Crypto Assets: How to Store and Secure Your Investment
Although the bitcoin network has never been hacked, it is a different story when it comes to exchanges and wallets.
Starting with exchanges, the first security rule is not to store your coins and tokens on them. Crypto exchanges are one of the key points of weakness of the crypto ecosystem.
Of course, in order to trade assets, you need to have exchange accounts. However, the amount you hold in the account(s) should only be what is required for trading. This year alone has seen a number of high profile exchange hacks.
In January, there was the theft from Japan’s Coincheck 2018 of NEM tokens, which at the time represented a loss valued at $530 million.
In June South Korea’s Coinrail was hacked for a total loss of $40 million in the value of the tokens stolen.
Clearly this is a problem that is not going away and if anything is likely to worsen.
Investors should have a sliding scale of exchanges that they use. This especially makes sense for frequent traders who may be seeking to action crypto Telegram signals and therefore need to have access to a wide array of coins.
Coinbase might be at the top of the list, followed by second-tier exchanges such as Binance and Bittrex.
In the third tier are the smaller venues that tend to list tokens with smaller liquidity and, judging by the size of their businesses, may have less robust security systems in place.
See our best crypto exchange round-up to help you decide which is best for you.
When you are ready to trade move funds from Coinbase to one of the altcoin exchanges.
Once you have bought the token it should be moved off the exchange unless you plan to sell it soon.
There are two options for storage other than on an exchange and they are a software wallet or hardware wallet.
Exodus has a well-regarded desktop offering with much more choice (30 cryptos) but is not an open source product and doesn’t have two-factor authentication.
Among the most favored mobile wallets is Copay (also available for web and desktop) and includes multi-sig features for added security, which means more than one person needs to sign transactions.
However, wallets on mobile or desktop both have their dangers because of their connection to the internet.
MyEtherWallet, a popular web-based wallet for storing Ether and Ethereum-compliant tokens, was attacked via a hack of a Chrome browser plug-in called Hola VPN. The hack fooled users into sending crypto to addresses belonging to criminals.
Then there are the standard phishing and malware attacks to be vigilant against. In phishing cases, crypto investors are tricked into using a site passing itself off as that of your wallet service.
Alternatively, investors can fall prey to malware on their PC or smartphone that is able to gain access to their private key.
Wallets on smartphones are convenient but vulnerable to porting attacks. These involve a criminal getting hold of an investor’s phone number and other personal details to fool the network provider into porting an existing number to a device they control.
This is a growing problem, particularly in the US. After porting the number to a device or service under their control, the criminal is able to change passwords and bypass two-factor authentication. Once that is done it is a simple matter to gain access to the crypto wallet and proceed to empty it.
So software wallets connected to the internet are not a good idea for anything other than small amounts stored on a temporary basis.
That brings us to hardware wallets that are able to provide a cold storage solution. This is a set-up where the device storing the keys is not permanently connected to the internet.
Hardware wallets are data storage devices similar to a flash drive, but the information on them is encrypted and access is PIN-protected.
When you send your tokens to a hardware wallet you are storing the private keys locally on a device that is not connected to the internet. When plugged into a computer, typically the device works with a companion app downloadable from the Chrome app store.
Trezor was once the preferred choice because of the LED screen it features, but Ledger has caught up in that respect. Ledger’s wider choice of coins that can be stored, which now includes Ripple’s XRP token, has seen it emerge as top dog.
Check out our crypto currency wallet review of the Ledger.
But even hardware wallets can be attacked. In February Ledger had to alert users to a “man in the middle” vulnerability, where malware was (theoretically) able to change the receiving address without the user realizing.
Ledger has since updated its software to prevent that attack vector but it is still good practice whichever hardware wallet you opt for to double-check that the address you are sending crypto to is correct.
If you lose the hardware wallet it can be restored with the 24-word seed used to set up the device. The 24 words are generated in a fixed order and by keying them in as required users can restore their backup.
It is extremely important that the backup seed is written down correctly. Software wallets also involve generating seed words to create your backup. Once written down it should be copied and kept in at least two different physical locations.
Paper can be destroyed by fire or eaten by rodents, so it is worth engraving your seed on to fireproof steel plates and, again, storing them in at least two different locations.
The Egyptians invented paper 5,000 years ago but it still has its uses in the digital age. Many long-term holders who have been around the business longer than hardware wallets have, still use paper to store their private key.
It is less convenient than more modern methods but is just as secure, providing you don’t forget where you hid the alphanumeric string and the back-up copies. Again, consider making metal copies.
Before considering the purchase of a token an investor conducting their own proper due diligence should take into account the custody issues. For example, does the blockchain project have an audited wallet solution for its token?
Crypto investors also need to protect their personal information online and be careful not to give out personal phone numbers or to start bragging on social media about how many lambos they are going to buy with their crypto fortune.
Finally, physical attacks are also a growing issue although most of us probably can’t afford bodyguards. Nevertheless, we can be careful about what divulge online about trading activities and holdings.
Power and responsibility
Crypto is about giving the power back to the individual but that also comes with responsibilities.
The banks of old started out as places where you could safely deposit valuables and charged you for the privilege. Similar custody arrangements are provided by firms such as Xapo.
Coinbase is getting in on the action too with its own vault services.
For the little guys, such services may be prohibitively expensive but if you follow the rules above you should be able to secure your own digital assets without having to pay someone else to do it for you.
Feature Image: shutterstock.com
In Post Image: shutterstock.com, steemitimages.com
DisclaimerThe writer’s views are expressed as a personal opinion and are for information purposes only. It is not intended to be investment advice. Seek a duly licensed professional for investment advice.
Hacking has been a problem for decades. With the advent of the world wide web, and the integration of the financial indu...