Protecting your cryptocurrency investments.
News that crypto exchange QuadrigaCX founder Gerald Cotten died with clients unable to access $190 million in bitcoin and other funds is alarming to investors. Cotten’s widow says the passwords to the cold storage of the cryptocurrencies are unknown to her, leaving investors with few remedies. The continued hacking of digital currency exchanges is another concern. Bitcoin and other virtual currencies remain a highly popular target for hackers because hiding their tracks is simple as their footprints can be erased digitally. Digital currencies remain unregulated by a government entity or central bank, leaving investors without legal recourse when an account is hacked. So here are 10 tips for protecting a cryptocurrency investment.
Use wallets from known sources.
A growing number of wallets from less reputable companies that offer attractive features are malware in disguise, says Nathan Wenzler, senior director of cybersecurity at Moss Adams. Choose a regulated exchange because it’s more likely to have proper safety mechanisms in place, experts say. “QuadrigaCX was facing liquidity issues for months and anybody who did even a minimal amount of research online would have seen this,” says Matisyahu Greenspan, a senior market analyst at eToro, an Israeli social investment network. Nearly all of the companies in this space are startups and not audited by financial regulators, says Alex Hamerstone, a governance, risk management and compliance practice lead at TrustedSec in Strongsville, Ohio.
Do your homework.
Cryptocurrency wallets are not physical ones; instead, a secret is used to authenticate the user, says Johannes Ullrich, dean of research at SANS Technology Institute. A common way to encrypt the secret is with a password, but if the password is lost or forgotten, the crypto coins associated with this secret are lost, he says. There are a variety of wallets out there, including hardware, software and paper, Wenzler says. Each kind has its pros and cons. In general, hardware wallets, which are physical wallets that store the user’s private keys, are arguably the most secure. But if this type of wallet is lost, there’s no way to recover it.
Store your coins in a cold wallet.
An offline hardware device like a USB or hard drive avoids storage on an online exchange. Jason Glassberg, co-founder of Casaba Security, says the basic idea is crypto investors need to be able to see and feel their money. “The QuadrigaCX situation is a good example of one type of risk, but another more common threat is from hackers who routinely target the online exchanges, wallets and other methods of storage to steal currency.” USB devices have buttons that require users to confirm or cancel transactions by touching the device, says Benjamin Cole, an associate professor at the Gabelli School of Business at Fordham University. “That ensures no hacker can record your keystrokes,” he says.
Don’t keep all your cryptocurrency in a single place.
This is similar to any standard investment advice, but you shouldn’t keep all your eggs in one basket, Wenzler says. “Should an exchange be lost for any reason, you can protect your investment and minimize the impact of any loss by spreading out where your currencies are stored and how you’re managing them,” he says. While it’s more time-consuming and requires you to keep better track of things, it’s a more secure risk management strategy.
Store your cryptocurrency private keys.
Investors should avoid the same simple passwords that get reused on social media sites, says Chris Morales, head of security analytics at Vectra, a San Jose, California-based provider of technology. Instead, use strong two-factor authentication methods. It’s really important to use at least a multisignature or more than one key to authorize a bitcoin transaction, since this will greatly reduce the chances of fraud, says Michael Borohovski, co-founder and chief technology officer of Tinfoil Security, a Mountain View, California-based cybersecurity firm. Think of it like multi-factor authentication for an e-mail or bank account.
Back up your cryptocurrency private keys.
In the same spirit of using an offline wallet, a backup of the private keys is needed in the event that the keys are lost, Morales says. Create redundancy: It’s better to play it safe and have access. Make backups of cryptocurrency stash as often as possible, but particularly anytime there is a transaction, Borohovski says. “Store them both locally in a hardware wallet and in the cloud, so that if one service or hard drive dies you won’t lose all of your money in cryptocurrency,” he says.
Use strong passwords.
Protect your wallet and backups with a very strong password or set of keys, Borohovski says. A strong password is one that can’t be remembered or cracked easily. Most password generators will create one with 64 characters, numbers, uppercase and lowercase letters and symbols. “Criminals use sophisticated password crackers to try to hijack these accounts, and these tools utilize dictionaries, lists of common passwords and brute force attacks as well, so the longer and more varied your password is, the more entropy it has and the longer it will take to crack,” he says. It’s also important to know the seed phrase and store it in a secure safe or safety deposit box.
Use trusted secure networks.
It doesn’t make sense to use a public Wi-Fi hot spot when it involves your money, Morales says. “Only make transactions on networks you own and trust to avoid someone eavesdropping and redirecting your funds to somewhere else,” he says. Only do online cryptocurrency business on a dedicated personal computer or device with no other accounts on it, Glassberg says. Investors who are managing their cryptocurrency account and engaging in transactions through an all-purpose PC, phone or tablet are just asking for greater risk. “Anyone with stake in the game can’t afford a single malware infection on their device because that may be all it takes to lose tens of thousands of dollars,” he says.
Do not talk about your investments.
Keep information about investments and accounts private, Glassberg says. “Cybercriminals are actively scouring social media, online forums and other sites to find potential targets for cryptocurrency attacks.” Investors need to understand that when they own cryptocurrency they become a “big fat target for these scammers whether they realize it or not,” Glassberg says. The most important thing is to avoid talking about your trades or portfolio on social media or anywhere else online.
Conduct smaller trades.
Don’t do huge trades at once and start small so you avoid drawing attention, Glassberg says. Limit yourself to conducting a number of smaller trades rather than one large trade because that large trade “puts you on the radar of anyone who’s looking for a rich target,” he says. “A whale is a better investment for a criminal’s time, energy and resources than a small fry. Make yourself appear to be a small fry. This is also a good way to test the exchange you are using before you overextend yourself.”
Keeping your cryptocurrency safe.
To recap, here are 10 tips to consider when it comes to protecting your cryptocurrency:
— Use wallets from known sources.
— Do your homework.
— Store your coins in a cold wallet.
— Don’t keep all your cryptocurrency in a single place.
— Store your cryptocurrency private keys.
— Back up your cryptocurrency private keys.
— Use strong passwords.
— Use trusted secure networks.
— Don’t talk about your investments.
— Conduct smaller trades.
More from U.S. News