One of the most difficult things for a new cryptocurrency investor to initially get to grips with is the extent to which YOU are the sole custodian of your new asset. It’s completely different from having funds in a bank, for example, where you are a customer with rights and protections. And the first lesson you need to learn is: do NOT leave your coins hanging around on the exchange where you bought them!
There are a number of reasons why you don’t want to do this:
Cryptocurrencies are booming, and they’re big news. They’re also pseudo-anonymous and easy to move around the world in a flash – no wonder they’re attractive to hackers. And what is really, really attractive to a hacker? An exchange they know is loaded with lots of lovely money. As a consequence, they operate in a state of open warfare against continual penetration attempts, an ongoing arms race in which sometimes the hackers pull ahead – and funds are stolen.
Sure, some exchanges offer various insurances and guarantees, but at the end of the day if your coins are taken you are largely on your own. And – as the owners of the $450 million Bitcoin ‘lost’ from the Mount Gox exchange found out in 2014 – it’s unlikely that any assets exist to replace what is taken, whatever the cause of their disappearance.
Even if the exchange itself never gets compromised, fraudsters know that people are logging in and out of them all the time, and go to increasingly subtle and sophisticated lengths to try and get you to log in somewhere else instead. Would you have spotted this one, using an ṇ instead of an n? Certainly in a mobile browser, or an underlined link in an email, you wouldn’t see it at all:
(image source: Reddit)
Creating a site that looks enough like the real (and perfectly genuine and secure) Binance exchange is all it takes to complete the illusion and collect people’s passwords.
You can protect yourself to some extent by enabling two factor authentication on all exchange account logins, and using an anonymous dedicated email account for all your cryptocurrency transactions. But the sums involved on exchanges are simply too tempting, so the efforts to rob them will never stop.
It comes down to the usual trade-off in tech: convenience and usability, versus security.
Funds on an exchange are easy to access and trade, that’s what the exchange is for. Day traders need to be able to move as fast as the market moves, and have to keep their coins right there, ready to buy or sell as soon as the signals are right. But most of us transact much less frequently, and can tolerate slightly less convenient access to our crypto coins, in the name of better protecting them.
The next step is to move your coins to a browser-based ‘hot’ wallet, which is more secure than an exchange but still easy to operate online. Some of them are directly connected to exchanges, like Shapeshift, so you can pretty easily make some quick trades, whilst knowing your coins aren’t sitting there right on the exchange itself. You can make a hot wallet a bit more secure by using a dedicated machine, which is never used for everyday browsing.
There are also desktop wallets like Exodus, which run on your local machine – but of course do have to connect to the internet to transact. They are one stage safer though, because your private keys are stored on your own device, not on the server on the exchange. Of course, you need to keep your machine free of malware, etc, but it’s likely not tempting the big-time hacker attempts in the way an exchange does.
But to truly protect your cryptocurrency from online attacks, you need to get it right OFFline – to a cold storage wallet. Put a literal gap, an ‘air gap’, between your private key and the internet. If you think of a hot wallet like the wallet in your pocket – convenient, accessible, but never carrying around more than you could truly stand to lose – then cold storage is akin to a safe or deposit box.
There are a number of dedicated devices you can use to store your cryptocurrencies on, including the Trezor, Ledger Nano and Keepkey. These devices all support different coins and have pros and cons and as ever you need to do your own research, but they’re essentially USB keys secured with a ‘seed’ phrase (usually 12 or 24 words) in addition to PINs and passwords. Securing that seed phrase is vital, and depending on the size of the asset to protect, you might want to keep a copy in a separate location.
You are of course placing your trust in the manufacturer of the device itself, and it goes without saying you must never ever use a pre-owned storage device.
The coldest and least accessible choice of all is to generate a paper wallet, using a specialist online tool for this purpose – but don’t even go to the site until you have run all the virus and malware checks on your computer. After you get there follow the instructions carefully, including downloading the site for offline use, and ensuring that your computer and your printer are fully offline, before you ultimately print out your cryptocurrency wallet.
This is a great way to share or gift cryptocurrency, but as a long term storage option, it does need to be considered vulnerable in the sense that any piece of paper is vulnerable – if that private key is damaged by water, fire, fading or anything else, it’s gone for good.
It’s a good response though, to people who say they don’t trust any currency they can’t see physically, or hold in their hand! Give them $10 worth of Litecoin or something, on a paper wallet, to get started with – who knows how far down the rabbit hole they will tumble on their cryptocurrency adventures?
But be sure to send them this article too, so they can protect their crypto assets going forward. And look out for more updates and advice from the Data Driven Investor team.
Data Driven Investor
Data Driven Investor (DDI) brings you various news and op-ed pieces in the areas of technologies, finance, and society. We are dedicated to relentlessly covering tech topics, their anomalies and controversies, and reviewing all things fascinating and worth knowing. DDI has only one mission: see what is coming, and do what is important – “NOW”.
Visit us at datadriveninvestor.com.
About the DDI Team
Dr. Justin S P Chan has a passion for clarity and synergy - seeing through the complexity of the intersecting spheres of technology, finance, innovation and social dynamics, to enable game-changing collaborations between entrepreneurs and innovative opportunities. Combining the vision of a true inventor and entrepreneur with his data-driven, evidence-based approach to investment, Justin also co-founded OCIM and serves as Chief Investment Officer for its fund management platform. Within OCIM, He co-manages OC Horizon Fintech, a transformational hedge fund, where he blends real applications, expertise and future-awareness into truly exceptional investment performance. Justin gains inspiration for these projects from his global network of contacts in investment and fintech communities, where he stays on the pulse of fast-moving conversations and trends affecting global markets and emerging technologies.
John DeCleene is a fund manager for OCIM’s fintech fund, and currently progressing towards becoming a CFA charter holder. He loves to travel for business and pleasure, having visited 38 countries (including North Korea); he represents the new breed of global citizen for the 21st century. Whilst having spent a lot of his life in Asia, John DeCleene has lived and studied all over the world - including spells in Hong Kong, Mexico, The U.S. and China. He graduated with a BA in Political Science from Tulane University in 2016.
Contact
General: [email protected]
John DeCleene: [email protected]
Phone: (+65) 8420 4779
Justin Chan: [email protected]
Phone: (+65) 9129 2832
© Liana Technologies