Don’t touch crypto until you read this security guide

Updated on

As cryptocurrencies become more and more mainstream… so do the stories of people losing lots of money in cryptos.

Just consider the story about a crypto novice who had US$100,000 worth of crypto assets stolen. These assets were stored on a hot wallet (a wallet connected to the internet) on his laptop. So what happened? He used his laptop in a restaurant on an unsecure public Wi-Fi network… and hackers gained access to his wallet. The next thing he knew, his hot wallet was empty, and his cryptos were gone – for good.

We also recently saw a website that supposedly allowed you to claim Bitcoin Gold (one of the forks from bitcoin). Once people put in their Bitcoin seeds (a string of words to access your bitcoin wallet) to check how much Bitcoin Gold they were supposedly allowed to get, some guys went around and used the seeds to access the Bitcoin wallets and empty them.

They took over US$3 million.

Get The Timeless Reading eBook in PDF

Get the entire 10-part series on Timeless Reading in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues.

(Never – ever – give your bitcoin seed/private keys/passwords to someone else, unless you want to give them total and complete access to your wallet.)

The common theme between these two stories is security – or lack thereof.

Everything in the crypto space revolves around security

Before you start buying, storing and moving cryptos, it’s vital that you understand one thing: It is 100 percent your responsibility to store your crypto assets securely. And your crypto assets are only as safe as your computer and general internet security practices.

This will be a different way of thinking for most investors… You see, we take far too much for granted now when it comes to our digital financial wealth.

If our credit card gets hacked, we just assume that the credit card company will foot the bill.

Our bank deposits? Well, it doesn’t matter if the bank is creditworthy or not because (in the U.S.) the U.S. Federal Deposit Insurance Corporation (FDIC) will cover US$250,000 worth of traditional bank deposits with any FDIC bank. And it’s the same story in most other markets.

After the global economic crisis, there is a prevailing assumption that the government will just bail us out if anything goes wrong. The onus of responsibility has shifted away from us as individuals to the government and financial institutions.

But when it comes to crypto assets, make no mistake – the responsibility is well and truly yours. There are very few safety nets – if any. And the safety nets that do exist are the ones that you are responsible for setting up yourself!

That’s why you need to make sure you’re always following four safety measures when dealing with cryptos.

Safety measure #1: Antivirus software

Having up-to-date antivirus software installed on your internet devices is just common sense.

It’s a basic preventative measure for everything you do online.

And keep in mind, antivirus software isn’t a magic bullet. It’s like wearing a seatbelt. If you drive like a drunken maniac, then you’re still likely to crash. The seatbelt will help, but it can’t do much for speeding and drunk driving. So even if you have antivirus software, you still need to practice common sense on the internet.

Safety measure #2: Stop using the same password everywhere!

I have well over a hundred different usernames and passwords for all my online activities… everything from my banking accounts to my newsletter subscription portals to brokerage and social media accounts… it’s endless.

But there is a temptation to use the same (or very similar) passwords for numerous different accounts. This is a disastrously bad idea, regardless of how strong the password is.

Everyone knows this, but most people still do it anyway.

Getting into the crypto asset space will require new crypto exchange accounts and wallets, and of course plenty of new passwords to go with these accounts.

And instead of using short, obvious passwords – try longer ones. Show a few examples here

Safety measure #3: Use Two-Factor Authentication

When you create an account with a crypto exchange, the login details you need to get into your account are usually:

  • Your email address (or a username)
  • Your password

You’ll also need to verify your identity with the exchange, providing I.D. copies, proof of address, and maybe your bank details as you proceed with the rest of the account set up.

Once the account is approved, you’ll fund it, and start buying cryptocurrencies.

Great, right? Wrong.

You have a glaring point of failure. Your account and everything in it (including your personal information, address, etc.) is just protected by a single password. This is a recipe for disaster.

But there’s a very easy fix, and it’s called Two-Factor Authentication (2FA).

2FA is a second layer of security above and beyond your username and password.

All exchanges, in their user security or user profile settings, allow you to add 2FA. Some insist on it.

And 2FA isn’t just used for logging into your exchange account. On an exchange by exchange basis, you can select 2FA to be used for withdrawals from your account as well, providing an extra layer of security.

The three most common ways to add 2FA protection to your exchange account are through text message verification*, email verification, or a 2FA application like Google Authenticator or Authy.

This might seem like a hassle – but it’s absolutely critical to protecting your assets.

(*Please note though, simple SMS text message verification is now a vulnerability. Because of so many waves of identity information hacks (I.e. Equifax), hackers are stealing identities, and then hijacking mobile phone numbers by calling the individuals cell carrier and switching them to another service provider (using the same mobile number) for example. Once a hacker has your SMS’s re-routed to him, he can leverage that for 2FA access to your accounts. You should no longer assume that SMS 2FA is secure.)

These are just some of the basic security measures we think you should be aware of. We outline more in our Security Briefing that comes with a subscription to Crypto Capital.

Leave a Comment