We usually start thinking about safety when something goes wrong. Security of crypto funds is not an exception — many users learn about how to keep their funds safe only after they were stolen. Luckily, following several simple rules can radically minimize the probability of a theft.
In 2020 alone, over $2 billion were hacked and stolen in cryptocurrency. In an unregulated market with no reversible payments and central authorities who could help in case of a theft, the burden of responsibility for the safety of your coins falls entirely on your shoulders.
Let’s see how you can minimize the chance of dishonest people reaching your funds.
Safety of crypto starts with safety of your device
You can improve the security of your funds in multiple different ways. Besides things related to crypto storage itself, it’s worth checking if your computer and internet connection are protected in general — these two are sometimes sources of hacker attacks and security breaches.
Tips for keeping your device safe
- Make sure operating systems on your PC and laptops are genuine. Cracked software is more vulnerable to attacks.
- A good antivirus or anti-malware app will help you combat hidden security threats on your PC and mobile phone. The danger can be invisible in your routine work, and special software will fight against it.
- Download software from official sources — cracked versions can have trojans. If possible, check the signatures and authenticity of software you download using tools like Kleopatra
- When possible, use open-source software verified by the community.
- Use ad blockers — besides hiding ads, they will also protect you from malicious trackers. uBlock Origin are two services of this kind.
Keeping your connection secure
Once you’ve made sure your computer is safe, it’s time to take care of the security of your internet connection. First, avoid using unprotected public WiFi — anyone sharing this network with you can intercept the data you send, including your passwords. If connecting to such a network is unavoidable, use VPN to encrypt your sensitive data.
Second, take measures to protect your WiFi at home. Set a good password that is hard to crack and monitor the network to see if there are no unwanted connections.
Browsing internet safely is easy
- Private browsers like Mozilla Firefox will help protect the sensitive data you send. It’s worth knowing the risks of using Google Chrome: it keeps track of your online activity and stores your data.
- Don’t keep the passwords in a Notes app on your phone! Use tools for their encrypted storage, such as
- Whenever you use a website for banks or crypto wallets, double-check if you are on the right domain: fraudsters fake websites by spelling them slightly differently. Bookmark correct sites if you use them repeatedly.
- Same security rules relate to browser extensions: check if they are official and avoid installing suspicious add-ons.
- If you save passwords in your browser and some hackers access your device, they will find it easy to enter your website and app accounts. Avoid saving passwords in browsers.
- Leave your personal data only on websites that you trust. Avoid interaction with dodgy crypto-related sites.
- Use 2-factor authentication for important accounts and wallets. Google Authenticator will help.
Tips for secure emailing
A virus-free computer, secured internet connection and safe browsing are essential for protecting everything on our device (including crypto). One additional step is making sure the email services you use handle your data with care. Privacy-focused, encrypted, and free ProtonMail keep your correspondence safe even if you are to be breached.
But even if you are not, keep in mind that falling victim to phishing emails is relatively easy and bears risk for everything you do on your device. Malicious messages may contain infected PDFs, Google Docs, archives, or links to websites very similar to their original counterparts. Consider any unknown email a scam and don’t interact with any of its contents.
Wallet and exchange safety
Now that we’ve considered general security rules, let’s step into the tips for keeping your crypto safely.
Non-custodial storage
- When choosing a hot wallet to store your funds, pay attention to important safety criteria. If not all are met, that doesn’t necessarily mean the wallet is unreliable, but many gaps should signal that the wallet should be avoided.
- The wallet should be community-tested and open-source.
- Private keys are available.
- Good user reviews and absence of hack reports are a good sign.
- The team behind the wallet is known and hasn’t come out of nowhere.
- If you want more protection, get a hardware wallet — with its physical disconnection from the internet, the chance it’s hacked is close to zero.
- Take measures to protect your recovery phrase (or seed phrase). Enter it in a password manager, make a physical backup on a piece of paper, and consider putting it in a bank deposit box. Losing the phrase means you are at risk of losing your crypto.
For centralized crypto exchanges
- Whitelist your withdrawal addresses. This will prevent malicious actors from sending funds to their destination.
- For the same reason, safelist your home IP address. Whenever a hacker attempts to access your exchange account, they will be blocked.
- Configure phishing phrases if your exchange allows doing so. This phrase will be included in any official email from the exchange, so if you get a message without it, you will know it’s a scam.
General tips for secure experience in crypto
Remember that most of the blockchains are public: whenever anyone knows your address, they can check the size of your savings. That’s why it’s a good idea to create new addresses for different transactions from different people and not to show off with your holdings in public.
Use 2FA wherever it’s possible. Even if a hacker gets to know your login credentials, they won’t be able to access your account. Avoid using SMS for 2FA confirmation as malicious actors have technologies to emulate your SIM card and receive your messages.
Use unique passwords for all important accounts and wallets: if someone accesses your device or the passphrase leaks, hackers will find it easier to break into all your platforms.
Recent crypto hacks
One of the most important security tips in crypto is making sure that the exchange or a smart contract you’re planning to engage with is trusted and secure. Many services fall victim to hackers due to poor protection. Let’s review some of the most dramatic hacks in 2021.
Bilaxy Exchange
An exchange’s hot wallet can easily be considered its most vulnerable place. On August 28 this year, the hot wallet of Bilaxy exchange was hacked, and funds in over 300 were stolen. The total loss is said to have reached $450 million.
Poly Network
The same August, one of the biggest-ever crypto hacks occurred with the Poly Network DeFi protocol. The smart contract was not audited well enough and fell victim to hackers who stole over $600 worth of cryptocurrency. Tens of thousands of customers suffered.
However, unexpectedly, this is a story with a happy end. The Poly Network officials wrote hackers an open letter asking them to return the stolen funds. The threat of an international pursuit seems to have scared the thieves, and they paid back the damages. Poly Network confirmed receiving the funds back.
ThorChain
A hack of the ThorChain decentralized exchange and liquidity provider depicts how many cunning ways of stealing users’ funds there are in crypto. In July 2021, a hacker noticed vulnerabilities in a ThorChain smart contract and deployed their own malicious contract mimicking the deposits of fake coins. The hacker even warned the protocol team and told them not to rush with their release before a proper security audit.
However, the team launched the platform with potentially faulty code before the security review, and the cybercriminal decided to “teach ThorChain a lesson.” $15 million were stolen in two rounds of hacks. The hacker even claimed they’d steal more, but the hack was only a “lesson.” The ThorChain attack is a good example of how a crypto platform hack could have easily prevented the case if basic security measures had been taken.
Fake METAMASK Scam
Even a seasoned crypto user can fall victim to a scam. A popular NFT developer described in a Twitter thread that one night, when his mind was “foggy” due to personal issues, he bumped into an NFT giveaway in celebration of the CryptoPunks 4th anniversary. The message contained a link to a fake Larva Labs (CryptoPunk creators) website.
Once on this website, the developer saw a popping up naturally-looking message from MetaMask claiming that his account was compromised and he needs to re-enter his seed phrase. After doing this, the victim saw how his account was drained of ETH and NFTs. He said it was a huge shame for him as he was present in the crypto space since 2017 and knew of such scams, but wasn’t careful enough at the critical moment. This is an important message for all of us: if we overestimate our security measures and skills, hackers may play a bad joke with us.
Bottom line
With such an abundance of security measures, it may seem at the first glance that following them all at once is quite hard. But firstly, you don’t have to change everything right away — keep your own comfortable pace of making your devices and funds more protected. Secondly, once you’ve set everything up, following the tips won’t make your daily routine less smooth.
The old saying states:
“Don’t trust, but verify.”
This is especially relevant in the digital space, and it’s always worth checking the source of software that you download, the authenticity of websites that you enter, and good intentions of emails that you receive. The thought of following security measures all the time may hint you that it will be exhausting as you always have to stay alert. But if it’s the price for keeping our crypto life savings protected, isn’t it worth paying it?
