I discuss the importance of cryptocurrency security in this page.
- Why is Cryptocurrency Security Important?
- Cryptocurrency is a Bearer Asset
- Sovereign individual
- Level of Complexity
- Public vs. Private keys
- Cryptocurrency Security on Cryptocurrency Exchanges
- Cryptocurrency wallets
- Recovery Seed Word List, PIN, and Passphrase Security
- Social Media Cryptocurrency Security
- Mobile/Cell Phone Security
- Hacking propensity in the cryptocurrency industry
Why is Cryptocurrency Security Important?
Cryptocurrency security has been an issue in the past. Over the last decade, as Bitcoin and other cryptocurrencies gained value they became targets for hackers and scammers.
A research article from TheBlockCrypto.com stated that all time cryptocurrency exchange hacks have surpassed $1.3 BILLION dollars, with the majority (~61%) hacked in 2018, when cryptocurrencies were trading at their highest levels, despite the bear market (Bitcoin dropped from around $12-$15k to $3200 over the year, but still significantly up from ~$950 in early 2017).
That is just from reported exchange hacks. There have been numerous, uncounted hacks and phishing of personal hot wallets and phishing from individuals’ cold wallets for the creative phisher/hacker.
That being said… as Cryptocurrencies and Bitcoin continue to rise in value, utility and development hacking attempts will only rise. I write more on why you need to worry about cryptocurrency security.
Yes, custodial security, exchange security and personal security will increase as awareness, value and popularity of Bitcoin/cryptocurrencies grow. However, you must educate yourself NOW to be prepared to protect your cryptocurrencies.
Cryptocurrency is a Bearer Asset
Cryptocurrency is a bearer asset. What does that mean? That means that it is like holding physical paper cash, or real gold coins, or even jewelry. If you leave it out, unprotected, someone can and will steal it.
Bitcoin, Ethereum, XRP and other cryptocurrencies are equally susceptible to theft. The term bearer asset means that the person who “bears the asset” or physically holds/possesses it is liable.
With cryptocurrencies (Bitcoin, Ethereum, XRP, etc) bearing the asset refers to holding your own private keys on a personal wallet, either a hot wallet or cold wallet (hardware wallet). That is where cryptocurrency security comes into play.
You must protect your private keys and keep them safe in order to preserve your exclusive access to your cryptocurrency. If someone gains access to either your wallet login, or your private key passphrase then they will have full access to the cryptocurrencies stored on that hot wallet/cold wallet.
In this respect, holding cryptocurrency is a bearer asset, and this is why cryptocurrency security is vitally important.
The banks and governments have a close watch over your bank accounts, investment accounts, registered retirement investment accounts, etc. They know how much money you earn and how much tax you pay and your credit card information, credit score, and not to mention your shopping habits.
Who seems to have access to your private personal and financial information: the bank, tax man, government, credit card company, credit score company, big corporate retail and more.
If they wanted, any one of these intermediaries could shut down one or more of your accounts, excluding you from accessing cash, or credit. Additionally, they have access to your personal information such as social insurance number/social security number, address, job, income, credit score etc.
The concept of the sovereign individual has been around for a while but has regained popularity in the Internet age over the last 1-2 decades. It describes some world transition states.
It refers to the transition from Religion to Nation State as the influential powerhouse of the world fueled by the printing press, gunpowder weapons and the industrial revolution. It then describes the transition from Nation-State to the Sovereign Individual with the dawn of the Information Revolution of the Internet.
However, this transition is not complete and continues as we are developing the Internet of Value or Internet of Money via cryptocurrency technology.
With cryptocurrency technology people will be able to custody their own digital assets, both as currency and as valuable documents (i.e. degrees, driver’s license etc). Individuals will be able to send money anywhere in the world, to anyone, without the government’s overwatch or permission.
Combining the freedom of access to information as well as the freedom of holding your own digital assets, individuals will become sovereign, independent of their governments. While the government does perform many important functions, they may still be able to do so, but with greater fiscal responsibility and accountability to its citizens that have the ability to detach from the legacy system and become a sovereign individual.
Being your own Sovereign Individual requires responsibility and security of your digital assets, because the government will not insure nor protect it if you can walk away with it at any time.
Level of Complexity
The level of complexity for your cryptocurrency security can vary vastly. It is critically important that the complexity of your security measures does not out-perform your ability to comprehend or manage it, and therefore access your own cryptocurrency.
There are companies out there with billions of dollars worth of Bitcoin (and other cryptocurrencies) and they go to great lengths to protect it. They use deep cold storage computers/hardware wallets stored in Faraday cages that are locked and have video surveillance with armed guards, with their assets geographically distributed in different countries and environments, all with multi-sig cold wallets. That was a mouthful. And much too much for the average investor to manage or afford.
Generally speaking, have more than one layer of security and keep things simple. Check here for simple ways to keep your crypto wallet secure.
Public vs. Private Keys
You can’t talk about cryptocurrency security without discussing public and private keys.
An integral part of what makes cryptocurrency work is the public-private key pair. There is an expression in the cryptocurrency industry “not your keys, not your crypto.”
The public key is known to the public, and is not a secret.
However, the private key must be kept – private. Your private key is a secret. Never tell anyone your private key. Never store your private key on a word document, as a note on an app on your phone or laptop, do not even take a picture of your private key written down.
Only keep your private key on a cold hardware wallet, or written on paper that is securely stored, or on a reputable and secure hot wallet (but only with small amounts/value of cryptocurrency).
Your private key is your Seed Word list, more on this below.
For more on Public vs. Private keys, see my page on Cryptocurrency.
Cryptocurrency Security on Cryptocurrency Exchanges
Be very wary of cryptocurrency exchanges. They are the primary on-ramp into cryptocurrency, and there are a lot of exchanges out there all vying for you to use them.
Your task is to find the right cryptocurrency exchange that takes cryptocurrency security seriously.
Before I progress I want to reiterate the expression in the previous section, “not your keys, not your crypto” – meaning that if you hold your cryptocurrency on a digital asset exchange, they hold your cryptocurrency private keys. That is why the security of the exchange is critically important.
There are several components to look for in a good exchange that has high-security standards to protect your cryptocurrency.
- Time – at least one-year-old with a good history.
- Is there bad press?
- Have they had hacks in the past?
- Do they have good user reviews?
- No wash trading
- High quality and timely customer support
- Other informational services
- (Real) Volume
- An exchange without good volume will mean that you may not be able to buy in at a good price or sell out without tanking your exchange.
- Security measures of the exchange
- Percent of assets in cold storage
- Mandated 2FA (2-Factor Authentication)
- Email confirmation for withdrawals
- Insurance of crypto assets
- Multiple deposit and withdrawal methods
- Country of operation
- Is the country they operate in crypto-friendly?
- Is the country they operate in politically stable?
- Is the exchange compliant with local laws?
- Offer multiple coins with multiple base pairs (not just USD-BTC and then BTC-to-ALT coins, they need many and varied base pairs).
- Integration of NASDAQ monitoring Technology (SMARTS)
While we all must use an exchange at some point, be careful not to leave any high value cryptocurrency on any exchange for any extended period of time. Any exchange is subject to hack – even Binance got hacked in early May 2019 with ~$40 million USD worth of BTC stolen.
Please refer to my post on how to review a cryptocurrency exchange.
Cryptocurrency wallets are how you hold/store your cryptocurrency. The cryptocurrency wallet is what protects and houses the private keys to your cryptocurrency assets.
There are different types of cryptocurrency wallets, and I go over them in my post on “what is a crypto wallet?”
Your cryptocurrency wallet is your ability to be in control of your own money. It is critically important to have one, and ideally, multiple wallets.
There are different ways to access your wallets, some use a PIN, others a password. Some even offer U2F, which in my opinion is one of the most secure.
Briefly, there are two main types of wallets: hot and cold.
Hot wallets refer to online, purely software based wallets. They are called hot because they are in constant “contact” or “exposure” to the internet, and thus more susceptible to hacks.
Hot wallets can still be quite secure, but not as secure as cold wallets. See my post on “What is a Hot Wallet?“
Cold wallets refer to offline, hardware wallets.
That means that the software is on a custom made hardware device, typically USB based that stores the private keys. The part of the hardware device that stores the cryptocurrency private keys does not “touch” the internet, it is physically separate on the hardware device.
Once the hardware wallet is unplugged from the laptop, then it it effectively separate from the Internet. The reason for this separation is that it greatly reduces the risk of hacks because there is not way for a hacker to virtually attack it if not connected to the internet.
There are many types of hardware wallets. The most popular being:
- Ledger Nano S (by Ledger)
- Ledger Nano X (by Ledger)
- Trezor (by Trezor)
- KeepKey (by KeepKey)
- BitBox (by Shift Cryptosecurity)
See my post on “What is a Cold Wallet?“
Recovery Seed Word List, PIN, and Passphrase
Recovery Seed Word List
The recovery seed word list, or “recovery seed” is typically a list of 12 to 24 randomly selected words that is uniquely and entirely generated from the software on a wallet (ideally a cold, hardware wallet).
This recovery seed list is your ONLY backup in the case of losing your physical hardware wallet, or it getting damaged or stolen.
The recovery seed is a semantic representation of your private key. Remember? Not your keys, not your crypto. Your seed word list is essentially your private key.
Instead of writing down a long alphanumeric string (i.e. a24iqhx98…) it is much easier and less error prone to write down a list of random words that in correct order will decrypt your private key and give you access to your cryptocurrency.
With the recovery seed word list, you can access a new wallet, and type in your recovery seed words and it will restore the old wallet. That is the benefit of worldwide, public, distributed ledgers.
Your cryptocurrency assets are only as safe as you make your recovery seed word list. If you take a picture on your phone of your list, or save your list on a word document on your laptop that is accessing all sorts of websites and potentially vulnerable to viruses, or storing the recovery seed words on DropBox, Google Docs or another cloud service, then they are highly susceptible to hacks and attacks.
The seed word list should only:
- Be written down by hand with pen and paper directly from the hardware device (or hot wallet screen).
- Never make a digital copy of your recovery seed word list.
- It should never, ever touch the internet or a device connected to the internet.
- You should keep 2 to 3 copies of it, ideally stored in physically separate and safe locations
- Physical safe/mini-vault.
- Bank security deposit box.
- Engraved on metal (then it is water, insect and fire resistant/proof) – Cryptosteel.
- With a trusted family member (i.e. parents, sibling, children… only if you can trust them).
* Also, probably tell someone that you trust that you have cryptocurrency, and let them know where they might be able to find the recovery seed word list. Because in case you die or are brain dead, there is not point to losing access to your cryptocurrency.
The Personal Identification Number (colloquially, PIN), is a 4-10 digit code that you create and use to access your wallet (hardware or hot wallet).
This is what grants your access to login to your cold or hot wallet. Much like a debit or credit PIN on your personal debit or credit card. Or like the password/PIN for your mobile phone.
The PIN protects your device, NOT your seed word list. Your seed word list is independent and both are equally important to protect.
However, you can reset your PIN on most hardware devices if you have your seed word list. Do not let anyone know your PIN, but, you do not need to store multiple copies of your PIN in geographically separate locations etc.
The passphrase is another layer of security. The third layer, on top of your seed word list and PIN.
The passphrase is like a 25th seed word. It can be a word, a set of letters or even a sentence. Since it is like a seed word, it can (on its own) generate your wallet/private keys. It is derived from your brain, not from the device, so no one is able to hack it (provided that you never write it down).
A passphrase is a significant level of security added, since if it is enabled, you would need all 12-24 recovery seed word list, AND the passphrase to access your private keys.
Even if someone physically steals your hardware wallet and breaks into the microchip and discovers the 24 word recovery seed, they cannot access your private keys without the passphrase.
However, if you lose your passphrase you cannot, ever, access your cryptocurrency. Therefore, it might be worth writing on paper and keeping safe but you must weigh your options.
Social Media Cryptocurrency Security
Pretty much everyone is on social media these days. From Facebook, YouTube, Instagram, SnapChat, WhatsApp, Skype, Twitter, etc.
Whatever your social platform, remember that it is, well – social. That means others are reading what you post. Not to mention that the parent company of the platform has access to everything that you post or even write in a private message.
Good social media security “hygiene” is to:
- Don’t post that you own cryptocurrency, or how much you own.
- If you have already done so, do not allude to
- what cryptos you own
- how much you own
- how you store them
- where you live
You never know who is reading your social media, and even if you trust all of your “Friends”/”Followers” you have no idea who they tell about your cryptocurrency assets. You cannot control what they do with this information.
Moreover, avoid sharing much personal information such as your birthday, education, family relationship, childhood, favourite movies, foods, your first car or where you grew up, your favourite teacher etc. as those topics tend to be security questions with banks, and may also end up being security questions with cryptocurrency exchanges etc.
Not to mention, try to protect your social media accounts as much as possible. If you have discussed your cryptocurrency wealth in private messages, but someone hacks your account, then you are vulnerable.
The best, safest policy is to simply keep your private cryptocurrency wealth your own business. Do not share it on social media.
Mobile/Cell Phone Security
Today mobile phones are increasingly ubiquitous and we become increasingly reliant on them. I wouldn’t call this a bad thing. In fact, it’s a great thing. Mobile phones have become so advanced that they are really more like digital personal assistants. You have access to the world through a tiny screen in your pocket.
That being said, with your social media, photos, credit cards, bank account and investing portfolio access, and at an ever-increasing rate, your cryptocurrency wallet access – mobile phone security becomes a real issue.
The best way to keep your mobile phone safe is to invest in a high quality phone case. Forget finger print or facial recognition, go with a long PIN (6-10 numbers).
Do not stay logged in to social media apps, banks apps and especially not crypto wallet apps.
Your mobile phone can also act as a security feature itself. Since phones are ubiquitous, yet highly personal, you can use your phone as a second factor authenticator.
That means in order to login to a specific account (i.e. a cryptocurrency exchange account), you may require a second-factor authentication. This can be a text to your phone (SMS); or a 2FA random number generator app (such as Google Authenticator or Authy); or a physical security key known as U2F. See my post, “Secure Your Cryptocurrency with 2FA” to learn more.
* Please note: SMS authentication is highly susceptible to SIM Hacking and is actively discouraged. Most cryptocurrency exchanges will not even allow it. The higher grade security is via 2FA authenticator apps or U2F.
Hacking Propensity in the Cryptocurrency Industry
As stated above, cryptocurrencies, especially Bitcoin, Ethereum and XRP are highly valuable, scarce, digital assets. As time progresses and the world grows to adopt them at an increasing rate they become more valuable, and more scarce.
As they increase in value and scarcity the number of hacks and intensity of hacking attempts will only increase. Thus far, as reported in April 2019, by TheBlockCrypto.com over $1.3 Billion USD worth of cryptocurrency has been hacked from cryptocurrency exchanges.
That just counts crypto exchange hacks. That does not include scam ICOs, hot wallet hacks, or phishing on Twitter, Facebook, email, etc.
There are so many attack surfaces to steal your crypto that you must participate in your own cryptocurrency security. Do not let the bad guys win. Keep your wealth secure!
Attack surfaces include:
- SIM Hacks
- Human error
- ICO scams
- Hot wallet hacks
Read more about cryptocurrency. Learn more about cryptocurrency security.
Become a sovereign individual, and protect your cryptocurrency assets, which will allow you to govern your own life.
Markshire Crypto Conclusion on Cryptocurrency Security
As cryptocurrencies such as Bitcoin, Ethereum, XRP, Binance Coin, Litecoin, etc gain more traction, value, acceptance and increase in scarcity you will be at greater risk of attack from hackers. Protect yourself from every angle possible.
- Use a legit exchange
- Keep the majority of your crypto on a few cold hardware wallets in geographically distinct locations.
- Protect your recovery seeds.
- Do not disclose that you own cryptocurrency to anyone, or if you do, only to trusted people and do no tell them how much you have.
- Protect your mobile phone and use 2-Factor Authentication
As we transition to from the Nation-State to Sovereign-Individuals holding your own money will become paramount to your sovereignty. You can do that with cryptocurrency wallets.