Guides & Analysis

Keeping your Cryptocurrencies Safe. Guide on Reducing Cryptocurrency Security Risks

By October 15, 2018 No Comments

cryptocurrency security lockFrom the start, when the Bitcoin protocol was released in 2009, cryptocurrency ownership has given investors a very motivating experience.

The bulk of this motivation arises from factors like the potential for gains (or losses) in coin value or even the emerging possibility of regulation. Most of the factors affecting the value are way above investor control.

Another serious risk of the danger of security breaches. Though investors have significant control over the danger of losing coins in the event of a security breach, no guarantees are provided.

To keep your coins safe, it is important to combine knowledge, vigilance, and discipline when operating in the niche.

The Rise in Cryptocurrency Values Reflect the Growing Need for Security

crypto security guide

source: BLMP

Willie Sutton, one of the famous American robbers, was once asked why he robbed banks. He is reported to have replied, “That is where the money is?”

In the same spirit, the rate and value of security breaches against cryptocurrency owners have been going up. Why the upward trend? Because user numbers and value of the cryptocurrencies are on an upward trend.

Take the case of 2017 statistics on cryptocurrencies captured by The Telegraph.

  • As the price of Bitcoin shot from about $1,000 to near $20,000 mark in 2017, crimes associated with it rose by more than 200%.
  • One in every ten owners of cryptocurrencies was at risk of getting affected by scams.
  • Investors lost $225 million due to phishing scams.
  • Ethereum-related cybercrime alone resulted in about 30,000 owners getting scammed.
  • About $390 million was lost to cybercriminals.

 

To succeed in your cryptocurrency investment, you need to keep the coins safe.

This guide was created to help people holding crypto coins or prospective investors identify, detect, and recover (where possible) from various security vulnerabilities.

How Do Cryptocurrency Owners Lose Their Coins?

If you follow many people who promote cryptocurrencies, you will realize that they mainly focus on the positive side of owning the coins.

We combined an inclusive list of key security problems that you should anticipate when investing in cryptocurrencies. We are not trying to pose the cryptocurrencies in lousy light. We will also focus on how those in cryptocurrencies can detect and even avoid related loss and crime.

The following scenarios depict the negative side of investing in cryptocurrencies that many promoters rarely tell you.

Investors often lose their coins through;

  • Losing or forgetting their private keys (coded access codes).
  • Lack of ample awareness and resources to keep cryptocurrencies safe.

Criminals are becoming very sophisticated and are using advanced technologies.

  • They get access to coin owners’ private keys and demand a ransom to release the keys.
  • They gain access and divert computer resources of the coin owners (without the knowledge or owners) and use them in different money making schemes.
  • They trick owners into believing they are genuine service providers or blockchain project startups.
  • They break into different digital storage spaces and siphon users coins into their accounts.
  • They fool coin owners and make them behave in a way that crooks gather information about them.
  • They trick people to invest in startups that are designed as Ponzi schemes.
  • They infect good websites with malware targeting to access and steal users’ private keys and seed phrases.

The above security risks and misfortunes demonstrate the diverse themes of deception, theft, and use of malware.”

Important Cryptocurrency Concepts You Need To Know Today  

Before diving deeper into the methods you can use to challenge the security risks, it is prudent to take a closer look at some of the basic ideas that the cryptocurrency security is premised on. We identify the basic idea, the relation to security, and give references to other sources for additional details.

The blockchain and cryptocurrencies

Here, we presume you are familiar with the two primary concepts. The blockchain is a digitized and decentralized public ledger of all cryptocurrency transactions.

The progressively growing blocks are recorded in the public ledger chronologically. Cryptocurrency, on the other hand, is a digital currency that utilizes cryptography for security to make it difficult to counterfeit for its advanced features. If you need, consider refreshing your memory of the two concepts here and here.

The cryptocurrency encryption and storage

In the crypto niche, protecting and storing digital coins are the core elements needed for success. The crypto networks provide users with complex codes for protection while wallets and digital exchange offer storage and facilitate transactions.

  • A cryptocurrency wallet: This is a digital storage space designed to help people hold and manage their coins. You can opt to use a hot wallet (connected to the internet) or cold storage (offline and considered more secure).
  • Private keys: This is a set of codes that combines numbers and letters to provide users with access to their wallets. The private key is also important in helping users run transactions such as sending coins from that wallet. It is prudent that the private key is kept private all the time because a person with the key can easily access your wallet.
  • Public address: This is another code containing strings of characters and used to serve as the main address to your wallet. Unlike the private keys, the public address is fully open and can be given to your payers.

Encryption

Encryption involves hiding data by converting it to a special code that can be transmitted through cryptocurrency networks without easily getting revealed. To get the encrypted data, the targeted recipient is required to have a decryption code. These decryption codes are referred to as keys.

Asymmetric cryptography

When using two-key encryption, the security is provided on two important pieces of information referred to as the private-public key pair.

Public key gives the location where the coins are stored online. The private key helps to decrypt and reveal the information about the stored coins. The data that is stored on the blockchain includes the validation of the location, amount, and ownership.

The private keys info has become the primary target of cybercriminals. They employ various tactics such as breaking through installed security walls to gain access to the private keys. They steal the keys because digital coins lack a physical form, the way we know dollars or Euros.

The main key to understanding cryptocurrency security is this; the person with the private keys validation info is the owner of the currency. Therefore, you lose the private keys; you lose the cryptocurrency.

Wallets

Irrespective of the cryptocurrency of interest, the private keys will need to be stored securely somewhere. That location where you store the coins is called a digital wallet.

The cryptocurrency wallet can be an online wallet or third-party service such as the exchanges. You can also opt to store the coins in offline storage such as hardware or paper wallets.

The level of risk security: The longer the wallet you are using to store the tokens is connected to the internet, the higher the danger of losing the coins.

  • Hot wallets: These are online exchanges that can be accessed using applications or Web Browsers. They are referred to as “Hot” because they are always online. This implies that they are more vulnerable to malware attacks.
  • Cold wallet: Unlike the hot wallet, the cold wallet stores the coins offline. This implies that the hackers do not have the internet connection to the wallet or private keys and cannot break in.
  • Hardware wallet: These are small finger-sized hardware devices that look like standard USB drives. They are physical devices that can be used to store and run transactions. Every hardware wallet is sold with a private key that provides the user with respective validation info. If you cannot get the blockchain information, the coins will be inaccessible.
  • Paper wallets: This involves writing the private key code on a paper and securing it offline.

If you want to store the tokens safely, you would need to use two digital wallets; hot wallet for running transactions, and cold wallet for storing the coins especially on the long-term.

NOTE: It is a security best practice to back up your private keys for all the wallets and securing them offline.

Cryptomining

When the first system for mining was set up in 2009, the potential was only for 21 million Bitcoins. But only about 17 million Bitcoins are in use.

crypto mining

Source: blokt.com

Crypto mining is the process of releasing new coins into the system. The process involves gathering and verifying the blockchain transactions of the respective network and releasing new blocks into the public ledger.

The procedure involves miners who are required to solve complex mathematical puzzles to get the opportunity to verify the transactions. The first one to get the puzzle right gets the chance to add the new block and gets rewarded with native coins. To remain competitive (confirm more transactions) you will need specialized hardware such as GPU and ASICs that generate a lot of hashing power.

Key attack opportunities used by fraudsters at this point include:

  • The hackers can steal the coins directly from cryptomining companies.
  • Tricking the cryptominers to make them buy non-existent computer hardware.
  • The cloud mining firms lending cryptocurrency miners at prices higher than they will earn. They offer profit by simply taking the coin value from all the new users which is a classic form of Ponzi scheme.

Cryptocrime Tactics

For people who closely follow the crypto news, the list of crimes is indeed long. They range from shady dealings to spoofs that target those with the coins. Here are some of the terms you need to know and that will help you remained informed. How many of these do you know?

  • Social engineering: This is a general term used to denote a criminal fooling the target to get some advantage such as revealing the private keys. Since it is used as a means to an end, it is taken as a preface to other more serious criminal activities such as cryptojacking.
  • Phishing: This involves the criminal presenting the target with the false pretext of a company, individual, organization or even government agency to prompt them taking action such as opening a malware. In the crypto niche, the phishing attacks end up into wallet break-ins or ransomware that involve stealing the user’s private keys.
  • Cryptojacking: This is a strategy used by criminals to divert the cryptocurrency holder’s resources without their permission. The criminal tactic is used in crypto industry to divert mining resources of the target’s computer to mine cryptocurrencies.
  • Breaking into online wallets and vaults of the exchanges: This method involves using false identities to get the user’s private information.
  • Malvertising: This name tells the entire story. In this tactic, the criminals use malicious ads to spread malware to the targeted clients. The criminals target compromising web browsers and their plug-ins.
  • ICO exit scams: This method has become very common resulting in the banning of many ICOs in some countries. It involves establishing an ICO, publicizing it, and persuading investors to buy the tokens. The scammers even reward the buyers who refer new clients. Then, they run away with the investors’ money. This is the standard form of an ICO scam.
  • Poisoned website: This term is used to denote a site that criminals use to deliver malware. The malware is mainly carried as an ad.
  • Phone porting: This attack method is a combination of hacking, phishing, and outright breaking into a target wallet. The hackers snoop in various places such as crypto-related conversion platforms, social media, and other platforms where investors post their details such as email and phone numbers. Once the scammers have all information about you, they pose as victims, call the phone provider, and persuade the customer support to transfer the number to a device they control.

Once the hackers have taken control over your number, they access your cryptocurrency exchange account, compromise the password, use the phone number for the second-factor authentication, and siphon away the coins.  

  • Spear phishing: This attack method involves targeting a specific organization or individual of interest. The attack can take place prior to stealing user data or installing malware into the target computer.

How Do You Secure Coins When Trading and At Home

In many forums, you will hear many analysts indicating that the only safe method of storing coins is through cold storage. However, this is a great option especially for those who target long-term storage. However, you will at some point need to transfer the coins to another wallet or exchange them.

The following are great tips you can use to keep the coins safe:

Isolate the Investment

Isolating the investment involves using a dedicated computer for transactions to and from the wallet. The process involves creating an air gap around the computer by ensuring that it is not connected to the internet when no transactions are running.

You can also isolate the computer by ensuring it can only connect to the network through another computer (gateway).

The method is one of the simplest to use. Connect the computer when running a transaction and disconnect immediately after the transaction is completed.

Remember that the computer should not be used for any other task.

Securing Yourself When Trading Cryptocurrencies

Isolating the computer is the first line of defense for protecting your tokens. You should also use the following tactics to keep them secure when exchanging the coins.

    • Secure your computer’s operating system: Consider installing the operating system on a new computer or format the hard drive before reinstalling the preferred OS.
    • Identify and use a reliable password manager: Many people have lost their coins because of forgetting one or several codes in their private keys. To avoid making this mistake, consider using a good password manager. This means that you can rest easy without worrying of ever forgetting or keying the wrong codes.

 

  • Employ 2-factor authentication: Two-factor authentication helps coin owners to use two steps such as password and phone number for enhanced security. You can opt to include an SMS or email for confirmation before getting access to a wallet. This means that even if the attacker manages to break through the first layer, it will still be impossible to siphon the tokens without your email or phone.

2 factor authentication cryptocurrency

 

  • Consider using a hardware wallet: Hardware wallets are considered the safest when storing coins because they are always offline. Some are even designed to facilitate transactions without the keys leaving the hardware.
  • Utilize virtual private network (VPN): VPNs are considered very secure when transferring important information across the internet by encrypting the path. In the cryptocurrency systems, VPNs encrypts the network path followed by the coin from the sender to the destination. It is very important to use VPN, especially when using a network that you do not control.

This is the first part of our Ultimate Cryptocurrency security guide.  Sign-up to CoinCheckup  and make sure you come back for the second part in just a few days. 

In the next part we will be talking about taking on the challenge of cryptocurrency security and what you should do in order to avoid some of the most common cryptocurrency theft threats.

Don’t forget to stay safe when navigating the crypto space! 

Head of Marketing @ CoinCheckup.com