As an investment vehicle, cryptocurrency has made a lot of progress since its early days. From being the niche, underground experiment favored by cypherpunks and dark web aficionados that crypto once was, it’s become a global phenomenon embraced by vast and powerful organizations, including Facebook, JPMorgan and even the Estonian government.
But despite this progress, crypto still maintains some vestiges of the bad old days. Namely, the humming threat of malicious actors who seek to exploit weaknesses in cybersecurity to steal digital currencies.
Seth Klarman: Investors Can No Longer Rely On Mean Reversion
"For most of the last century," Seth Klarman noted in his second-quarter letter to Baupost's investors, "a reasonable approach to assessing a company's future prospects was to expect mean reversion." He went on to explain that fluctuations in business performance were largely cyclical, and investors could profit from this buying low and selling high. Also Read More
Most recently, a hacker team compromised Twitter, hijacking several of the most high-profile accounts on the platform, including Bill Gates, Elon Musk, Michael Bloomberg, Warren Buffett and Barack Obama, asking followers to transfer funds their way via Bitcoin. The official Twitter accounts of several leading coins, publications and exchanges, such as Ripple, CoinDesk, Gemini, Bitfinex, Binance and Coinbase, were also involved.
Although this level of “social engineering” attack is unusual, exchange hacks are still all too common in the crypto space. It’s tempting to think of those who orchestrate breaches of crypto exchanges and crypto users as being lone wolves lining their own pockets.
The fact is that more often than not, they’re operating as part of crime syndicates, with sophisticated hive minds that are always finding new ways to breach defenses. Israeli cybersecurity firm ClearSky estimates that one such group managed to rake in over $200 million, via a series of breaches, over the course of two years.
Earlier this year, Chainalysis published a report detailing how the infamous cybercrime syndicate Lazarus, with links to the North Korean government, was becoming more sophisticated in its attempts to compromise exchanges. The report details how, last year, members of the Lazarus group staged an elaborate phishing scam involving setting up a fake company to lift over $7 million from Singaporean exchange DragonEx.
So what can a smart investor do to avoid losing funds to hackers, either on or off an exchange? Here are a few tips that can help make you less vulnerable to cyberattacks.
1. Choose a Reputable Vehicle for Buying Cryptocurrency
At the first stage, when you’re actually acquiring coins, make sure you’re using a reputable and established company that you can trust with your money. In the same way that you wouldn’t store your hard-earned fiat funds with some shady offshore company purporting to be a bank, you should do the same level of due diligence when buying cryptocurrency.
Skrill is a great place to start your journey into crypto. The company has been established as a payments provider since 2001 and is now part of the Paysafe Group. Particularly for newcomers to crypto, Skrill offers a safe pair of hands. It provides custodial services, so users don’t have to worry about using their own wallets, and the entire cryptocurrency service is embedded into Skrill’s clean and intuitive user interface. It takes only a few moments to open an account, and users can buy, sell, or exchange a range of cryptocurrencies, including Bitcoin, Ethereum and Litecoin, along with other altcoins.
There are also options to set up recurring orders with price limits to help you set up a passive investing strategy, for those who want to buy regularly on an automated basis.
Skrill also offers users a two-factor authentication feature, so you can verify your identity via a freshly randomized code sent to your phone every time you log in. Features like this help to keep your account safer against malware that uses keystroke logging, for example, which could crack your password.
2. Use a Reliable Storage Wallet
If you choose to use a cryptocurrency exchange that doesn’t offer the same level of secure custodianship as a service like Skrill, then using a secure storage wallet is always advisable. These can be either a hot wallet, meaning your funds are stored online, or a cold wallet, meaning your funds are stored on a hardware device.
Exchange firms such as Coinbase offer their own versions of a wallet app that can be installed on your phone. You’re provided with a seed phrase, a unique string of words or numbers that serve as your own private key to the wallet. If you lose or forget your main password, the seed phrase can be used to back up your wallet.
Similarly, a hardware wallet such as a Ledger or Trezor device will also provide you with a seed phrase.
Your seed phrase and passwords are the keys to your crypto funds, so if someone is asking you for them, alarm bells should be ringing. This leads to the final tip regarding keeping your cryptocurrency safe – implementing good cybersecurity practices.
3. Implement Sound Cybersecurity Practices
This last tip could be an article by itself because there are plenty of methods hackers and scammers use to try and access your funds, whether you’re investing in Bitcoin, stocks listed in NYSE or buying groceries online. However, there are also many ways to foil their attempts. As mentioned previously, using two-factor authentication on all your accounts is good practice, as it means there’s a second layer of protection.
If using a wallet and a seed phrase, write down the seed phrase somewhere offline where nobody can access it. Never write your seed phrase in an email or in documents stored on the same device where your wallet is kept. Attackers will install malware designed to scrape your files for anything that looks like a private key, so keeping it offline is safer.
Always be wary of anyone asking for your passwords or private keys, and never give them out to anyone, whether in person or online. Once someone has your seed phrase, they effectively have your crypto.
Finally, practice good housekeeping and password security on your devices. Use a malware detector such as MalwareBytes that will seek out programs designed to log your keystrokes, install ransomware, or worse. Don’t recycle passwords or use ones that are obvious and easy to guess.
Keep Your Coins Safe
The long and short of it is that you should always be mindful that someone could be out to steal your cryptocurrency. The best options are to make sure it's secure with a custodial provider you can trust, or with a wallet that only you can access. Only then can you be assured that your cryptos are safe from thieving hands.