One of the most difficult things for a new cryptocurrency investor to initially get to grips with is the extent to which you are the sole custodian of your new asset. It’s completely different from having funds in a bank, for example, where you are a customer with rights and protections.
The first lesson you need to learn is: Do not leave your coins hanging around on the exchange where you bought them. There are a number of reasons why you don’t want to do this.
Cryptocurrency exchanges operate in a state of open warfare against continual penetration attempts, an ongoing arms race in which sometimes the hackers pull ahead – and funds are stolen
Firstly, exchanges can get hacked
Cryptocurrencies are booming, and they’re big news. They’re also pseudo-anonymous and easy to move around the world in a flash. No wonder they’re attractive to hackers.
And what is really, really attractive to a hacker? An exchange they know is loaded with lots of lovely money. As a consequence, cryptocurrency exchanges operate in a state of open warfare against continual penetration attempts, an ongoing arms race in which sometimes the hackers pull ahead – and funds are stolen.
Sure, some exchanges offer various insurances and guarantees. But at the end of the day, you are largely on your own if your coins are taken. As the owners of the US$450-million worth of Bitcoin ‘lost’ from the Mount Gox exchange found out in 2014, it’s unlikely that any assets exist to replace what is taken, whatever the cause of their disappearance.
Secondly, you can get phished
Even if the exchange itself never gets compromised, fraudsters know that people are logging in and out of them all the time, and go to increasingly subtle and sophisticated lengths to try and get you to log in somewhere else instead.
Would you have spotted this one, using an ṇ instead of an n? Certainly in a mobile browser, or an underlined link in an email, you wouldn’t see the dot under the two letters at all:
Spot the fake URL
Creating a site that looks enough like the real (and perfectly genuine and secure) Binance exchange is all it takes to complete the illusion and collect people’s passwords.
You can protect yourself to some extent by enabling two-factor authentication on all exchange account logins, and using an anonymous dedicated email account for all your cryptocurrency transactions. But the sums involved on exchanges are simply too tempting, so the efforts to rob them will never stop.
So, what can you do?
Keep your assets warm
It comes down to the usual trade-off in tech: convenience and usability, versus security.
Funds on an exchange are easy to access and trade. That’s what the exchange is for. Day traders need to be able to move as fast as the market moves, and have to keep their coins right there, ready to buy or sell as soon as the signals are right.
But most of us transact much less frequently, and can tolerate slightly less convenient access to our crypto coins, in the name of better protection for them.
You can move your coins to a browser-based ‘hot’ wallet, which is more secure than an exchange, but still easy to operate online. Some of them are directly connected to exchanges, like Shapeshift, so you can pretty easily make some quick trades, while knowing your coins aren’t sitting there right on the exchange itself.
Additionally, you can make a hot wallet a bit more secure by using a dedicated machine, which is never used for everyday browsing.
There are a number of dedicated devices you can use to store your cryptocurrencies, including the Trezor, Ledger Nano, and Keepkey
There are also desktop wallets like Exodus, which run on your local machine – but they do have to connect to the internet to transact. Still, desktop wallets are one stage safer, because your private keys are stored on your own device, not on the server of the exchange.
Of course, you need to keep your machine free of malware and so on, but your individual machine is not likely tempting for big-time hacker attempts in the same way an exchange is.
Or keep your assets cold in a USB
But to truly protect your cryptocurrency from online attacks, you need to get it right offline – to a cold storage wallet. Put a literal gap, an ‘air gap’, between your private key and the internet.
If you think of a hot wallet like the wallet in your pocket – convenient and accessible, but never carrying around more than you could truly stand to lose – then cold storage is akin to a safe or deposit box.
There are a number of dedicated devices you can use to store your cryptocurrencies, including the Trezor, Ledger Nano, and Keepkey. These devices all support different coins and have pros and cons.
As ever, you need to do your own research, but they’re essentially USB keys secured with a ‘seed’ phrase (usually 12 or 24 words) in addition to PINs and passwords. Securing that seed phrase is vital, and depending on the size of the asset to protect, you might want to keep a copy of the seed phrase in a separate location.
You are of course placing your trust in the manufacturer of the device itself, and it goes without saying you must never ever use a pre-owned storage device.
Consider a paper wallet
The coldest and least accessible choice of all is to generate a paper wallet, using a specialist online tool for this purpose. But don’t even go to the site until you have run all the virus and malware checks on your computer.
After you get to the site, follow the instructions carefully, including downloading the site for offline use, and ensuring that your computer and your printer are fully offline, before you ultimately print out your cryptocurrency wallet.
A paper wallet is a great way to share or gift cryptocurrency. But as a long-term storage option, it does need to be considered vulnerable in the sense that any piece of paper is vulnerable. If that private key is damaged by water, fire, fading or anything else, it’s gone for good.
A paper wallet is a good response, though, to people who say they don’t trust any currency they can’t see physically, or hold in their hand. Give them US$10 worth of Litecoin or something, on a paper wallet, to get started with. Who knows how far down the rabbit hole they will tumble on their cryptocurrency adventures?
About the Author
Data Driven Investor (DDI) is an online resources that publishes news and op-ed pieces in the areas of technologies, finance, and society. Visit them at datadriveninvestor.com.
Copyright 2018 DataDrivenInvestor.com