The decentralized model of cryptocurrency largely transfers power to users, and this is essentially why many users are drawn to it. However, with that power comes the responsibility of maintaining the privacy of your security keys. Effectively, by having complete ownership of your funds, you become solely responsible for the security of your funds. In this article, we will examine various best practices for practical user security.
Cryptocurrency users are susceptible to being targeted by hackers
As a digital asset, cryptocurrency has intrinsic value and can be stolen and diverted to new owners instantly and irrevocably. This creates a massive incentive for hackers to target users who do not take their security seriously.
In 2020, research data revealed that global cryptocurrency losses due to hacking exceeded US3.8 billion. Most of these losses were incurred by trading platforms, wallet service providers, and related enterprises. Due to the undeniable high risk of security threats and breaches, cryptocurrency trading platforms and wallet service providers are investing more in cybersecurity. The security systems they procure are like those used in traditional centralized financial institutions that come with complex and layered security features. As the security levels at the institutional level get harder to penetrate, individual users are gradually becoming the target of hackers.
10 Best Security Practices for Cryptocurrency Users
1. Change your perception of cybersecurity
One fact that has existed for ages is that we are undoubtedly paying fees for the security of our funds in our bank account (though “security fees” will never appear on bank statements). Unlike traditional centralized banking financial institutions, decentralized systems such as cryptocurrencies transfer the control and responsibility of security to individual users.
With cryptocurrency, even when we might be excited to complete our first cryptocurrency transaction, we should not forget that there are no longer any security service providers similar to what banks have, and there may not even be enough regulations to provide any protection (depending on the national or regional regulatory regulations in which the holder is located). Therefore, it is recommended for cryptocurrency users to have crucial security practices in place such as buying simple and easy-to-use hardware security devices, mastering security protocols, and implementing security best practices recommended in this article.
2. Choose a trusted trading platform with reliable security incident compensation or insurance mechanism.
The most apparent risk faced by cryptocurrency holders is the theft of coins. Assuming most individual users hold coins on cryptocurrency trading platforms, choosing a trusted platform is undoubted of the utmost importance.
Presently, there is no benchmark for international security standards or third-party agency ratings for trading platforms in the cryptocurrency industry. Therefore, it is necessary to properly understand the security mechanism of a platform before registration such as the company’s current security investment. Also, it is important to check if there is any user account security insurance or some form of guaranteed compensation for security breaches.
3. It is not enough to be well-informed on anti-phishing practices and scams, you need to complete a safety test.
As a cryptocurrency holder, you should be familiar with basic user security risks. Among them, phishing is the most common. To avoid being viewed as a “fish” in the eyes of perpetrators, you should be equipped with the knowledge about common “baiting-the-hook” techniques.
One example would be when you receive a phishing email, and the URL that invites you to click is a fake domain name that is similar to a trusted one e.g. www.goog1e.com (note that it is not www.google.com). It could even be a clone website of a commonly used trading platform. According to data, around 75% of organizations around the world experienced some kind of phishing attack in 2020. If your email has been compromised, or if you previously had an account that was compromised, then phishing emails will be carefully designed to target you. 96% of phishing attacks come from email, according to statistics.
How do you prevent this?
A reliable method for crypto holders is to complete an anti-phishing security test. The Google online test is a good benchmark and you can take the test here. It comprises a total of 8 questions and requires just 10 minutes of your time. Didn’t manage to score full marks? That just means that you need to increase your security awareness and try again. Many large companies also use this to test employees’ security awareness and corporate security status.
Sending gifts or bonuses through fake official social media channels, posing as customer support personnel or cloning social accounts of trading platform CEOs are other common methods of phishing.
4. Use of 2-Factor Authentication (2FA)
The good news is that most cryptocurrency trading platforms or wallet service providers will require users to use two-factor authentication, such as Google Authenticator; but the downside is that there will always be users who dislike the hassle of using these tools.
Taking the time to understand the principles of the 2FA security mechanism will allow us to understand the correct usage of a 2FA. 2FA is an additional layer of security used to ensure that only legitimate owners can access their accounts. This “extra” layer means that in addition to some things you know (password, PIN, etc.), security verification will also verify the second layer (two-factor). This two-factor can be something you own such as the Google Authenticator app installed on a mobile phone that you carry, a one-time password sent to your mobile phone via SMS or hardware tokens. These features are used on top of your existing mobile security features (such as fingerprints, iris and/or facial scanners, etc.).
When we install Google Authenticator directly on the computer, every time we copy the verification code instead of using the smartphone app, we give up an extra layer of protection. It is very likely that once a hacker (remote) or a person who has physical access to your computer and gains access, your existing layers of protection will be penetrated.
At Bybit, users can bind an account with Google Authenticator. The best time to bind your Google Authenticator is immediately after your first login to the Bybit account.
Read here on how to bind your Bybit account to Google Authenticator.
5. Strong passwords independent of other Internet accounts
It is always the most economical choice for a hacker to try to hack with the target cryptocurrency account by using a user’s compromised account and password. Knowing this, a savvy cryptocurrency holder will have the following preventive measures in place.
First, register a new email account for the cryptocurrency platform, to circumvent any previous digital footprint that would allow hackers to successfully hack or clone your account. Secondly, do not use weak or common passwords.
A report from CipherTrace, a blockchain certificate company, shows that 65% of the Know-Your-Clients verification (KYC) processes in the world’s top 120 cryptocurrency trading platforms are weak. This means that once your crypto account password has been cracked, the hacker could easily obtain your crypto assets on the trading platform and transfer the assets to their wallet address thus leaving little to no chance of retrieving the assets.
6. Dividing assets in 70-20-10 ratio to diversify risks
In addition to trading on platforms using your accounts and cryptocurrencies, it is common for traders to store crypto assets offline like one would with cash in a safe. Personal crypto assets, whether stored in hard wallets, physical storage, desktop wallets or mobile APP wallets, are recommended to be allocated to cold, warm and hot wallets in the ratio of 70%, 20%, and 10% of assets depending on an individual needs and preferences.
Would you carry your entire net worth around in your wallet?
Most people would consider that reckless, yet cryptocurrency users often keep all their cryptocurrency in a single wallet. Instead, users should spread the risk among multiple and diverse cryptocurrency wallets. Prudent users will keep only a small fraction, perhaps less than 5%, of their cryptocurrency in an online or mobile wallet as “pocket change.” The rest should be split between a few different storage mechanisms, such as a desktop wallet and offline (cold storage).
7. Use a physical wallet that represents future trends
Because most users are far more comfortable with physical security than digital security, a very effective method for protecting cryptocurrency is to convert them into physical form. Cryptocurrency keys are nothing more than long numbers. This means that they can be stored in a physical form, such as printed on paper or etched on a metal coin. Securing the keys then becomes as simple as physically securing the printed copy of the cryptocurrency keys. A set of cryptocurrency keys that are printed on paper is called a “paper wallet,” and there are many free tools that can be used to create them. I keep the vast majority of my cryptocurrency (99% or more) stored on paper wallets, encrypted with BIP-38, with multiple copies locked in safes. Keeping cryptocurrency offline is called cold storage and it is one of the most effective security techniques. A cold storage system is one where the keys are generated on an offline system (one never connected to the internet) and stored offline either on paper or on a physical device, such as a USB memory stick.
In the long term, cryptocurrency security will increasingly take the form of hardware tamper-proof wallets. Unlike a smartphone or desktop computer, a cryptocurrency hardware wallet has just one purpose: to hold cryptocurrency securely. Without general-purpose software to compromise and with a limited interface, hardware wallets can deliver an almost foolproof level of security to non-expert users. I expect to see hardware wallets become the predominant method of cryptocurrency storage.
8. Balance the risk of excessively complex protection to prevent asset loss
Complexity is the enemy of security, especially for the average individual user. The main risk addressed the many security measures mentioned above is the prevention of stolen crypto assets, whether stolen on a trading platform or stolen physically – although, overly complicated security measures could pose greater risks
Although most users are rightly concerned about cryptocurrency theft, there is an even bigger risk. Data files get lost all the time. If they contain cryptocurrency, the loss is much more painful. In the effort to secure their cryptocurrency wallets, users must be very careful not to go too far and end up losing the cryptocurrency. In July 2011, a well-known cryptocurrency awareness and education project lost almost 7,000 cryptocurrencies. In their effort to prevent theft, the owners had implemented a complex series of encrypted backups. In the end, they accidentally lost the encryption keys, making the backups worthless and losing a fortune. Just like hiding money by burying it in the desert, if you secure your cryptocurrency too well, you might not be able to find it again.
One important security consideration that is often overlooked is mortality, especially in the context of incapacity or death of the key holder. Cryptocurrency users are told to use complex passwords and keep their keys secure and private, not sharing them with anyone. Unfortunately, that practice makes it almost impossible for the user’s family to recover any funds if the user is not available to unlock them. In most cases, the families of cryptocurrency users might be completely unaware of the existence of the cryptocurrency funds. If you have a lot of cryptocurrencies, you should consider sharing access details with a trusted relative or lawyer. A more complex survival scheme can be set up with multi-signature access and estate planning through a lawyer specializing in “digital asset execution.”
9. Personal Data Protection and cryptocurrency-related privacy issues
Individuals own their data and cryptocurrency assets.
Personal data protection is a sensitive subject. A single trace can identify and associate your personal information (PII) in the encrypted world to your cryptocurrencies. For example, your online usernames/ID on crypto community forums, your IP address, and smartphone device information, personal infor trading platforms or even if you inadvertently mention on social media the type and quantities of crypto you own. Information about you being the owner of a particular wallet address, the crypto service provider (trading platform or wallet) you use, and even your attendance at a private cryptocurrency conference, etc. All these personal data could be easily obtained by unscrupulous individuals who are looking for easy targets.
Protecting your privacy is part of protecting the security of your cryptocurrency assets but it is also the only way you can avoid the conflict between the encrypted virtual world and the real world.
10. Living in the cryptocurrency world, you will need a security expert friend
“My deposit went to someone’s else address.”
“The customer support of the trading platform said that I was caught in a clipboard hijacking malware, and I will need to immediately use anti-virus software and check the browser plugin.”
“What exactly is a clipboard hijacking malware and what should I do?”
Users in the digital world also face problems similar to those in the real world, especially when it is related to security issues. They have so many questions with no answers and nobody to turn to. Perhaps, having a security expert friend in your daily life would make things a lot less complex.
According to Statista, the number of blockchain wallet users as of April 2021 stands at over 71 million. Cryptocurrency is a completely new, unprecedented, and complex technology. Over time we will develop better security tools and practices that are easier to use by non-experts. For now, cryptocurrency users can use many of the tips discussed here to enjoy a secure and trouble-free cryptocurrency experience.