If the rumors about Facebook creating a new stablecoin are true, then in my humble opinion it’s time for average people to start learning how to use cryptocurrency responsibly. Electronic platforms like WePay and Alipay are already startlingly widespread in China. It now seems inevitable the trend of using electronic cash will come to the rest of the world soon and it looks certain cryptocurrencies will fill this niche. However, if you’re new to the world of cryptocurrency like me, you might be very concerned about sensational news stories detailing the hacking of cryptocurrency exchanges and the millions of dollars of Bitcoin disappearing from either exchanges or investor accounts.
If you’re thinking to yourself, ‘How can I start using this new form of electronic money without losing, or getting my hard earned cash stolen,’ than this article is definitely for you.
The potential problems with exchanges
If we want to learn how best to keep our cryptocurrency safe, then the first step is to understand how investors have lost their coins to theft or fraud or misplacement. Cryptocurrency has only officially been around since 2009, but we already have some examples that should help us better understand how to protect our investments.
Mt. Gox – April 2014 – At its peak, Mt. Gox handled approximately 70% of all bitcoin transactions, world-wide. In 2014, 850,000 coins representing more than $450 million at the time, either disappeared or were stolen. Although, according to Wikipedia, exactly how the coins were stolen or lost are still unclear, what is known is the coins were taken from Mt. Gox’s hot wallet, over a period of time.
Quadriga CX – December 2018 – Gerald Cotton, the Canadian founder of Quadriga, suddenly died, 9 December in India from complications related to Crohn’s disease. Approximately C$180 million was apparently lost because it’s believed – although no one is completely certain – the funds were held in a cold storage wallet only accessible by the company founder. Adding to the mystery, Quadriga was having liquidity problems as far back as January 2018, which has led to a number of conspiracy theories concerning the disappearance of the funds. – BBC News
Binanace – May, 2019 – Binance was hacked and lost 7000 bitcoins, representing $40 million. Luckily, individual wallets and Binance’s cold storage wallet, which held the majority of funds, was not hacked. “The hackers used multiple techniques, including phishing attacks and computer viruses to get at Binance and its hot wallets, where it keeps funds to manage the day-to-day operation of the exchange.” – Decrypt
These examples clearly illustrate hackers are attracted to hot wallets on cryptocurrency exchanges. Cryptocurrency exchanges are great targets because there are lots of coins and private keys concentrated in one place. Exchanges are also constantly connected to the internet, and therefore theoretically vulnerable to hacking. The Quadriga case adds another wrinkle to the problem of keeping your crypto safe – even if funds are stored in a cold wallet controlled by the currency exchange, what what happens if the people holding the crypto-keys suffer from accidental or untimely death?
To eliminate the chance of having your money stolen from a cryptocurrency exchange account or lost due to missing private keys, it’s clear you should move your coins to a device where you control the private key.
Understanding public and private keys
Every wallet has two kinds of keys. One is your public key. This is the ‘address’ you can email to people or the QR code in your wallet app that you can show to other people so you can receive cryptocurrency into your wallet. Your public key does not allow people to withdraw currency from your wallet. If you want to send cryptocurrency to someone else, they will have to send you their own public key or let you scan their QR code.
The second key is your private key. Your private key is created when you first set up your wallet and create a recovery phrase. A recovery phrase is a series of 12–24 words that you will need to choose when you first install a wallet and set up your account. This pneumonic phrase must be used to recover your account in case you lose your device. Never save your recovery phrase electronically. Write this phrase down on paper and keep it somewhere safe. If your device is lost, stolen or destroyed, you can simply download a wallet app to another smartphone, enter the recovery phrase and you will instantly have access to your funds again.
However, there are downsides to handling your own private key. If you lose your recovery phrase and your phone, there is no way to recover your funds. If someone else gets access to your private key, there’s no way to stop them from setting up a wallet and using your recovery phrase to access your money. So protect your recovery phrase and don’t forget to update your will with instructions for your executor and beneficiaries detailing where to find and how to use your recovery phrase.
Should you be scared of buying cryptocurrency?
I don’t think so. Until six years ago I operated a fin-tech company that combined customer financial data with securities prices to create online accessible financial analysis reports. Sometimes new customer would ask if I thought it was risky to have investor data stored in ‘the cloud’, I would always reply – “Nothing is 100% safe, but our platform is safer than the paper files you have in your office.”
Similar to online stock trading accounts, cryptocurrency exchanges use a combination of security protocols and procedures to keep customer investments safe. Never-the-less, as we can see from the examples above, funds kept permanently in a currency exchange wallet are always at some level of risk because the private keys to your account are stored with the exchange. As mentioned previously, a lot of private keys in one place makes a tempting target for thieves. If hackers can get their hands on these private keys, your account is vulnerable and if coins are stolen, it may be impossible for you to get them back.
Although the risk of having your money stolen from your online account is probably very low, experts suggest never leaving a significant amount of money in your online trading account.
Some basic rules to keep your cryptocurrency safe
Rule number 1 – If you aren’t actually trading your cryptocurrency, get in the habit of moving your money to a wallet in which you control the private keys.
How do you know if you control the private keys? Simple – did you set up a 12 or 24 word recovery phrase? If you did, you control the private key to that wallet. If you didn’t, someone else controls the private key to your wallet.
Rule number 2 – Don’t store coins on your PC. A windows PC is considerably easier to infect with a virus than a smartphone operating system.
A smartphone operating system is simpler than a PC operating system. This leaves less opportunities for hackers to get into your phone. Generally speaking, the simpler the system, the less opportunities there are for a hacker to exploit. – Andreas Antonopoulos
Rule number 3 – If you don’t need to access your currency for trading, store your coins offline in cold storage.
A cold storage (or cold wallet) is a device for storing cryptocurrency that is disconnected from the internet. If your device is disconnected from the internet, it cannot be hacked.
An old smartphone, with your private key installed, disconnected from the internet or at least turned off, might be a simple, cheap choice if you have an old phone hanging around but some argue this might not be the most secure option.
Click here to learn more: Smartphone security for cryptocurrency.
For even more security, consider buying a dedicated cold storage wallet like Trezor or Ledger. These special thumb-drive-like devices are created specially for cold-storage of cryptocurrency. Some experts I’ve read suggest you should buy the product new from the manufacturer because used devices may have been altered by hackers before being re-sold to unsuspecting customers. Like a software wallet, if your cold storage device is lost or destroyed, you can still recover your funds as long as you still have the recovery phrase you set the device up with.
Use common sense when handling cryptocurrency
Hot wallets, cold wallets, online, offline – it all sounds like a lot of information and you might be confused about how much security is right for you. So let’s go over a list of common sense suggestions we can use and modify to suit your personal financial situation.
1. If you aren’t actively trading funds, how much money should you keep in your online account? Probably none. When you’re finished trading for the day, transfer your funds offline to a device where you control the private key.
2. For day-to-day purchases, only keep as much money in a hot wallet as you would keep in your real wallet. If you’re not comfortable carrying around more than a couple hundred dollars of fiat currency in a real wallet, why would you carry more cryptocurrency around in your hot wallet?
3. Would you leave thousands of dollars in cash lying around your house? You’d probably put it in a home safe, right? The bulk of your cryptocurrency should be kept on a smartphone in cold storage (disconnected from the internet).
4. How about tens of thousands of dollars in gold coins? Would you be OK with all of it in your home safe? Maybe it would be better if you stored it in a safety deposit box. If you have enough cryptocurrency that losing it would lead to your financial ruin, then I highly suggest you consider investing in at least one dedicated cold storage device and then store the device(s) in either a fire-proof safe at home or for even more security, in a safety deposit box.
According to the experts, if you handle cryptocurrency responsibly, it’s easily as safe as handling cash. Can you lose cryptocurrency by accident? Sure, but I’m guessing most people have lost or dropped cash on the street by accident. Can your cryptocurrency get stolen? It can, but cash gets stolen every day, both on the street and in scams like Bernie Madoff’s massive pyramid scheme. Just like handling cash, you have to be careful and thoughtful about how you handle your cryptocurrency. If you treat it as carefully as you do fiat cash and use a little common sense, you should have little trouble protecting yourself from online thieves or accidental loss.
If you found this article useful, let people know about it in the comments below or reach out anytime at blockchainin.asia
If you want to take a look at some of the other pieces I’ve written about cryptocurrency and blockchain, head over to my profile.