Hacking & Phishing Prevention
Hacking and phishing attacks are among the biggest security threats to your cryptocurrencies, so you must set strong passwords for your wallets and all accounts that deal with cryptocurrencies.
Keep these tips in mind when setting up or using your cryptocurrency accounts:
- Use different passwords for every account you use to limit any damage that can be done by hackers.
- Use a unique email when opening accounts on each exchange and only use that email address for that specific exchange.
- Enable two-factor authentication for your exchange accounts. This adds a software to your smartphone which adds extra security to your account. Without two-factor authentication, a hacker only needs your username and password to empty your balance.
- Don’t store your wallets and passwords in the same place or an attacker can gain access to both your passwords and your wallet at the same time.
- Never mention what exchange or wallet you use on social media or online forums. Any information you post online can be turned against you.
- Maintain backups of your cryptocurrency wallets and recovery phrases to ensure your coins aren’t lost for good if something happens to your main device.
- External hard drives, USB sticks, and encrypted backup files can be used to secure your recovery options and programs like VeraCrypt can encrypt these sensitive files.
The different types of cryptocurrency wallets include:
- Desktop Wallet: This is installed on your desktop computer and gives you access to and control over your wallet. This wallet is only accessible from the computer on which it is installed and offers a high level of security. However, it’s at risk if something happens to your computer. Examples of desktop wallets are Exodus, mSigna, and Copay.
- Mobile Wallet: This is run from an app on your smartphone for the most convenient but most vulnerable option. These wallets need to be backed up securely; if you lose your phone, or it is compromised, you could lose your cryptos with it.
- Online Wallet: This is a web-based wallet, which means that your data is stored on an online server, making it easier to access it from anywhere. However, since your private keys are stored online with this wallet, they are more at risk of hacking and theft. Examples of online wallets are Coinbase and Blockchain.
- Hardware Wallet: Wallets such as the Ledger Nano S and Trezor are built to specifically hold cryptocurrency and keep it secure. You can turn them into hot wallets by connecting them to your computer, then take it offline once you’re done. You don’t need a specialized device for a hardware wallet, even USB sticks will do.
- Paper Wallet: The most basic form of a wallet involves a pen and paper. Simply write out your private key and you will be able to recover your wallet if you ever lose access to it. You can also print out a QR code for both your public and private key, which avoids storing data digitally, providing a high level of security.
- Wallet Address: Because of the irreversible nature of cryptocurrency transactions, it is very important to ensure that you have entered the correct wallet address. If you send coins to the wrong address, it may not be possible to recover it.
- Special Requirements: When using different cryptocurrencies, it is important to understand how they work before making transactions. Certain cryptocurrencies can have special requirements or safety precautions that should be taken. For example, with IOTA you should always use a new address when you send your cryptos, otherwise your security is reduced. With Ripple, there can sometimes be two parts to the address: a wallet address and a destination tag. If the proper destination tag is not included, the coins you send can be lost or end up in the wrong account.
- Malware & Viruses: Another risk to watch out for are trojans that have been detected lurking on people’s computers. When the victim copies a cryptocurrency address to send tokens, the trojan will swap the wallet ID that was copied for its own malicious wallet address in payment fields. Therefore, pay careful attention to the cryptocurrency address you are sending your cryptos to.
- Phishing: Phishing attacks, Ponzi schemes, and ransomware are all common types of cyber fraud and theft of cryptocurrencies. There have been reports of cybercriminals sending phishing emails with infected attachments that give the attacker access to the victim’s computer and their wallets. Always be vigilant when dealing with suspicious emails and attachments, especially when you are unsure of their source.
Best practice tips to keep you safe when dealing with cryptocurrency exchanges:
- Use a new computer for trading and install reliable antivirus software. Apply operating system patches and antivirus definition updates as soon as they are released. Also, back up your data to offline storage sites on a regular basis.
- After you register with an exchange service, use Google Authenticator with only one IP address whitelisted.
- Enable two-factor authentication for logging in.
- Use a VPN (virtual private network) solution for trading and private communications. (This tip is particularly relevant when you’re conducting transactions with a poorly secured public Wi-Fi because a VPN renders man-in-the-middle attacks futile.)
- Refrain from openly mentioning your personal email. Exchange services usually submit notifications to your registered email ID when you purchase or sell cryptocurrency. By compromising your email account, attackers can track your transactions and perhaps gain unauthorized access to your crypto wallets.
- Safeguard your email account by using a strong password containing uppercase and lowercase letters and special characters. Multi-factor authentication will add an extra layer of security to your email. Keep in mind that the overwhelming majority of cryptocurrency-related hacks are accomplished by compromising a user’s email.
- Use your smartphone wisely. It might be a good idea to get a separate mobile phone exclusively for trading. Also, do not conduct transactions from a smartphone with many apps. By hacking one of these apps, cyber crooks could obtain sufficient privileges to access your private data and blackmail you.
- Do not keep your cryptocurrency on exchanges when you aren’t actively trading. You are much better off storing your own digital cash in cold storage.
- Use a tamper-proof hardware wallet for high-frequency trading.
- Bear in mind that a dependable exchange service requires new users to verify their identity and location prior to making a deposit.
- A reputable exchange provides evidence of cryptocurrency kept in cold storage.
- A trustworthy exchange also participates in cryptocurrency-related events, hackathons and other academic initiatives in this domain.
- Diversify your risks to make sure your trading posture has no single point of failure:
- Consider using more than one exchange service.
- Use decentralized peer-to-peer exchanges.
- Invest in several different cryptocurrencies.
- Stay on top of the markets. Keep track of industry news, examine charts and visit dedicated discussion forums. Familiarize yourself with algorithmic trading. Abstain from trading with more than 30% of your cryptocurrency. Have a plan to convert your coins to fiat money if necessary.
- Follow your intuition to identify red flags. If some big names in the industry quit their jobs, it might speak volumes about the cryptocurrency exchange’s future prospects. For instance, William Dennis Atwood, the director of Hong Kong-based MyCoin exchange, resigned just before the service was revealed as a Ponzi scheme. However, if you see reputable people in the industry join a cryptocurrency exchange, it probably means you are on the right track.
- Steer clear of shady exchanges that ”coincidentally” react to Bitcoin price fluctuations by crashing. When they are back up and running, users might discover that their transactions were completed at a worse rate than they anticipated.
- If it takes the exchange’s customer service operators a long time to respond to helpdesk tickets, that’s a clue suggesting that the service might not be trustworthy.
- In case the exchange engages in high-volume trade campaigns involving altcoins [an alternative to Bitcoins] with a fishy reputation, treat the cryptocurrency exchange with caution. Furthermore, participation in ventures like Initial Coin Offerings may be a sign of a shady exchange. Keep in mind that trading new coins is a slippery slope.
- The cryptocurrency market is full of pseudo-coins and rogue services. Take your time and do your own scrupulous due diligence before trusting an exchange service with your cryptocurrency. Some healthy paranoia is a good thing.