A Simple Guide to Keeping Your Crypto SafeBy Evgeniya Broshevan
Earlier this year, hackers stole the cryptocurrency equivalent of over US $500 million from the Coincheck exchange in Japan. This followed some $7.5 million stolen from Coindash last year, $72 million from Bitfinex in 2016, $5.1 million from Bitstamp in 2015, and the notorious $460 million theft from Mt. Gox in 2014. The accompanying chart shows the current US dollar value of various hacks from 2011 to 2018.
Things are bad, and they promise to get worse. Recent years have seen a considerable surge in global cyber attacks as it is becoming easier than ever for hackers to create sophisticated tools to spread malware and steal sensitive data from companies and individual users. Companies also frequently fail to patch holes in their systems. And as more people around the world start buying crypto, there will be more cases of hackers trying to steal that crypto from them.
It's not just cryptocurrency exchanges that are being targeted. Individuals are vulnerable as well. Apple co-founder Steve Wozniak claimed that someone stole seven bitcoins from him. And yes, you could be next. The good news is that you can take some practical steps to protect your cryptocurrency.
Before we discuss how we can keep our crypto safer, it's vital to note that black hat hackers are becoming more cunning and sneaky every day. Unfortunately, there is no universal approach on how to prevent scammers from getting their hands on your crypto, but there are some steps you can take to make storing Bitcoin and other cryptocurrencies much safer. Some of these steps are easier than others, but we recommend that you do all of them. Let's start with the simplest steps first.
Check your email at leaked databases
People often use their emails to log on to cryptocurrency exchanges. But what if that email has already been hacked? You can paste your email, and in several seconds the website will show you whether it was hacked. You could subscribe to be notified if your account is compromised.
Turn off message preview on your phone
Although this function is quite convenient, it is also potentially dangerous. Literally, anyone who picks up your phone can get your sensitive information. Say, for instance, you use your pet’s name as a password to the Coincheck. Your spouse sends you a reminder to "‘buy a bone for Tyson," and it is shown on your locked screen.
Bookmark your crypto sites
It is advisable never to follow potential phishing links but instead type the web address yourself or use bookmarks.
Install Metamask/EAL/Cryptonite plugins
The goal of these extensions is to block phishing websites. Please also be a responsible member of the crypto community and report phishing sites or wallets to special databases to prevent other users from being scammed.
Set up 2-factor authentication
This is a method of confirming a user's identity by applying a combination of at least two different factors. You might use either an application such as Google Authenticator or Authy.
Enable remote wipe
Our mobile phones are gateways to many online accounts, so you need to keep them well protected. That involves both setting up remote wipe capabilities, so if your device gets lost, it will be completely and securely wiped. Consult the instructions for iOS and Android to set it.
Back up your keyphrase
When you create a wallet, most services automatically generate a backup phrase associated with the wallet. Write it down somewhere, because in case you need to recover your wallet, you will be lucky enough if you have a backup.
Keep data encrypted
Use a password manager that encrypts the password database before storing it in the cloud or synchronizing it between your devices via the network. Keep your keyphrases divided and encrypted in different places.
Use cold wallets
Forget about storing crypto on exchanges unless you absolutely have to. Hardware or “cold” wallets are the most secure solution for storing cryptocurrency. Instead of saving private keys on a computer or a smartphone, where they are susceptible to hacking attacks, hardware wallets keep private keys secure on a dedicated device and never reveal them— even to the user.
Choose strong passwords
Yes, yes and again yes! This may seem like it should be in the "easy" section, but strong passwords are often neglected despite being incredibly important. Passwords should be long, complex, and unique.
Data breaches are rampant, and a lot of people do not appreciate the scale or frequency with which they occur. But a lot depends on you. When online, keep this in mind: Stop for a moment. Think about how you are taking care of your information and personal data before doing anything. Connect responsibly. Double check everything. Stay secure.
Evgeniya Broshevan is lead manager at Hackenproof.