Trading, holding, and investing in cryptocurrency comes with two harsh truths: your funds are always a target for hackers, and the chances of getting back what’s been stolen are next to zero.
Since it is better to be safe than sorry, you should always stay on high alert and make sure that you do everything possible to keep your crypto funds safe.
Today, we will dive into one of the main topics that every crypto trader should worry about — security.
Should you worry about your CEX accounts safety?
One of the main concerns that keeps a potential investor away from crypto is security: more than one in four people think that crypto is vulnerable to fraud, data-leaking, and hacking. And these concerns did not come out of thin air.
For instance, let’s take a look at crypto exchanges — precisely, how common are they being hacked? You’d be surprised how many times that has happened in the past, and the amount of damage they have undergone.
Back in 2014, Tokyo-based crypto exchange Mt. Gox got hacked due to vulnerabilities in its security system. The estimated damage was equivalent to $460 million, and the exchange had collapsed into bankruptcy. Moreover, before that, there was another attack on the exchange back in 2011, when the hackers stole the equivalent of $8.75 million.
In 2018, another Japanese crypto exchange was hacked. Back then, Coincheck’s attack was considered the world’s biggest ever digital currency theft, as it lost around $534 million worth of NEM coins. Even though it didn’t take much time to locate the breach and immediately freeze all the withdrawals and deposits, it still didn’t help, since the theft had already happened. The hackers used a phishing attack to get access to hot wallets and then sent malware to steal the funds. Even though the damage wasn’t enough to make Coincheck go bankrupt, the exchange representatives said that they were “unable to reimburse the funds.”
In 2021, crypto exchange BitMart issued a statement, saying that criminals had breached their security protocols, stolen private keys and managed to get $150 million in cryptocurrencies. It took almost 14 days for BitMart to resume all withdrawals and deposits, while they were gradually allowing transactions every couple of days for different blockchains.
But BitMart CEO Sheldon Xia promised to use the exchange’s funds to compensate every user who was affected by the hack. However, the exchange surely took its time to compensate those who lost their funds.
You might think that this kind of problem can never happen to world-known crypto exchanges, the ones that have the biggest trading volumes and a solid reputation. And you’d be wrong.
In 2019, Binance was attacked by hackers, and around 7000 bitcoin were stolen. The damage was estimated at approximately $40 million, and this theft impacted about 2% of Binance’s total Bitcoin holdings. The hackers managed to steal API keys, two-factor codes, and some other crucial data during the attack.
Despite the damage, Binance CEO Changpeng Zhao said that crypto exchanges have enough funds to cover user losses, and all the users were to be compensated using the Secure Asset Fund for Users (SAFU)—an emergency insurance fund financed through transaction fees.
This list of hackings and thieveries can go on further, but you’ve probably got the main idea: your funds are always a target, and cybercriminals can potentially hack any crypto exchange and get access to your account and hot wallet with your crypto savings.
So the main point is not to defame crypto exchanges and their security, but to never store all your crypto funds on the exchange, and that you should get yourself a wallet. Let’s take a look at what kinds of wallets there are on the crypto market and which one you should pick.
Where to keep your crypto
So the key thing that you need to decide is how you are going to store your crypto, so to speak. As you are aware, all of your cryptocurrency is stored in a blockchain on your addresses. The owner of those addresses is the one who holds the private key to “unlock” that address and thus has full control of the funds. So everything comes down to how and where your private keys are stored. And when we talk about crypto wallets, it is the question of how the private keys to your addresses are stored. So let’s take a look at the options and their cons and pros.
Wallets where you do not hold private keys and they are held by a third party, thus meaning that third party has control of your funds and you need to trust that wallet and its reputation to keep the funds there. So it is like with fiat money. You entrust your funds to a third party. And so you need to choose it carefully, much more carefully than when choosing the bank for your fiat money. A good thing in this case is that you do not have to be afraid that you will lose the private keys and thus lose access to your funds forever. Yet, entrusting your private keys to a third party also creates an additional layer of risk. The security of your funds is entirely dependent on the security and dependability of this third party. One of the examples of entrusting a third party with your funds is keeping your funds on an exchange account. And as we wrote above, there is a history of exchanges being hacked. Another risk with a custodial wallet is that you are at the mercy of a third party, i.e., if for some reason they decide to restrict your access to funds, it is a pain you would have to deal with. And as recent evidence shows, such a risk is quite viable: with the development of the conflict in Ukraine, certain governments have prevented custodial wallets from completing transactions for citizens in certain areas.
These are the wallets where you are the one who holds control of your private keys. Among these wallets, there are hot wallets and cold wallets. Let’s dive deeper into what they are.
Hot wallets are crypto wallets that are connected to the internet and cryptocurrency networks. That means you need access to the internet if you want to use it, and that makes it much more vulnerable to hacking. Apart from web-based wallets that are used in crypto exchanges, you can also download a desktop wallet (e.g. Exodus, Electrum) or use a mobile wallet (e.g. Trust Wallet, Mycelium). However, keep in mind that your smartphone or PC can be infected with malware and viruses since there is no absolute cyber protection from them.
It is not recommended to store large amounts of your crypto funds on hot wallets since each of them has their own vulnerabilities and does not provide you with proper security. On the other hand, they are simple to use and they work great for day trading routines.
The best way to protect your funds is to buy yourself a “cold” wallet. The old-school cold wallet was a paper wallet, and the more modern option is a hardware device with the look of a USB drive that is designed to be immune to hacking, even when you plug it into your computer.
Old-school paper wallets were generally used before the boom of cryptocurrency and related devices for storing them. Simply put, a paper wallet is a collection of keys printed on paper; thus, when you choose to print your keys using paper wallet generator apps, the keys are removed from the network and your digital wallet.Crypto exchanges back in the day offered this option to their customers.
That means no one can hack your piece of paper. However, if you lose this piece of paper or if it gets physically stolen, then your funds are gone forever. As you might’ve already guessed, this kind of technology was quickly replaced when more advanced hardware devices entered the market.
Now let’s take a look at cold digital hardware wallets. Unlike hot wallets, hardware cold wallets sign the transaction with the private keys in an offline regime. Since the private key does not come into contact with a server connected online during the signing process, even if a criminal comes across the transaction, he would not be able to access the private key used for it. However, this kind of security comes with a price.
The cheapest cold wallet you can find might cost you around $50 or $60 (e.g., Safepal S1, Ledger Nano S), but these wallets usually support a limited number of cryptocurrencies, usually the most common ones, like Bitcoin, Ethereum, Cardano, etc.
If you want to have a cold wallet that supports almost every possible cryptocurrency out there, can store NFT from different blockchains and also operates on every possible operating system, including mobile ones, then you’ll have to pay a hefty sum, starting from $150 (Ledger Nano X), up to $300 and more (e.g., Trezor Model T).
A cold wallet, whilst being less convenient than a hot wallet, can provide you with almost total security. Nevertheless, there are certain risks that you may still encounter: physical theft, losing your private key, and hardware damage will lead you to lose access to your funds.
Tips to keep your crypto funds secured
No one can guarantee you absolute security when dealing with crypto. However, the more tips you follow, the better chance you have to keep your funds secure. Let’s take a look at the seven most important security tips every investor and trader should consider:
Consider a cold wallet
A cold wallet is a must if you have a significant amount of money stored in cryptocurrency, so buying even the cheapest one might be a good idea. A hardware wallet is the most secure way to store your cryptocurrency because it is more difficult to hack or hijack than a hot wallet or an exchange account.However, there are some drawbacks to utilizing cold wallets: they can be expensive; some of them don’t support all types of cryptocurrencies (so before you buy one, be sure it supports yours); and if you lose the device itself or its private key without having a backup, then your assets will be gone.
Still, despite all the drawbacks, a cold wallet is your best bet when it comes to security, so consider buying one if you can afford it.
Use hot wallet only for day trading
Hot wallets are easier to use on a daily basis, but they are also more vulnerable to hacking, so it is better to keep only a small part of your crypto funds there for your trading routines. When using hot wallets, you should always take extra security precautions, so things like using a strong password and two-factor authentication (2FA) are a must.
Ensure secure password protection
When working with cryptography, you must never use the same “123ABC” password that you might be using for your WiFi at home. The longer the passwords you make for your exchange accounts and wallets, the less likely they are to be hacked. If you can, it’s a good idea to update your passwords on a regular basis, just in case.
It is also worth writing down the passwords on a piece of paper and keeping them somewhere safe so that you can check and remember them if you forget one.
The same goes for the seed phrase that can help you to restore access to your wallets like Trust Wallet or Metamask. They are generated by the wallets themselves, so you should write it down and keep it somewhere safe in case you need to make a master backup when you move your funds from wallet to wallet and thus to get access to your cryptocurrencies.
Be careful about social engineering
Nobody’s encouraging you to keep a low profile and never talk to anyone on the internet, certainly not. However, if you receive a direct message on Telegram, Instagram, or Twitter claiming that you have won a bitcoin or a whitelist spot in an upcoming and much anticipated project launch and that you must transfer them a nominal charge of, say, $30, then you should know that it is a scam. The same goes for attempts to ask for your seed phrase, your API keys, etc. Scams are committed not only through pump-and-dumps, rug pulls, or honeypots—scammers might also try to talk you down via social engineering to get what they need from you.
In the crypto realm, no one will ever offer you something for no reason. The only thing you can acquire for free is a trojan virus that steals your computer’s login information. If you don’t want to lose your money, you must be extremely cautious and vigilant at all times.
Beware of phishing attacks, aka Do not click on any suspicious links
Phishing refers to an online fraud in which cybercriminals create legitimately looking websites and services that contain malware and trojan viruses. They are frequently used to steal people’s private keys or logins and passwords.
Since we’re talking about money and investments, you must stay on high alert all the time. That means you shouldn’t click on links in suspicious direct messages or emails that come from people you don’t know. Certainly, you should also never share your seed phrases or passwords with anyone.
Before entering your data on any website or mobile app, conduct some research to see whether it is safe and reputable to use: read reviews; run a background check; check if the website contains any grammar errors or misspellings.
Never store all your crypto in one place
As you might’ve already understood from the CEX hacking examples above, storing all your crypto savings in your exchange wallet might not be a wise decision. Certainly, keeping some of your funds in your hot wallet might be convenient, especially if you use it for transactions and day trading on a daily basis. Still, even in that case, it might be wise to spread your funds across multiple wallets, so you could have some on your desktop wallet, some on your exchange wallet, and a mobile wallet as well, just in case. So, even if one of your wallets is hacked, you’d still have other wallets with your stored funds.
However, if you plan to invest for the long term, you should really consider buying a cold crypto wallet and keeping most of your funds there.
If you are not sure which cryptocurrency you should store in your cold wallet for a long time, then consider those that have been on the market for years and have a good reputation. Certainly, the recent situation with Terra showed us all that even major cryptocurrencies with millions of holders and billions of dollars in market capitalization can fail, so picking currencies like Bitcoin or Ethereum might serve you well for that purpose.
Only use reliable exchanges and software
As obvious as it can be, you should never interact with shady software and unreliable exchanges. If you’re struggling to pick which crypto exchange you should pick, check out CoinMarketCap’s list.
The same goes for mobile apps and different software. It is always up to you and your ability to do your own research when it comes to your personal security.
Your wallet was hacked. Is there anything you can do?
If someone hacks your personal account on a crypto exchange, then in most cases the exchange will try their best to compensate for your losses-that is if the hack happened due to their own security failure and not because of your own incompetence. But what if your personal hot wallet is hacked? Is there any hope? Unfortunately, there are almost zero chances of recovery, but there are some things you must do when the hack happens:
First of all, you should act as fast as you can. Transfer all that is left from your wallet to your other wallet ASAP.
Secondly, you should delete your hacked wallet and change all the passwords to your exchange accounts and other wallets. Changing your email address might also be a wise idea.
Thirdly, try to figure out what exactly caused the hack. Check your PC or phone for viruses and run a full clean-up. Try to remember if you clicked on any suspicious links lately or if someone could find out your personal data, so you could prevent that from happening in the future.
Fourthly, if you reside in the USA, you can contact the FBI’s Internet Crime Complaint Center IC3. Certainly, they cannot guarantee you, an average person, that they will solve your case, however in some cases the FBI have been able to track down stolen funds.