Cryptocurrency account hacking is on the rise.
The popularity and surge in prices in Bitcoin and Ethereum means that virtual currencies often become a target for hackers that want to take advantage of these valuable assets. "The economics of hacking suggests that attackers will continue to gravitate towards digital currencies as they increase in value and become more prevalent in our daily lives," says Jack Mannino, CEO of nVisium, a Falls Church, Virginia-based application security provider. Tracking the work of hackers is often challenging since their footprints can be eliminated digitally. When a cryptocurrency account is hacked, investors do not have any recourse legally since the virtual coins are still unregulated by a government entity or central bank. Here are 10 tips for protecting a cryptocurrency investment.
Take a hybrid approach to digital wallet security.
Online wallets have grown in popularity and attract the attention of hackers. Offline or physical wallets should be used to store the majority of a consumer's cryptocurrency, while only keeping a small amount of currency in the online wallet, says Terence Jackson, chief information security officer at Thycotic, a Washington D.C.- based provider of privileged access management solutions. "The physical wallet should also be stored in a secure place such as a safe or safety deposit box," he says. "I would also suggest separating the private and public keys. Both should be secured with strong passwords and multifactor authentication when possible. As cryptocurrency becomes more mainstream, more traditional options will emerge, but in the meantime, you are responsible for keeping your cryptocurrency safe."
Two strong passwords are key.
Never reuse passwords across your accounts, especially since cryptocurrency services are prime targets for hackers. Assume that all of them will inevitably have a data breach, says Kevin Dunne, president of Greenlight, a Flemington, New Jersey-based provider of integrated risk management solutions. "While cryptocurrency is an innovative technology that is evolving quickly, the quickest and easiest ways to secure your wallet is with tried-and-true security tactics," he says. "Limit your exposure by having a unique, strong password for each, with two-factor authentication and password rotation enabled where possible. Using a trusted password manager can help to automate this process and take the guesswork away."
Work with reputable cryptocurrency wallets, exchanges, brokerages and mobile apps.
Before deciding which platforms to use, investors should carefully research each platform's security features to understand how their data will be protected. "Entities to be trusted should incorporate best security practices such as requiring multifactor authentication, SSL/TLS encryption and using air-gapped devices that are kept offline when storing cryptocurrency," says Austin Merritt, cyberthreat intelligence analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions. Using more than one cryptocurrency platform can be safer as long as owners use different, complex passwords for each platform. "Whether using one or more cryptocurrency platforms, it is imperative to maintain a secure password manager to ensure that passwords are not lost," he says.
Protect yourself from mobile phishing.
Many people with a cryptocurrency wallet use a mobile app to manage it. As these commodities soar in price, malicious hackers are motivated to target investors with mobile phishing campaigns to steal your login credentials, says Hank Schless, senior manager of security solutions at Lookout, a San Francisco-based provider of mobile security solutions. These social engineering attacks can come from anywhere on a mobile device, including texts, social media, third-party messaging platforms or email. "Beyond phishing, there are also malicious mobile apps that have the hidden ability to log your keystrokes or watch the activity on your screen," he says. Many people install antivirus software on their computers, and they are starting to realize they should do the same with their smartphones and tablets. "Considering the amount of data we trust to those devices, they are the most important to secure," Schless says.
Be aware how your wallet is used in transactions.
Apply the core principles of "cyber resilience" to your wallet, says Dirk Schrader, global vice president at New Net Technologies, a Naples, Florida-based provider of cybersecurity and compliance software. "Any crypto wallet is a piece of data and code, but a piece that holds a good amount of value for you and others. Be aware of the processes of how it is used in transactions, be sure that systems and networks are not compromised if you are using them for those transactions and have physical protection in place," he says. Investors who trade higher values should spend some time gauging the risks. "Cyberattacks are staged. They establish a foothold first and expand before attacking the prime target (your wallet)," Schrader says. "The cyberprotections applied to your wallet are only as good as your understanding of them."
Understand the different methods and processes to protect your digital currency.
Investments in cryptocurrency continue to rise in popularity with people who do not have a technical background but are seeking to diversify their portfolio. None of the digital assets are managed by an authoritative organization or central bank, so the responsibility to protect your money falls, "almost completely on the user," says Brandon Hoffman, chief information security officer at Netenrich, a San Jose, California-based provider of IT, cloud and cybersecurity operations and services. The likelihood of recovering those losses is minuscule. The three most important components to learn about are secret key protection, recovery seed protection and cryptominer malware protection.
Avoid sharing the secret key.
The secret key is used to validate that the person sending or receiving the digital coins is the owner of the wallet being used, Hoffman says. This secret or private key should never be shared. "The safest way to store your private key is by using cold storage," he says. "Cold storage essentially means printing out your key and removing all digital traces of it." The semifail safe method of recovering your private key is to use a seed, a series of randomly generated words that a user can leverage. "This seed phrase should only be written down or printed on paper and stored somewhere safe," Hoffman says. "With how easily attackers can get access to end-user machines and other digital storage applications, keeping this phrase somewhere digital is very risky."
Skip using wallets hosted by providers.
Other methods of storing Bitcoin are wallets hosted on your laptop or desktop and wallets hosted by providers. The wallets hosted by providers are the "worst choice because you are allowing them to store your private key on their servers which are totally out of your control," Hoffman says. "This is the most common choice because it requires the least technical effort. This places your private key at several risks including a breach of the provider server, the provider going out of business or even a takeover of the infrastructure by a government or other legal entity." Use a hardware wallet, which is a USB-based device that encrypts and stores your private key along with all other relevant details, he says. The method to decrypt them is sometimes physical and is much safer compared to other methods.
Cold wallets have their drawbacks for active traders.
A cold wallet is entirely offline and requires either writing down the private address on a piece of paper that only the owner has access to or purchasing a physical device that securely stores cryptocurrency funds, says Thomas Beek, senior cybersecurity specialist at Digital Shadows. The drawbacks include the time required to store your cryptocurrencies, and if you are engaged in trading activity, the process of "consistently transferring funds between an exchange and the cold wallet can incur repetitive withdrawal fees," he says. "The benefits of a cold wallet include peace of mind that only you have access to your funds."
Hot wallets are more convenient for traders, but losses could be greater.
Retail investors can use hot wallets, a storage option that is connected to the internet at all times to facilitate easier access and the ability to trade and buy other cryptocurrencies more conveniently, such as Coinbase and PayPal, Beek says. The trade-off is security and entrusting the platform with the security of both your public and private address, which "historically has resulted in the loss of significant funds following the successful breach of an exchange," he says. This scenario should only be considered for active traders, but the amount of funds they need access to should continually be evaluated. Hackers will always target large exchanges, especially as the number of retail investors grow. "Irrespective of whether a platform is centralized or decentralized, without proper storage processes implemented by the investor themselves, they are likely to remain at threat from a potential attack," he says.
Ways to keep your cryptocurrency safe:
-- Take a hybrid approach to digital wallet security.
-- Two strong passwords are key.
-- Work with reputable cryptocurrency wallets, exchanges, brokerages and mobile apps.
-- Protect yourself from mobile phishing.
-- Be aware of how your wallet is used in transactions.
-- Understand the different methods and processes to protect your digital currency.
-- Avoid sharing the secret key.
-- Skip using wallets hosted by providers.
-- Cold wallets have their drawbacks for active traders.
-- Hot wallets are more convenient for traders, but losses could be greater.