Don’t lose your crypto- here are some tips to keep you Safe!
Important tips on securing your SafeCoin and other cryptocurrency.
1. Don’t store assets on exchanges! Exchanges will always be a target for hackers. And sometimes exchanges just shut down.
2. Use cold wallets, hardware wallets or secure paper wallets when possible.
3. Backup your private keys. Backup your wallet.dat AND backup your private keys for each address. Store the backups in a fireproof safe. Store more backups off-site and well encrypted.
4. Don’t tell people how much cryptocurrency you own. Don’t make yourself a target.
5. Use separate addresses when possible. Spread out large holdings to different addresses, so that if one is compromised you don’t lose everything. Also, public addresses can be tracked and traced and potentially linked to you and your other addresses.
6. Run antivirus software. Only download wallets from known sources. Use Linux or a Mac instead of Windows.
7. Beware of phishing attempts and social engineering hack attempts. Don’t send or accept files that you don’t understand or know about to people on telegram or discord.
Keep reading below for more details on each of these tips.
Keeping your assets as safe as possible.
Does your heart skip a beat when you open your billfold and money that you expected to be there isn’t there? Then you remember where those bills are (or where you spent them) and everything is fine again. Cryptocurrency will give you those same moments of panic, and frequently there is nothing wrong. Refreshing the block explorer webpage or relaunching the wallet will show your assets are still there and still safe. But hacks and losses of cryptocurrencies occur all the time, small scale and large scale. It pays to be careful with your cryptocurrency assets; here are several tips to help you be safe, whether you’re new to the cryptocurrency world, or a grizzled veteran that’s already lost some BTC somewhere along the line.
Let’s start with some simple background, so that we are all on the same page. All cryptocurrencies share a similar concept of a public key and a private key. The public key is your “address” that people send coins or tokens to. The private key is your secret key to access the funds in the public key address generated from a cryptographic algorithm. Thus, if you don’t have that private key, you don’t control your assets and they are at risk.
That leads us right to the first rule of crypto: Don’t store your assets on exchanges. You probably have heard of Mt. Gox and maybe even Cryptsy, and if you haven’t heard about the Cryptopia hack then you should read about it now! Exchanges are targets for hackers because of the enormous sums of crytpocurrencies that they hold. Don’t let your funds be part of the stolen assets. Most of us will at one time or another have some funds on an exchange, because we want to buy or sell at a certain value, but don’t just leave a significant (to you) amount on an exchange. Also, enable two-factor authentication (2FA) for every exchange you use. I prefer Authy over Google Authenticator for my 2FA because it is easy to back up and it can sync to more than one device.
So, what do you do if it isn’t safe storing your assets on an exchange? This is where things can get as complex as your own paranoia and tech savviness let you. Many people will choose just to download the GUI wallet of a project, get some addresses, encrypt the wallet if it’s an option, and then just shut it down until they need to send coins. But there are potential problems with this. You need to back up your wallet.dat file and your private keys. These backups need to be stored in a safe location, preferably with a second copy of the backups in an offsite location. I have a USB drive in a fire-safe and then I use a MacOS encrypted sparse image file, stored on the cloud as my off-site location. If you use Windows 10, you will need a third-party app to create a similar encrypted disk image. It is critical that this be stored as an encrypted file; not too long ago a person I know from Discord had his Gmail hacked, where he was storing some backup private keys. His thought was that Gmail was encrypted, but he didn’t foresee his Gmail account itself getting hacked.
The other problem with a software wallet is that any computer that is connected to the internet is susceptible to malware. Having a software wallet on your computer leaves you vulnerable to viruses written specifically to look for wallet.dat files and send them to the hacker. Use antivirus software to reduce the threat of malware. If your wallet software allows it, encrypt and password protect your wallet. This will help keep your private keys from being exposed if you happen to have your wallet.dat compromised.
Further paranoia on this topic: Only download software wallets from known sources. There are absolutely wallets that have been written solely to steal coins. But even a legitimate wallet can be compromised, as happened recently when a developer’s github account wasn’t properly secured. Another idea that works for me is to use Virtual Machines (VM) and install new wallets in their own VM. This should sandbox any threat, so that only files on a single VM would be compromised. VirtualBox is free and works well for this.
If you’re planning to buy and hodl your coins, then you should consider a paper wallet or a hardware wallet, like Trezor, Ledger Nano or Jubiter.
Of course, the hardware wallet options don’t support all coin projects, and they can be inconvenient to use. If you use a paper wallet, then come up with a backup system for that, too. A digital copy (print to PDF) stored in an encrypted disk image on the cloud will work. Or another paper copy stored in a safe deposit box. Webwallets can be safe, depending on the process used to access your address. A webwallet that stores the private keys means that you don’t truly have control of your coins. What happens when that server bill isn’t paid, or the domain isn’t renewed? Another risk of a webwallet is how the private key is transmitted. Make sure you have a secure connection (https://) and don’t use public wifi. And really make sure you are at the correct site, even a small typo may lead you to a phishing site. These wallets that are offline are known as cold wallets, and if used properly a cold wallet will reduce your exposure to hacks and theft.
Once you have your computer all secure, now we must address the human component. Don’t tell people how much cryptocurrency you have. Don’t make yourself a target. Also, use separate addresses when possible. This avoids you losing your entire stash if the private key is compromised and makes it harder for people to trace your transactions to see how many coins you may have. Finally, don’t fall for phishing attacks or other social engineering attempts. As Kevin Mitnick said: “Social engineering bypasses all the technologies, including firewalls.” That is the truth. Don’t send or accept files that you don’t understand or know about to people on Telegram or Discord, especially not your wallet.dat file even if it’s corrupted.
So, is this everything you can do? No, it’s not, but it should give you some ideas to start with. Cryptocurrency is constantly evolving, and new ideas are coming out daily. Some of them will make a real difference for end users. As with most things in life, there will always be some compromise between security and convenience. Do your own research. Stay Safe!