phrases

As mentioned above, private keys and seed phrases are vitally important pieces of information for accessing and recovering a person’s crypto wallet.

When making copies of this sensitive data, it’s imperative that users manually write the codes down on paper or make use of several metal plate products available for recording crypto keys. These can then be secured in a fireproof or waterproof safe that’s bolted to the floor for maximum protection.

Taking a screenshot, sending phrases or keys to yourself in an email or texting them to a trusted person are common ways people make it easy for cybercriminals to access sensitive crypto information.

Minimize assets held on crypto and DeFi platforms

For active traders and DeFi users, crypto assets will most likely need to be deposited on to a trading platform or put to work in a DeFi protocol such as a liquidity pool at some point.

Assets held on centralized crypto platforms often sit in online crypto wallets controlled by the underlying platform. This isolates huge amounts of crypto funds in a single place, making them a hot target for hackers.

Billions of dollars have been stolen from crypto trading platform hacks due to poor security measures surrounding these online wallets. While Kraken takes every step possible to keep your funds safe, it’s recommended that users never hold all their funds on any single crypto trading platform.

With DeFi protocols, a user’s assets are held in smart contracts written and deployed by a protocol’s development team. In many instances, smart contracts have been found to contain exploitable loopholes which permit hackers to manipulate them. There have even been cases where fraudulent backdoors have allowed a protocol’s team to make off with users’ funds.

Much like with centralized trading platforms, it’s advisable that DeFi users should only hold a percentage of their digital wealth in any given DeFi protocol to mitigate the risk of fraud or theft.

Enable two-factor authentication

To add an additional layer of security to your email and crypto accounts, two factor authentication (2FA) is advisable.

2FA is available through Google Authenticator and several other similarly available apps. These apps provide passcodes that self-destruct and renew every 10 seconds or so. Specific codes are linked to each of your accounts and make it increasingly difficult for a hacker to access them.

Like the seed phrases used with crypto wallets, backup codes for these apps can be generated to recover master accounts onto new devices.

Avoid disclosing crypto holdings

Whether you’re actively involved in online forums or speaking to friends in a public setting, it’s recommended crypto holders never disclose their holdings to anyone.

Telling people you own an amount of crypto can make you a target for criminals. Even a number of high profile Youtube crypto influencers have been targeted by criminals and had their assets siphoned after leaking information regarding their holdings.

In more extreme examples, individuals have been take hostage and forced to hand over their crypto assets after criminals learned about their holdings.

Types of crypto wallet

All of the hundreds of various crypto wallets available on the market today can be broadly categorized into two distinct types,

Hot wallets

Crypto wallets belonging to this category are those that are permanently connected to the internet; think of browser-based crypto wallets like MetaMask or Coinbase Wallet or software wallets like Exodus.

By virtue of always being connected to the internet, hot wallets have the advantage of allowing users to view balances and send and receive transactions quickly – often in one click.

However, this convenience comes with an inherent security problem.

Hot wallet private keys are usually stored online or on the device where the software is installed. This makes them vulnerable to cyber attacks, especially if the end user hasn’t taken the proper precautions to safeguard their sensitive wallet information.

Sophisticated phishing emails and other types of scams have emerged over the years geared toward accessing a user’s private keys, including infecting devices with targeted malware or creating fake websites masquerading as official platforms.

Cold wallets

Cold wallets are the total opposite of hot wallets. Instead of being permanently online, cold wallets represent physical devices that are only connected to the internet when manually inserted into a computer.

For the most part, cold wallets remain completely disconnected from any internet source, meaning criminals would need to physically be in possession of the cold wallet device before they can attempt to access the funds inside.

While this makes them significantly more secure than hot wallets, the downside is they involve a lot more friction when making transfers.

Leading manufacturers of cold wallets include Ledger and Trezor.

As a general rule, cold wallets should only be purchased directly from an official manufacturer, as tampered devices exist on the secondary market that have led to loss of funds when used.

Cryptocurrency security threats

Purchasing cryptocurrency and storing it in a wallet doesn’t necessarily mean your assets are completely safe. The lucrative, unregulated nature of cryptocurrencies makes them a lightning rod for hackers and scammers.

Oftentimes, the threats posed by cybercriminals can be easily avoided as long as a few simple steps are followed.

Educating yourself about the telltale signs of common scams is one of the most effective ways to combat crypto-based fraud.

A majority of scams that exist within the industry follow one of three classic setups:

Crypto giveaways: This type of scam is prolific on popular platforms such as Twitter and Youtube. They typically involve fake profiles leveraging the image of a famous, influential person and claim to automatically double any crypto deposited into a stated wallet address. The reality is, the funds deposited into the wallet are taken and no assets are sent back.

Additional fake profile accounts are set up pretending to be people who have “successfully” had their assets doubled by the scheme, adding an air of credibility to the scam.

Phishing emails: Data leaks are nothing new in the digital age, and over the years there have been several high profile data leaks from crypto-based companies. Ledger, OpenSea and Celsius Network to name a few have all experienced breaches resulting in their customers’ personal data being made accessible to third-parties.

Once data such as email addresses are leaked, affected users often begin receiving flurries of messages from seemingly official sources asking them to resubmit sensitive information or provide their login details. In some cases, malicious links are included which infect the host’s device with malware that targets crypto wallets.

Ponzi schemes: The volatile nature of cryptocurrencies has made them attractive investment vehicles for traders looking for “get rich quick” opportunities. Tapping into this speculation, a long list of ponzi schemes have emerged offering extremely high rates of return for little to no effort on the investor’s part.

While some platforms are easily distinguished as outright scams, others have gone to extreme lengths to create professional looking platforms that appear legitimate to the untrained eye.

A simple checklist should be a part of everyone’s due diligence before making any investment – crypto-related or otherwise. This checklist should include things like checking if the platform’s team can be easily identified? Are Linkedin or other social media channels made available? Is the platform’s mechanism for generating high returns expressly outlined on the website? Is it possible to withdraw money from the platform?

Bitconnect, a former top ten cryptocurrency, is a renowned example of a crypto-based Ponzi scheme that duped thousands of crypto investors between 2016 and 2018, stealing over $2 billion worth of assets. Despite a convincing website and team of public facing promoters, its core team was never identified, nor was its ‘automated trading bot’ used for generating profits as described.