Securing Your Crypto Assets
In 2021 alone there has been over $1 billion worth of #crypto assets stolen by #cyber criminals via different hacks and breaches. The crypto space is a huge attack vector right now and will continue to be so for the foreseeable future.
Securing your crypto assets can be a daunting task for newcomers to crypto investing so in this blog we’ll discuss 5 simple ways which will help you keep secure and reduce the risk of losing your crypto assets.
1) Email Account
Over 85% of all successful Cyber attacks originate from a #phishing email leading to account compromise. When it comes to crypto currency, phishing individual users is a relatively simple and successful way to harvest login credentials or recovery phrases.
A very simple way to help reduce or guard against phishing emails is to create a dedicated email account separate to that of your normal daily use account. This dedicated email address should only be used for crypto related activities and not linked to other personal accounts in any way. So yes, use it for the likes of #Binance or Coinbase registration but don’t link it with your online banking, shopping or communication with friends etc. This reduces the amount of coverage that your email address has, in turn reducing the likelihood of being targeted with a phishing email.
Personally, I use a ProtonMail account for all crypto related activity and take a guess at how many phishing, marketing or sales type emails I’ve received over the past 5 years… Zero, none, not a single one…
Action point – Go ahead and create that dedicated email account
2) Secure Password
When it comes to setting #passwords a vast majority of people are lazy, use the minimum combination required, something that is simple to remember and use that same value across many if not all online accounts. What happens if your Facebook password is compromised and you’re using that same value across all crypto exchange accounts?
Always set a secure password that is different for each online account and never re-use the same value. But what do I mean by secure password? Well, that would be a minimum of 12 characters, uppercase, lowercase, alpha numeric and special value. And here’s why, just look at these brute force statistics.
To assist with this, I highly recommend the use of a Password Manager such as Keepass, Lastpass or 1Password. These are digital vault applications which not only securely store your login credentials but can also generate secure password strings at the click of a button. Now yes, this would mean that all passwords are contained within the one application but again set a secure password and enable 2FA to maximise secure access. The simplicity of password managers makes it easy to copy and paste secure password strings from the application straight into the relevant destination. This negates the need to write down password values or email them in cleartext which poses a risk of theft and compromise.
Action point – Get a password manager and generate secure strings for all online accounts
3) Two Factor Authentication (2FA)
Now, even if you have a dedicated email account and a secure password, your assets are still not as safe as they can be as username/password pair on its own is not a strong authentication mechanism. This is where #2FA comes into play which is an additional form of authentication alongside your username/password value. Of course, this is by no means a deep dive into 2FA as the blog would be 50+ pages longs but just know that when 2FA is enabled, both forms of authentication are required successful before access is granted. This way, if an attacker did gain knowledge of your login credentials, they would still be unable to access your assets.
Here are some of the more common two factor authentication apps.
· Google Authenticator
· Microsoft Authenticator
Each of these are very simple to setup and use and are easily accessible on a mobile device providing a time-based string of digits for 2FA authentication.
For a more secure 2FA mechanism we recommend using a hardware-based device such as YubiKey over a mobile app due to way the secret keys are stored and handled.
Please stay away from SMS based two factor authentications as this is inherently weak and susceptible to SIM swap attacks. If SMS is the only option available, then yes make use of it as it’s still more secure that a single username/password combination. But, if other 2FA options are available then don’t opt for the easy way out with SMS..
Action point – Enable 2FA across all online accounts
4) Storing Crypto Assets
Ultimately, there is no best place as storage options have their own risk/reward factors which are different for each person and need to be evaluated.
When it comes to security however, the most secure place to store crypto assets is with a hardware wallet such as Ledger or Nano. You connect the hardware device via either Bluetooth of physical USB connection to a host whenever you make crypto related transactions. Hardware wallets are what we call “offline storage” which means that the private keys are securely stored on the physical device and never transferred across to an online connected host, they’re only ever read. This means that if an attacker did gain access to your host, they would still be unable to retrieve your private keys.
Here are some risks associated with using a hardware wallet:
· Can be difficult to understand and use.
· You are responsible for the physical security of both the wallet and recovery phrase.
· Access to the device is required to make transactions
Here are some pros with using a hardware wallet:
· You own the private keys
· Offline storage
· Encrypted PIN prevents against brute force access
Making use of a centralised or decentralised exchange to store your crypto assets is another option and again have their own risk/reward structure. Exchanges do get hacked; this is becoming a more common event and, in such cases, would still result in your crypto assets being stolen even if you had 2FA enabled.
Here are some risks associated with using an exchange:
· You don’t own the private keys, “not your keys not your crypto”
· You’re putting your trust in the cyber security capabilities of the exchange in question
· They can freeze your crypto assets at any time
Here are some pros associated with using an exchange:
· Very simple to use with 24/7 customer service available
· Rewards available such as staking, yield farming and lending
· Limited insurance offered protecting you against fraudulent transactions
I would always recommend a hybrid approach when it comes to storing your crypto assets. Personally, I utilise a hardware wallet for long term holdings and multiple different exchange accounts for shorter term holdings providing resilience and continuity.
Action point – Way up the risks/rewards for each storage option and set your own standard
5) Emergency Access
OK so you’re now in a good position with a dedicated email account, secure password, two factor authentication and a hybrid approach for asset storage so you’re looking good security wise. What would happen in the event of your unexpected death? How would your loved ones gain access to your accounts to recover or take over support of the crypto assets?
This is a scenario that many people fail to think of so you should look to have some sort of trusted authority and detailed instructions to cover this unfortunate event. Again, this is something that will likely be different for each individual but could be as simple as storing all important information on an encrypted USB device with shared access to your trusted authority.
The more you can do to prevent unauthorised access to your crypto accounts the better. Once your assets are gone, they’re gone, and it will be difficult if not impossible to get them back after fraudulent activity. Stay safe, keep yourself and your assets protected…
In future blogs we’ll dive into some of the more common Scams around the crypto space..