Exposing any information to an online network creates vulnerabilities that can be exploited by hackers. In this unsure environment, where hacks are starting to be viewed as an increasingly difficult problem, cryptocurrency holders must know how to secure their digital assets
One of the biggest unique selling points of cryptocurrencies, as it stands, is their high-levels of security and their natural resistance to hacking attempts. Despite this reputation for security, institutions that are responsible for handling cryptocurrencies are generally less successful in their efforts to secure their network. This has led to a number of highly-publicized and incredibly damaging hacks being levied against both cryptocurrency exchanges and wallet providers across the world.
In this unsure marketplace, where hacks are starting to be viewed as an increasingly difficult problem, cryptocurrency holders need to be able to take responsibility for their cryptos. This is in addition to the responsibility that the exchanges and wallet providers have to the customer. As a result, it is more important now than ever to ensure that you are fully aware of how to keep your cryptocurrencies safe before you go crazy on various wallets and exchanges.
The Biggest Crypto Wallet Hacks In History
Coincheck is a provider of both cryptocurrency wallet and exchange services. The company was established in Tokyo, Japan during August 2014 by co-founders Yusuke Otsuka and Koichiro Wada. Since its founding, the company has gone from strength to strength, with Coincheck eventually being the subject of an acquisition by Monex Group, for the value of $34 Million.
Despite the relative success of the company, it has not always been smooth sailing for the Japanese exchange. In January 2018, the company was the subject of an attack by malicious actors. The hackers made off with over $500 Million worth of digital tokens, making this not only one of the biggest crypto hacks to date, but also one of the biggest heists to date. Not much information has been provided on how the attackers managed to breach the exchange’s security, although they have confirmed that it was not an inside job.
There is speculation that the exchange was hacked due to their use of “hot-wallets”, which are cryptocurrency wallets that are connected to an external network. These are more vulnerable to hacking than the disconnected cold-wallets.
Binance is one of the most recognizable names in the cryptocurrency sector, regularly being considered as the largest cryptocurrency exchange in terms of the trading volume. The exchange was founded in 2017, by co-founders Yi He and Changpeng Zhao. The fact that Binance has appeared in this article shows that even the biggest players in cryptocurrency can fall victim to a hack.
In May 2019, it was reported that hackers had targeted the multi-national exchange, making off with around 7,000 Bitcoin, which at the time was worth over $40 Million. What was even more concerning, was that the hackers drained the funds from the exchange in a single transaction. The company treated this as a large scale security breach and immediately began investigating the hack.
Upon investigation, it was discovered that the hackers used a variety of methods to collect a large amount of personal information to facilitate the hack. Thankfully, the hack was limited to Binance’s “hot-wallet”, which only holds 2% of the exchange’s Bitcoin holdings. According to Binance, other wallets were not compromised and the damage would be limited through their Secure Asset Fund For Users, which is an emergency insurance fund.
Bitpoint is a Japan-based cryptocurrency exchange, that is owned by the parent company Remixpoint inc. Japan’s tolerance to cryptocurrencies extends to their changes of legislation and to the fact that all Japanese cryptocurrency exchanges need to be registered with the relevant authorities. Due to Bitpoint’s inclusion on this list, it can be concluded that just because an exchange is legal and registered, does not mean it is completely safe.
On the 12th of July 2019, Bitpoint suspended their services after noticing an issue with their payment systems, with the company later releasing a statement, revealing that $32 Million in cryptocurrency had been stolen from the platform. The exchange was able to locate some of the missing funds, although nobody has been brought to any form of justice for the crime.
The reason for the breach was listed as the unauthorized access to private keys of the exchange’s hot wallet. In the wake of the news, the company stock had devalued by 19% and even stopped trading altogether at one stage. This was due to mass sell-offs in the wake of the hack. The exchange later offered to pay the 50,000 affected customers in cryptocurrency to the value of their losses.
How To Protect Your Cryptos:
Keep Your Private Key Offline:
As has been mentioned previously, exposing any information to an online network creates vulnerabilities that can be exploited by hackers; this is also true to your private keys for your crypto wallet. Your private key should be stored offline and kept in a secure location, such as a safe, or some other location which only you are privy to.
Select a Wallet That Has Effective Security Measures:
The reality is, depending on what type of cryptocurrency wallet you use, your information and your keys will be more or less secure. If you are looking for maximum security, then it may be better for you to use a hardware wallet. Hardware wallets are offline devices and as such are invulnerable to attacks by hackers.
Do Not Use Public Wifi:
If you are utilizing a cryptocurrency wallet on your mobile device, then you need to be incredibly careful and selective about the environments in which you go online. If you are using public wifi, your device has a much higher likelihood of being compromised. You should try to limit your internet usage to private, secure networks to protect your cryptocurrencies.
As a crypto user, a private key is what stands between you and your cryptocurrencies. It is the PIN that gives you access to your bank account. It allows access to your cryptocurrencies, enabling you to send and receive crypto coins to anyone across the globe.
Over the years, many people have either lost or misplaced their private keys resulting in costly losses with no recourse. For example,James Howells lost his Bitcoin private keys, and it cost him 7,500 Bitcoins (now worth millions of dollars). This is the kind of nightmare that haunts many crypto investors.
However, there is a solution. Using seed-phrase securityenables you torecover your funds in case you lose your private key.In this post, we define private keys, seed phrase-security, and the best ways to secure sensitive information.
What is a private key?
A private key is a series of alphanumeric characters that give you access and total control over your cryptocurrencies. A private key is used to sign transactions to allow you to spend and send your crypto coins to anyone in the world. The security make-up of the private key helps to secure your digital coins from unauthorized access and theft.
It is important that you keep your private key safe. If you lose your private key or it falls into the wrong hands it is the end of your funds. Without your private key, there is no way of accessing your digital coins. You can’t spend, withdraw, or transfer your cryptocurrencies
There are a number of ways you can securely store your private keys. You can store your private keys on paper wallets or a hardware wallet. You can also store your private keys on mobile wallets, desktop wallets, or web-based wallets.
What is a seed phrase?
The seed phrase is a list of random words (12 or 18 or 24 in number) used to recover your funds in case you lose your wallet’s password or the device where your wallet is installed. It also comes in handy when your wallet is not functional.
The seed phrase is also called recovery key, seed key, and recovery seed.
A seed phrase is usually generated when setting up yourcrypto wallet. Therefore, it is important you don’t skip this step. Backup systems always come in handy when looking to salvage a dire situation.
Once you have access to your seed phrase, taking a pen and a paper and physically writing it down is the next best step. Memorizing the phrase is not a viable option. Also, never store your seed phrase on platforms that can easily be hacked like Evernote or iOS Notes.
Just like your private key, your seed phrase can give anyone who has it access and control over your funds. That said, your seed-phrase security is as important as private key security. So, how do you keep them safe?
How to secure a seed phrase and private key
There are several ways you can store your seed phrase and private key. You can:
Use a paper wallet
While paper is relatively destructible, it is arguably one of the best ways to store your seed phrase and private key. Physically write down your seed phrase and private key on a piece of paper and store it in a safe and secure location where no one but you has access. You can even laminate the piece of paper to resist water damage and possible tear and wear.
Besides paper, you can have your seed phrase and private key engraved on steel plates or other durable metals for enhanced safety. Metals come with more durability when compared to paper wallets.
For example,Cryptosteel is a device that allows you to back up your private key and seed phrase in a fireproof, shockproof, and waterproof manner.
Use a hardware wallet
Hardware wallets like Trezor, Ledger, and Keepkey are in existence to help you securely store your seed phrase and private key. The hardware wallets provide a safer option to store your sensitive data offline. Hackers have no way of accessing your data.
Create extra copies
You can write more than one copy of your seed phrase and private key and store them in different places. In case anything happens like say one copy gets destroyed due to natural disasters, you still have a way of accessing your funds. All is not lost.
Divide your seed phrase into 2-3 parts
You can write the first 4 words on a piece of paper and another 4 words on another piece of paper and keep going till you complete the whole phrase. Each paper can be stored separately such that access to the whole phrase is hard for anyone but you. Remember to number the pieces of paper to avoid altering the sequence.
Avoid storing a digital copy of your seed phrase or private key
Anything stored online can easily be accessed. The online world is not as safe as many people think. Don’t take a picture, print, or save your seed phrase or private key on a digital platform. A hacker can easily hack your system and access sensitive information.
By now, it is clear that your private key plays an important role when it comes to the safety of your digital coins. Therefore, the information must always be safe and away from everyone else but you. You already have some ideas of how you can safely store your private keys.
In case you do lose the private key (and mistakes do happen) thanks to seed phrase security, you have an option for easy recovery of your funds. Just remember not to skip the option of requesting for a seed phrase when creating your digital wallet.
As the world has experienced a technological boom that has changed the way we do the majority of the things in our lives, it is only natural that in this modern era, the way we transfer life’s most useful commodity, money would also change.
Despite this, even now, transferring money between locations can be difficult, especially if you are transferring money between countries. A number of different factors contribute to this, especially lack of technological infrastructure, the remoteness of your location and restrictive legislation and procedures. The rapid rise of cryptocurrencies since the major boom in 2017 has propelled virtual currencies into the limelight as a potential solution to the problems that normally arise as a result of transferring money digitally in our current system. Due to the fact that cryptocurrencies are still in their infancy, there is much debate about the validity of such speculation.
Why Where You Live Matters For Money Transfers
Location plays a huge role in the quality and the costs involved in transferring money between countries.
One of the reasons for this is because money transfer fees vary greatly from provider to provider; in a country where there are a lot of different banks and services to choose from, the customer has the freedom to find the cheapest rates, whereas in less developed areas the choice of provider is going to be much more limited, relegating customers to a select few options that may not be providing them with a good deal.
Your location will also have an impact on the convenience of services available to customers. This is because of the fact that in certain countries, a large number of people do not have bank accounts, in fact in Senegal only 181 people have a bank account per thousand.
This means that they will need to physically collect money that has been sent to them. In more remote locations, this can be a major inconvenience to customers due to the travel involved.
Do Cryptocurrencies Aid in Money Transfers?
The main problems that plague the money transfer industry are the regulations, the overwhelming number of “middle-men” and high commission fees. For example, fees have been so prominent that in 2017, migrants had sent $450 Billion back to their home country, with $32 Billion being claimed by providers as transaction fees.
This has severely hampered people’s access to the global financial system, with 40% of people saying that they have no access at all, primarily due to the expenses involved.
One of the ways in which experts suggest cryptocurrencies could improve the money transfer market for customers is by cutting down the costs of transferring money.
The cost of remittance on a cryptocurrency transaction can be either hundreds or thousands of times cheaper for customers, making it easier and more cost-effective for people to transfer money. Despite all of the public support for cryptocurrencies in this aspect, there are still very influential members of the community that believe that the effect of cryptocurrencies on the transfer of money is going to be minimal, at least in the short-term.
One of the main problems touted by experts is that foreign exchange rates will be incredibly volatile due to the nature of cryptocurrencies, meaning the value of a transaction can fluctuate massively, even whilst it is in progress. This represents the potential for customers to lose money. Furthermore, another issue that is commonly explored is that there are some that believe that the process of transferring money through cryptocurrencies creates friction for the customer, especially in a market such as money transfer where the ease of the customer’s experience is a huge USP.
The issues stem from the process of converting fiat money to cryptocurrencies, transferring to the recipient’s wallet and then converting the funds back into fiat currency.
Is There An Ideal Solution?
For cryptocurrencies to successfully become the driver for global financial change that some experts believe it can be, there are a number of issues that businesses will need to find solutions to.
One possible solution to the problem of erratic cryptocurrency values reducing the value of a transaction would be to send the money through the form of stablecoins. There are still some concerns over stablecoins that de-value beyond their pegging, although this is not nearly as pronounced as it is in regular cryptocurrencies. The issue of improving the general ease of the user experience is a more complex matter. Solving this problem would require a lot of leg-work and collaboration between customers and coin providers.
To make the process as quick and easy as possible would require some form of infrastructure which would allow for the automatic conversion and deposit of cryptocurrencies into fiat currency.
Even if this was brought into practice, the benefit would not be entirely clear in LEDCs whereby many people do not have bank accounts. To get around this, a cryptocurrency provider may need to specifically create a service dedicated to allowing customers to exchange their cryptocurrencies for fiat currency in branches across the world, which is a very unlikely prospect. As it stands, nobody has found the winning combination to fully integrate cryptocurrency into money transfer services, however, with the infantile nature of the market, you may be pleasantly surprised to see businesses and customers break the barriers in coming years.
Given the prevalence of bank accounts in the modern world, and the necessity of having one in first world countries, it would be easy to assume that there are only a small number of people on the planet without a bank account. This assertion would be incorrect, in fact, a large number of people do not have a bank account at all. Considering the huge buzz centered around cryptocurrencies, it is also surprising to see that there are a large number of inactive accounts within the cryptocurrency space.
Inactive Bank Accounts
In 2018, the World Bank released information pertaining to the current climate for global financial inclusion. The provided figures give an unprecedented look into the subject. The data from the World Bank showed that despite the fact that 67% of the world’s population had a bank account in 2017, up from 61% in 2014, growth may be slower than we think. Of the increase in that three year period, 80% of those new accounts are currently inactive. Meaning that they have had no ingoing or outgoing transactions for over a year. When you only apply active accounts to the percentages, the share of people with a bank account increased from 52% to 53%, which is a much smaller improvement. The survey from the World Bank included answers from 150,000 participants.
The number of inactive accounts is of concern to financial institutions because if a user doesn’t consistently utilize their account, they will not be able to attain the benefits that the account provides, furthermore, those accounts also provide minuscule value to the issuers of the accounts. Only inactive accounts with large balances will be able to generate value for the bank and the customer.
Out of all of the different countries surveyed, it was found that the countries with the largest populations, China and India were also the countries with the most financially excluded people. The survey also gave the participants the opportunity to explain their reasons for not having a bank account. The figures show that the main reasons for exclusion are a lack of access to money, the cost of using the services, access to services and a lack of trust in financial institutions. With the World Bank only having one more year left until the deadline for their Universal Finance Access by 2020, they will need to think about the realistic deadline for UFA and how the steps they are going to take to achieve this goal. The World Bank has pledged to aid the inclusion of 1 Billion people, Visa, Mastercard, and GSMA have pledged a collective 1.5 Billion people, along with other institutions also making pledges.
Inactive Crypto Accounts
It is obviously going to take a lot longer for cryptocurrencies to see universal use across the world than it is for bank accounts, however, that does not mean that cryptocurrencies are doing badly with the accounts that they have now. In fact, Bloomberg, using information gained by market research firm Flipside Crypto has stated that an unprecedented number of previously inactive Bitcoin wallets have become active again. Delving further into the figures shows that the number of Bitcoin wallets that have been inactive for a period of 1-6 months had dropped by 40% between March and April 2019. This caused a surge in the price of Bitcoin at the time and was indicative of people warming up to the idea of buying Bitcoin again. One of the biggest concerns with inactive cryptocurrency accounts within the market is those of large cryptocurrency Whales. These are individuals with huge cryptocurrency holdings, with the transfer of said holdings being able to directly influence the market price of Bitcoin. For example, there are currently concerns about a dormant Bitcoin Whale, holding 80,000 Bitcoins. This is worth over $700 Million and if this Whale decides to cash in on their holdings, it could cause a market crash, according to analysts at Whale Alert. People in the market are valid in their concerns about previously inactive Whales, as it was found in December 2018 that $1.5 Billion worth of Bitcoin was transferred from previously dormant cryptocurrency wallets, with a concerning number of these transactions being from the top-20 Bitcoin wallets. For example, one such wallet has been dormant since 2013 and moved over 60,000 Bitcoin, worth $245 Million to an unknown address. The concerns stem from the fact that Whales are also known to crash the market price after selling, so they can purchase more cryptocurrencies at a lower price, holding until they can flood the market again. In fact, the top 3 cryptocurrency wallets that have been dormant for 5 or more years have a collective total of over 150,000 Bitcoins, which is a mind-boggling amount. Outside of the top three, there are a number of users with holdings of over 10,000 Bitcoins. This is a large amount of value stored within inactive wallets. One of the biggest questions that normally surrounds these inactive wallets is the reason for the wallet being inactive in the first place. Due to the high level of anonymity behind cryptocurrencies, we rarely ever learn the reasons for this inactivity, although the most commonly given reasons are, the loss of private keys, the incapacitation of the wallet holder, the holder is continuing to hold for a future sale, or the owner forgot about their holdings. Only time will tell as to whether or not these dormant accounts will “wake up” in the future and sell their holdings, although the marketplace is aware of the potential consequences of such an event occurring.
The most grievous security breaches in the crypto world come from hacks and when a hack occurs and there are either, a large number of victims, large losses, or both, the media will draw attention to this straight away. Despite this, smaller successful hacks will hardly go reported. In fact, Foley and Lardner have published a report stating that that 71% of the most prominent cryptocurrency traders and investors believe that theft is the biggest risk plaguing the industry.
Be Careful Of Applications on App Stores
There is a larger proportion of Android users falling victim to hacks, due to the fact that their operating system does not use two-factor authentication. Forbes has claimed that due to the open operating system preferred by Android, it makes it less secure than iOS. Hackers have been known to create apps on behalf of cryptocurrency sites on the Google Play Store. The most well-known case of cryptocurrency users experiencing a hack through an app on the Play Store occurred in October 2017. Poloniex is an American cryptocurrency exchanged, which suffered hackers posting a fake app onto the Google App Store, which faked the role of a mobile gateway for the exchange. Traders wrongly downloaded the app and their personal information was stolen, with malware analyst Lukas Stefanko, stating that 5,500 users had been effected before the fake app was removed from the store. How to Avoid This Issue:If you are unsure about the legitimacy of an app, the first thing you should do is visit the website for the project. Usually, from the website, there will be a direct link to a valid app. You should also make sure that two-factor authentication is enabled on your apps, to add another layer of security and should avoid downloading apps that you do not need
During October 2017, an irreparable flaw was discovered in the WiFi-Protected-Access Protocol. It became possible for attackers to use a KRACK attack to cause the user’s mobile device to connect to the hacker’s network. From this, any information that would pass through the WiFI network would be available to the hackers. This includes private keys for cryptocurrency wallets and these risks are most prevalent in high-traffic areas such as railway stations and airports. How to Avoid This Issue:It is never worth it to make a cryptocurrency transaction on a public WiFI network, all it takes is one KRACK attack and you will likely lose your holdings. Just make the safe choice and wait until you are on a secure network. You should also always update the firmware on your router to ensure the best possible security.
Fake websites or site cloning has been a method of attack since the beginning of the internet boom. This method of phishing has remained in popular use in the current age of the internet. One way in which an attacker can do this is by registering a domain that is one letter short of the official address. Hackers will then clone the entire website in the hope that internet users will not notice their error and will put their personal details into the site, allowing the scammers to steal their information. Alternatively, attackers may send an email to cryptocurrency users, perfectly copying the communications sent from official cryptocurrency projects. Within these communications, they will encourage users to click on a link in the text, prompting them to put in their personal details, allowing attackers to steal them. A report by Chainalysis has estimated that $225 Million has been lost as a result of cryptocurrency phishing scams.
How to Avoid This Issue:One of the best ways to avoid this issue altogether is to bookmark the correct websites that you will be regularly visiting, this way you do not need to worry about typing the link incorrectly. You also need to remember that you should never give your personal information to anyone, no legitimate business would ask you for your account details over email.
Cryptojacking is a rapidly expanding problem within the cryptocurrency community, with 2.9 Million instances recorded in the first quarter of 2018, which was a 625% from the final quarter of the previous year according to a report by McAfee. Cryptojacking itself is a type of attack, whereby the attacker will place malware on the victim’s computer, which operates hidden crypto-mining activities on the computer itself. There are some types of cryptojacking malware that can also read the personal information stored on your computer, and as a consequence of this the attacker may not only be able to freeload from a person’s computer, but they can also transfer the victim’s cryptocurrency holding to their own wallet. How to Avoid This Issue:One method of preventing cryptojacking from occurring would be to invest in high-quality antivirus and anti-malware software. Such software would be able to detect any malicious programs and can remove them from your computer. Another prudent measure that you can take would be to avoid downloading software from unverified locations, as these locations carry the greatest risk.
It’s not a guarantee that an add-on designed for your browser is going to be safe. In 2018, the MEGA Google Chrome extension was replaced by hidden malicious code that was said to be able to harvest sensitive information from sites that its users visited. Tens of millions of people downloaded the addon and were put at risk, even though it was initially believed that the risk only pertained to popular sites like Google and Facebook.
The opposite was confirmed when Riccardo Spagni, a Monevo developer confirmed that both Monero and Ethereum private keys could also be harvested by the addon. ZDNet later released a report confirming the damage done by the MEGA extension, which Google pulled from the Chrome repository, stating that Google, Amazon, Github and other organizations had been affected by the breach. How to Avoid This Issue:One of the easiest ways to ensure you are not a victim to dodgy add-ons is to not download a large number of add-ons that you don’t actually need. The less you download, the lower your risk of vulnerability. Furthermore, if you do need to download a browser add-on, you should conduct a bit of due diligence and look around the internet for further information on said add-on before downloading.
Lack of Common Sense
One of the main reasons that people fall victim to thieves, wanting to steal their information is due to carelessness. It must be realized that when handling valuable assets such as cryptocurrencies, you are always going to need to do your due diligence and maintain a high level of alertness. In closing, there are a few other things to consider that will greatly increase the security of your cryptos. Firstly, you should never share your private keys with anyone, no matter the circumstances. Secondly, if you have your private keys in a physical format, you should always keep them in a secure location, such as a safe. You should keep your anti-virus and malware protection up to date to ensure that whilst you are online, you are at minimal risk of falling victim to a cyberattack. Going further from your private keys, you should also never share your personal details with anyone, be careful of hackers posing as cryptocurrency projects through email, as legitimate businesses will never ask for your details in this way.
We have removed our product from the Facebook Audience Network
A few months ago we stopped showing ads in order to prevent any possibility of improper use of the private data of our customers. We respect the privacy of our customers and want to make sure that our product remains free of invasive advertising.
To protect the rights of Coin Wallet customers to retain full control of their personal information during online crypto transactions, we have removed our product from the Facebook Audience Network. This decision was made after significant deliberation. Below, we outline how we came to this decision and what Coin Wallet customers can expect moving forward.
Why Facebook advertising is bad for privacy
Social networks like Facebook or Google have become ubiquitous with internet use. With their buttons and widgets installed on millions of websites, they have unprecedented power to target users for advertisements. The Cambridge Analytica scandal and other recent cases have raised public concerns about the misuse of public data. Despite this, Facebook continues strategic partnerships with dozens of tech conglomerates like Microsoft and Amazon that access user information in exchange for certain promotion services.
Facebook does not only track the activity logs, private chats, and user-uploaded content on its own social media platforms. It also actively pursues collecting user data all over the Internet. Through permanent trackers embedded in their advertising widgets and ‘like’ and ‘share’ buttons, the company can follow users across websites and apps that participate in the Facebook Audience Network.
The most important information about you for the company is not what’s written on your Facebook profile. It’s what you do on your device throughout the day. For example, if you use a fitness app that hosts advertisements, Facebook is able to identify you as the target audience for workout apparel. Using this data made available to them by Facebook, workout apparel companies know to target their advertisements to you via apps, Instagram, and other channels in the Audience Network.
So far, the existing integration of Audience Network and services provided by Facebook and Instagram allows Facebook to map the browsing behavior and activities of the vast majority of users. Apart from GDPR regulations on cookie usage, electronic data collection activities are not comprehensively regulated by any legislation and pose a significant threat to users’ digital rights. They can lead to unsolicited profiling of the audience and manipulation of consumer behavior.
What we’ve done about it
Each crypto wallet contains highly sensitive financial information. At Coin Wallet, we are committed to providing customers the highest level of security and privacy. Not sharing wallet data with third parties is an essential piece of this. In line with this position, we have eliminated all ads completely from our product and barred Facebook from accessing customer data or tracking their usage of Coin Wallet.
As usual, we continue to guard the personal data of all our customers with stringent security measures. These include AES-256 encryption and BIP 39 passphrase encryption. We never reuse addresses and always enable safe access to the web version with Tor or VPNs. This ensures the total privacy and anonymity of your transactions, even to us.
Our data policy reflects our commitment to safeguarding user privacy to the highest extent. If crypto exchanges and other industry service providers adopt these steps, the security of crypto investors can be significantly increased.