Securing your cryptocurrency might seem like a daunting task. For the uninitiated, the learning curve includes hot and cold wallets, online exchanges and private keys.
Digital security experts warn that you shouldn’t skimp on your studies, particularly of the hardware and software wallets used to store data that proves ownership of cryptocurrencies. Unlike a stolen credit card number, which can be an inconvenient but surmountable problem, pilfered cryptocurrency is often simply lost because of the decentralized nature of many digital coins.
If you run into problems, you may have no one to turn to.
Hackers are attracted to cryptocurrency because it can be stolen over the internet, which means victims are often far away in different countries. Even if identified, hackers can be in countries — think Russia — that make extradition difficult, so the threat of punishment is low. And cryptocurrency is hard, though not impossible, to trace.
Cryptocurrency comes with security risks that other kinds of investments don’t have, says Don Pezet, co-founder of the online IT training company ITProTV.
“If a hacker steals your funds, they’re just gone,” said Pezet, a longtime IT professional who also serves as chief technology officer of ITProTV’s parent company, ACI Learning.
The best thing you can do, he says, is make sure your cryptocurrency is secured from the get-go, so you don’t run into problems down the road.
Crypto exchanges, where investors can buy and swap one currency for another, are constantly under threat from cybercriminals looking to score big paydays by emptying the vaults.
One of the biggest thefts of all time occurred in August, when cybercriminals exploited a vulnerability in Poly Network, a platform that connects different blockchains, the online software ledgers that record cryptocurrency transactions. Once in, the hackers ransacked Poly for $600 million, though the funds were later recovered.
Not all hacks are headline catching. Cybercriminals are also looking to rob individual investor wallets, and they employ many of the same methods used to break in to any other online account. You risk being looted if you give up your credentials in a phishing scam or let your devices get infected with malware.
Though people may worry about being targeted by attackers, in reality they themselves may be the biggest threat to their cryptocurrency’s security, says Andrew Gunn, senior threat-intelligence analyst at ZeroFox.
“We can’t afford to forget about the human element,” Gunn says.
Here’s some advice from the experts on how to protect your digital assets.
How to protect your cryptocurrency
Use a “cold” wallet for long-term storage. Cold wallets store the data proving ownership of cryptocurrency offline, making them much harder for cybercriminals to get to. Both Pezet and Gunn say cold wallets are the safest option available.
The private keys to your cold wallet can be stored on a device, like a USB drive. You can also print them out on paper and file them away. Either way, an attacker can’t get at your cryptocurrency without them.
The downside of this storage method is that the responsibility for securing it falls solely on you. If you lose the USB drive or misplace your file, you can’t get your cryptocurrency.
“There is a ridiculous amount of unclaimed crypto out there from these types of situations,” Gunn said, adding that some people have sought password crackers to break into their accounts after they’ve forgotten their credentials.
Cold wallets also aren’t as convenient as hot wallets, which are hosted online, often by a cryptocurrency exchange. It’s fine to keep some of your funds in a hot wallet if you use cryptocurrency for day-to-day spending, Gunn says. But he urges everyone to properly secure those accounts to make them more difficult to crack.
It’s also smart to keep as little cryptocurrency as possible in hot wallets. If your funds get stolen, there isn’t much you can do to get them back.
Gunn advises using multiple cold and hot wallets, each protected by its own unique password. That way, if the worst does occur, you’re limiting the fallout.
Use strong passwords and multifactor authentication. Securing your cryptocurrency with good passwords is absolutely mandatory, just like it is for all digital accounts. We’re talking at least 12 random characters.
Two-factor authentication, which requires a second form of identification such as a fingerprint or a notification pushed to your smartphone, also helps secure accounts. It’ll go a long way toward keeping you safe if your password is compromised.
Use only your own device to access your wallets. It may seem convenient, but don’t access your cryptocurrency from a public computer, such as one at a library or in a hotel business center. There’s no way to tell if they’re infected with malware.
Similarly, make sure to take care of your devices. Keep your antivirus software and operating systems up to date. Always use a secure internet connection, preferably bolstered by a VPN, Gunn says.
Do your homework. Larger, more regulated exchanges are generally safer. Make sure the one you use is reputable, especially if you’re going to use it for a hot wallet.
Be wary of emails that look like they’re coming from the company that holds your cryptocurrency wallet. It could be a phishing email looking to steal your credentials and, ultimately, your funds.
As with emails that look like they’re coming from your bank, it’s always best to skip any included hyperlinks and to go straight to the company’s website.