Cryptocurrencies may represent the future of electronic payments and transfers, but the same features that make it a compelling alternative to fiat currency create new security risks.
For example, most cryptocurrencies use anonymous and immutable ledgers to record transactions. This may eliminate the risk of counterfeit currency, but it also makes it impossible to track down criminals and reverse fraudulent transactions.
Let’s take a look at some simple measures that you can take to ensure that your cryptocurrency is secure from common threats.The same features that make cryptocurrencies compelling for electronic transactions create unique security risks. Click To Tweet
Where to Store Cryptocurrency
There’s no doubt that the most secure place to store cryptocurrency is in a so-called cold wallet — or a device that’s not connected to the internet. Even better, you could store it in a paper wallet where you private key isn’t even in a digital format!
Since there’s no way for criminals to hack into the wallet from behind a computer screen, the only risk is that the wallet might be physically lost or stolen.
That said, it’s not always practical to store cryptocurrency on cold or paper wallets.
Consumers may want to use cryptocurrency to make purchases on the spot and traders need instant access to their cryptocurrency to capitalize on short-term opportunities. It’s just not practical for these individuals to find a USB drive, connect it to a computer, transfer the necessary data and only then access their cryptocurrency.
Many people prefer the convenience of online (hot) wallets or exchanges, which provide quick and easy access to their cryptocurrency on the spot.
For example, Coinbase’s Chief Information Security Officer Philip Martin recently hinted that the exchange may be holding hundreds of millions of dollars worth of cryptocurrency on behalf of its users as evidenced by its $255 million insurance policy through Lloyd’s of London.
These online wallets and exchanges present a significant risk to consumers since nobody is invulnerable to attack. In fact, criminals may be even more drawn to these large companies due to the amount of cryptocurrency that they hold. There have been no shortage of security issues plaguing the cryptocurrency industry since its inception.
Hackers famously stole 850,000 Bitcoins worth around $450 million from the Mt. Gox exchange in 2013 and 2014 — and only about 200,000 of those Bitcoin were ever recovered. In 2018, CipherTrace found that cryptocurrency thefts reached $1.7 billion! About $950 million of those thefts came from cryptocurrency exchanges and infrastructure services such as wallets, which is up nearly 260 percent from $266 million in 2017.
There are a couple ways to mitigate these risks without resorting to the use of impractical cold or paper wallets:
- Use online wallets and exchanges that are insured and reputable. While cryptocurrencies aren’t covered by the FDIC, companies like Coinbase hold insurance policies designed to protect against these risks and take many precautions.
- Diversify your risk by using more than one online wallet or exchange to hold your cryptocurrency. Or, you may store most of your holdings in cold wallets and keep only what you need in hot wallets and exchanges at any given time.
How to Ensure It’s Secure
The best way to keep your cryptocurrency secure in an online wallet or exchange is by implementing the proper cybersecurity practices.
Start by ensuring that your own devices are updated and secure. If your computer is hacked, criminals will have easy access to any wallets or credentials needed to access online accounts. Install anti-virus and anti-malware software to ensure that your computer is free from infection, and always keep software up-to-date to eliminate any known vulnerabilities.
Next, ensure that your connection to the internet is secure to avoid man-in-the-middle attacks that can steal online credentials. Home routers should be kept up-to-date and secure with firmware updates and strong passwords. When using open public WiFi networks, consider a virtual private network (VPN) to create a more secure connection between your computer and the wider Internet.
The online accounts that you setup should use strong passwords that differ from your other passwords. Often times, the most practical way to do this is with a password manager that automatically creates strong passwords and makes them easy to use. Two-factor authentication should also be enabled where possible to add an extra layer of security.
Finally, you should ensure that your entire computer’s hard drive is encrypted in case it’s stolen. That way, criminals won’t be able to gain access to your information. You should also maintain a secure backup of your wallet and/or credentials in paper form or through specialized encrypted online backup services in case of theft or loss.
Common Mistakes to Avoid
Cold wallets and cybersecurity best practices may protect you from most threats, but so-called social engineering has become one of the most successful tactics used by criminals. These attacks occur when criminals pose as a legitimate person or organization, such as your online wallet or exchange, and trick you into handing over your credentials or cryptocurrency.
There are a few tell-tale signs to be aware of:
- Promise of easy money. Most social engineering scams promise easy money, such as free cryptocurrency or excessive returns on an investment. For example, a hot ICO may promise significant returns for early investors.
- Sense of urgency. Criminals create a false sense of urgency that encourages you to abandon your common sense and react based on your primal desires. For example, a fake exchange email may warn you that your account has been compromised.
- Partnership requests. Another common social engineering tactic is to make you feel like a partner in a deal, which can encourage you to commit “your half” of the funds.
Many social engineering attacks can be avoided by using common sense, trusting your gut and confirming the identity of the sender or requestor. Never click on links or respond to emails that you don’t recognize, and don’t trust a website based on its appearance alone — it might be spoofed.
The Bottom Line
Cryptocurrencies have created a unique opportunity for both consumers and investors. While its electronic nature may be responsible for most of its benefits, it also creates a lot of cybersecurity risks for consumers.
It’s important to keep the security tips that we’ve discussed in mind to avoid losing any money.