May 6th, 2022
If you have up to $250,000 deposited in your bank account, your money is insured by the FDIC. But the same level of protection cannot be provided against cryptocurrencies. In fact, Coinbase, Binance, and other well-known crypto exchanges provide their own insurance to cover a fraction of your investments.
Crypto.com, a 5-year old cryptocurrency exchange (with Matt Damon as their brand ambassador), got hacked in early 2022. Hackers got away with $15 million worth of cryptocurrency. If crypto exchanges and wallets aren’t safe, should you quit trading in crypto?
Let’s dig a bit deeper to understand what a cryptocurrency wallet is and what you can do to safeguard it from hackers.
A cryptocurrency wallet or digital wallet is an app, service, or a physical wallet like a USB stick, that stores public keys and private keys, keeping your crypto safe and secure. These keys are strings of complicated letters and numbers allowing you to encrypt and decrypt whenever you’re making crypto transactions.
Crypto wallets are neither issued nor insured by any central governing authority such as the federal government, central bank, or an insurance agency. You can think of a public key like a bank account username, and a private key like a PIN code or a password. It’s these private keys that you need to safeguard, or else your entire wallet could be emptied within seconds.
Generally speaking, most cryptocurrency wallets come with a number of protection mechanisms such as complicated passwords and secret phrases. It is not possible to easily hack any wallet. But due to a rise in hacking attempts on cryptocurrency wallets and exchanges, crypto users should start taking extra safety precautions.
Cybercriminals use sophisticated tools and techniques to hack crypto exchanges and wallets. Here are our top 10 tips on how you can secure your crypto wallets and reduce the chances of getting compromised:
There are two types of crypto wallets that you need to understand:
Hot wallets can be logged into from anywhere at any time, but come at a greater risk of data theft and breaches. Cold wallets require some technical knowledge to set up and are considered safer. But if you lose your offline wallet, there is no “forgot your password” option to recover it.
An excellent example is Ledger, developers of a hardware wallet with the highest possible level of security. Your crypto currency’s private keys are stored under several layers of security, in a USB stick that comes with sophisticated security measures.
2FA provides an additional layer of security to your account. When someone tries to log in, you receive a message or an email with a verification code. This additional step makes it challenging for hackers to access your account. They would need this verification code, for which they may call and try to convince you to hand it over to them.
As a good rule of thumb, never share your 2FA code, One Time Password (OTP), or any other secret verification code with anyone. Nobody from the crypto exchange will call you for your credentials.
A seed phrase is a collection of 12 to 24 random words generated by a wallet service such as MetaMask. This seed phrase has to be entered in the exact same sequence you get when signing up.
Unfortunately, there is no “forgot your password” option you can rely on. Hence, if you lose your seed phrase, you also lose access to your wallet, with no exceptions. Keep this seed phrase in a safe place offline. Simply write it on a piece of paper and put it where you’d normally place your belongings.
According to a study, 75% of millennials in the US use the same password across multiple devices. As astonishing and ridiculous as it may sound, what’s the most common password? Well, you guessed it right! It’s 123456. In independent research by NordVPN, this password topped the list of 200 most commonly used passwords in the world.
And how long does it take to crack? Well, hardly a second!
Now imagine someone putting all their hard-earned cryptocurrency in a wallet with this password. Who’s really to blame?
On the other hand, completely random passwords are the hardest passwords posing a serious challenge for hackers. But you also need to write them down somewhere in a safe location if you can’t remember them.
Here are some tips on creating a strong password:
For more tips on password management, check out our other blog on how to keep your passwords safe.
Never put all your eggs in one basket. Imagine you had 2 dozen eggs. Which would be riskier? Putting all of them in one basket or dividing them equally in two?
What if the basket fell? All eggs would break! But what if you had 2 baskets, and only 1 fell?
The same concept applies in the world of cryptocurrency trading.
Instead of putting all your NFTs and cryptocurrencies in one wallet, divide them in at least 2. Use one “hot” wallet for day-to-day transactions, and a “cold” wallet for HODLing.
Imagine you’re watching a YouTube video on how to make money from cryptocurrency trading. The channel has over 500,000 subscribers, and the content creator is credibile in this niche. Somewhere in the comments, you see the channel owner asking you to reach them out via their WhatsApp/Telegram number to invest with them and double your profits. .
You see the number and add it to your contacts. Without giving it a second thought, you connect with them and get added to their “special” Telegram group. You are now convinced that it is a “life-changing opportunity” for you. After several days, you transfer $500 worth of Bitcoin, Ethereum, or any other cryptocurrency with a promise of “receiving it doubled to your wallet within 24 hours.”
After transferring the funds, you email the channel’s creator and verify whether they received the funds or not. Alas, you get a reply, “Sorry buddy, which funds? I never asked for any money.” Your entire world collapses. What just happened in this scenario is one example of a popular scam in the crypto world.
That person was none other than a scammer pretending to be the channel owner. This is happening at such an alarming rate that crypto YouTubers with millions of subscribers are pushing YouTube to take action on it.
Whether or not YouTube does its part, it is time you realize that there is no such thing as easy money. This is a dangerous scam with obvious red flags. Yet, people fall for it.
A phishing attack is when hackers trick you into entering your user credentials into a legitimate-looking website.
For example, you may receive an email from your crypto exchange to immediately reset your username and password because your account was compromised. The website looks real, except it’s not an actual link for that exchange. Always ensure that the link is HTTPS and of the correct website.
Cryptocurrency trading platform Wormhole was attacked in February 2022, which resulted in the loss of more than $320 million. This goes on to show that regardless of the level of security, you can never rely on storing cryptos in any online exchange. It’s better to store your digital coins in offline and online wallets to manage your risks.
Working from home is a blessing. You can now work remotely for companies by enjoying your favorite cup of coffee at a nearby cafe. But here’s the catch: public WiFi is not secure and definitely not an option when making an online transaction from your bank account or crypto wallets. When connected to public networks, always use a reliable VPN.
A sender or receiver of cryptocurrency is identified by the wallet address. This address is a string of alphanumeric and special characters typically 26 to 35 characters long. Before sending the cryptocurrency to another wallet, always double-check the recipient ID.
Malicious software can edit and paste the wrong wallet address belonging to a hacker. Once the transaction is made, it can never be reversed on the blockchain network. Hence, it’s better to be safe than sorry.
Many antivirus programs provide amazing protection features against crypto hacking and phishing attempts. These programs scan all incoming email and flag potential phishing attacks to safeguard your wallets.
Always buy licensed versions of antivirus software and keep them updated with the latest database.