How safe are your cryptocurrency wallets, especially now that it has emerged that state-sponsored crypto wallet hacking is currently targeting several exchanges? The world has become heavy digitalized. This has made a lot of things easy to do, and unfortunately, it has become easier to do a lot of bad things. There was a time when countries who were under international financial sanctions could not lay their hands on any cash when they were in this state. But now, a rogue regime can channel state resources to raise teams with one mission only: hack vulnerable cryptocurrency exchange wallets and simply take as much as can be taken.
Trading Bitcoin and other cryptocurrencies may be the hottest attraction right now, but there are elements of these assets that are a hacker’s dream:
- Bitcoin transactions are not reversible. Therefore, once a transfer out of a wallet has been made and confirmed, that’s it. No chargebacks like you get when you use PayPal. Hackers would love nothing than to lay hold of your Bitcoin knowing that once they move it out of your wallet, you basically cannot recover your crypto coins.
- Mobile phones have technology that can render them unusable once they are reported stolen. Sadly, no such technology has been deployed in the cryptocurrency market. Stolen Bitcoins can still be used by the hackers. Already, there is evidence that some of the Bitcoin stolen in the 2014 hack of Mt.Gox has started to surface on several exchanges.
- Bitcoin users are anonymous. This makes it hard to identify who is behind a hack.
So how do you protect your precious cryptocurrency wallets from these bandits?
Wallet Security Methods
Here are some ways to protect your cryptocurrency wallets.
a) Back Up Your Private Keys
Cryptocurrencies are not really stored in wallets; they are stored on the blockchain. It is your private keys that are stored in the wallets that give you access to the section of the blockchain where your Bitcoin and other cryptocurrencies are stored. So if you happen to misplace your keys, you lose access to your cryptos.
Just as you can misplace or lose your physical wallets which carry your cryptocurrencies, you can lose access to your private keys if there is a problem with the digital wallet, such as a virus infection or they become corrupted. That means you need to create a backup of your wallet and the private keys stored there.
When you create a backup of your wallet, you are essentially making a copy of your private keys. Back up your entire wallet several times and store them in several safe places where the only pair of eyes that can ever access them are yours.
b) Encrypt Your Wallets
You need password access to be able to reach your wallets. Using some form of wallet encryption can make it more difficult to gain access to your wallet.
c) Make it Cold and Hard
The only reason why hackers are able to steal from online digital wallets is because they are…online. If your cryptocurrencies are stored “off-grid” in offline wallets, then hackers cannot get to it. This brings us to the concept of ‘cold storage’. Cold storage simply means storing private keys and other wallet contents offline, so that they are not accessible on the internet. If you are a trader of Bitcoin and other cryptocurrencies on any of the numerous exchanges, you should deploy cold storage to keep that portion of your holdings that you are not actively trading with. You should only keep a little of your coins in the online (hot) wallets which your exchange presents to you. So if you lose your phone, your computer or suffer a device malfunction, only a small portion of your cryptocurrency holdings will be jeopardized.
There is also the option of using paper wallets or hardware wallets. These are other forms of cold wallets with which to store your private keys. You should take this advice serious. When an exchange is hacked, it is the cryptocurrency holdings of the traders on that exchange that are stolen, not the exchange itself.
d) Use Multiple Signature Addresses
Multi-signature addresses require the use of at least two private keys to perform a cryptocurrency transaction. These multiple keys are stored in separate wallets and have to be used by multiple authorized personnel. This is the kind of setup you see in corporate establishments. So when a Bitcoin transaction is to be initiated, these signatories will have to sign in to their own components of the transaction. Only when the complete number of signatures is attained can the transaction be initiated.
This process enhances the security of the system, as a hacker will need to get access to all the equipment where the private keys are stored in order to perform a hack.
e) Update Your Device Security Solutions Regularly
Update your operating system as well as the software you use for your internet security, so as to maintain the latest protection against malware and spyware commonly used to steal Bitcoin. It is important that your software can protect against keyloggers, as this is what is commonly used by hackers to capture passwords and private keys.
f) Use 2-factor Authentication
The use of 2-factor authentication (2FA) adds a second layer of security for logins. Google Authenticator is a good client for 2FA and works well to make it more difficult for hackers to steal passwords or private keys from a wallet.
g) Be Wary of Mobile Wallet Apps
In October last year, it was reported that hackers had managed to sneak in a fake Poloniex app into the Google Play store ( https://news.bitcoin.com/10000-people-downloaded-fake-cryptocurrency-apps/ ). It was also reported in another article >> https://news.bitcoin.com/10000-people-downloaded-fake-cryptocurrency-apps/ that more than 10,000 cryptocurrency users had downloaded fake apps that were stealing their login details. Who would ever have thought that a fake app would find its way past the stringent screening procedures on the app stores and be deployed to such devastating effect?
Never download any wallet app from the mobile app stores directly. Rather, use a link sent by the exchange whose wallet you want to download to perform this action. This ensures you are downloading an authentic app and not a clone.