Cyber security is hardly a sexy topic, and is easy to overlook, but the last thing you want to do as a crypto investor is watch all your money disappear because you were careless about keeping it safe.
The decentralised, unregulated and anonymous nature of cryptos means that it’s essentially impossible to track them down if they go missing or are stolen.
There’s no central company that will reset your password for you if you forget it.
There is no customer service centre to complain to when something goes wrong.
And there is certainly no authority to track down hackers that have gained access to your account and stolen your funds.
Keeping your cryptos safe can seem daunting, especially for beginners. However there are a number of easy steps you can take to ensure you stay in control of all your magical internet money.
The list below is non-exhaustive, and is in no particular order (and if you couldn’t guess, in no way constitutes legal or investing advice), so please continue to do your own research, and never get complacent with keeping your crypto safe.
Remove your personal details from public places on the internet
This should be pretty straightforward in this day and age, but a lot of people I speak to still don’t take online privacy particularly seriously.
We’re seeing more and more frequent invasions of our online privacy by hackers and large (supposedly law-abiding) companies alike, so the best strategy to stay clear of these is to just not have any of your personal information listed publicly online.
Hackers can use your phone number, email address and other personal information like your date of birth, where you live and work, and who you have close relationships with to socially engineer their way into your accounts.
If it’s impossible for you to hide or remove your personal email from public sites, make a new one and use this to open your crypto accounts, so at least this is more difficult for attackers to find.
If your phone number is public and there’s no way you can take it down (I’d hate to imagine the amount of spam you get if it is), then call your mobile carrier and ask for increased security on your account. More on this below.
In summary, the less of this information you publish online, the less of a chance you have of having it stolen and used against you.
Boost the account security on your phone plan
There have been plenty of documented cases where attackers, using social engineering, gain control of people’s SIM cards, and then reset the password to that person’s email address.
Once this is done and the attacker has access to the user’s email, they can reset passwords to any associated account, and it’s open season for that person’s crypto assets.
Don’t let this happen to you. Call up your phone provider and ask them to increase the security on your account for over-the-phone customer service. If somebody calls up pretending to be you, they should need more information than just your name and birthdate in order to to ruin your life.
Use a secure, offline wallet
One of the first ways people come to hear about Bitcoin and crypto in general is through massive hacks and security breaches, which inevitably decreases people’s confidence in these technologies.
Despite these hacks, it’s actually almost impossible to hack Bitcoin and some of the other well established cryptos.
Almost every hack that occurs in the crypto space involves hacking an exchange or users’ wallets to steal funds.
These centralised systems are inherently less secure than the crypto protocol itself, and are therefore a massive honeypot for attackers, who will go to extraordinary lengths to hack these systems and steal any cryptos available.
A primer on wallets:
If you want a quick breakdown of what crypto wallets are and how they work, read on. If you’re good with crypto wallets, skip this section. More on wallets here.
If you hold your cryptos in an online exchange, you technically own them, but don’t actually have full control over them.
You only have ultimate control if you hold them in your own private wallet, so if the exchange gets compromised, say goodbye to your hard earned cryptos.
It’s much safer to hold your cryptos in a wallet you control, but this also comes with security risks.
Not all wallets are created equal, and for various reasons, some are much more secure than others. Crypto wallets are generally categorised as online (software) wallets, such as phone and desktop apps, and offline (hardware) wallets, like USB-style storage and paper storage.
The rule of thumb with wallets is that the less connected to the internet a wallet is, the harder it is for an attacker to access your cryptos.
Therefore an offline wallet like the Ledger Nano S or Trezor that stores your wallet keys behind a number of layers of security is the best way to keep your cryptos safe
It’s fine to store a small amount of crypto on exchanges and online wallets in order to make small transactions or to trade. However, far and away the safest place to store the majority of your cryptos is in an offline wallet like Ledger Nano S, Trezor, or (if you’re game) on a paper wallet.
These systems aren’t completely foolproof; you can still physically lose them, meaning you could lose access to your cryptos if you don’t have backups, or fall victim to phishing sites.
However, because cold wallets are never connected to the internet, the probability that they will get hacked is astronomically lower than an online equivalent.
Use two-factor authentication (2FA) for all your accounts
Two-factor authentication is essentially the process of verifying your identity by two methods when attempting to log in to an online account. Most often, a 6-digit code will be generated and sent it to you via an SMS, or generated by an authenticator app, that you then need to put into the account you’re trying to log in to.
Using 2FA ensures that even if your account password is hacked, the attacker still needs access to the device that is receiving the secondary code, and without it their attempts will be unsuccessful.
Enabling SMS 2FA is better than nothing, but it isn’t strongly advised, as attackers may be able to gain access to your mobile number by calling your phone provider and switching SIM cards. Using 2FA through an app like Google Authenticator (iOS) (Android) or LastPass Authenticator is the gold standard for 2FA.
Most (hopefully all) good exchanges and wallets will give you the option of using 2FA, but it’s generally up to you to switch it on. Jump into the settings page of the exchange(s) you use, enable 2FA, and level up your crypto security.
Don’t boast about your holdings (or talk about it at all) online
This should be a no-brainer, but it’s worth stating just for the record. Never ever ever ever EVER talk in a public forum online (Facebook, Twitter, Slack etc) about how much crypto you have.