It’s hard not to be enticed by the craze and hype surrounding cryptocurrencies, especially as the prices of two popular digital currencies, Bitcoin and Ethereum, have spiked since the beginning of the year. But is Bitcoin safe?
The dangers of dealing with cryptocurrencies are just as real as the money-making opportunities. There are many ways you can lose your digital fortune in a flash, especially as hackers have set their eyes on the masses of new users rushing to open up crypto-wallets and invest in Bitcoin and other digital tokens as the prices surge.
So, if you’re one of the millions of users who jumped on the Bitcoin bandwagon in the past few months, this guide will help you protect your cryptocurrencies against the threats that riddle the landscape.
How to protect your Bitcoin
1) Avoid address errors
One of the most attractive aspects of cryptocurrencies is the immediacy of payments. An address is all you need to make a payment to a seller, friend, or employee. Likewise, in order to receive payments in crypto, you only need to provide your address. There’s no middleman to verify the transaction, and as long as it’s a valid address, the payment will go through.
However, this can also lead to some terrible errors. A typo can send all your coins to the wrong address, accidentally enriching some random lucky person or a lurking hacker. And in case you didn’t know already, transactions made in Bitcoin and other cryptocurrencies are irreversible, so there’s no way you can recover the funds you’ve sent to a wrong address.
The first order of business should be to protect yourself against… yourself. Avoid typing Bitcoin addresses manually when sending or receiving payments. It’s very easy to mistake an “0” for an “O,” a “1” for an “I,” or to miss and displace characters when typing in an address. Use QR codes when available, or copy and paste addresses when making or receiving payments.
Also, double-check your final address before submitting a payment. Even copying and pasting can go wrong if your computer is infected with address-manipulating malware. CryptoShuffler, for example, sits in the background and monitors your clipboard. Whenever you copy a Bitcoin address (presumably to paste it into an online payment application), it swaps it with its own address. Therefore, if you’re not wary, you’ll end up sending your money to a hacker’s address. CryptoShuffler has so far succeeded in collecting more than $150,000 for its developers.
2) Keep your Bitcoin wallet secure
Most hackers go after the money, and online Bitcoin wallets are attractive targets. A very real threat to avoid is phishing scams. Malicious actors will try to trick you into giving away your username and password by sending you links to fake login pages that mimic that of your online wallet. They could install keylogger malware that steals your password as you type it or by using some other devious method.
Having an updated antivirus software will protect you against most malware, but social engineering attacks such as well-targeted spear-phishing emails are more complicated and can get past even the best security tools. As a rule of thumb, never click on email-embedded links to your online wallet, even if they look like they point to your online wallet website. Either use a bookmark or type the address manually.
You should also enable two-factor authentication (2FA) on your online wallets. Two-factor authentication ties a physical device to your wallet, whether it’s a phone, an authenticator app such as Google Authenticator, or a physical key such as the Yubikey. Whenever a user wants to login to your account, they’ll have to present proof of the second factor. This could mean typing a one-time password that appears in the authenticator app or inserting their physical key into the computer. With two-factor authentication, even if a hacker manages to steal your password, they won’t be able to access your account.
Most wallets give you granular control over 2FA settings, such as applying it to login attempts, payments, or both.
Most online wallets also enable users to recover their password through the email that is linked to their account. This means that hackers will be able to break into your wallet if they hack your email. This stands true even if you’ve set up two-factor authentication for your wallet.
In order to minimize the threat of an email takeover, use a separate email for your online wallet, and use a secure provider such as ProtonMail or Lavabit.
3) Use an offline Bitcoin wallet
Before I tell you why you should use an offline wallet, here’s a brief primer on how cryptocurrency security works. Bitcoin and other cryptocurrencies are based on public/private key encryption. For every Bitcoin address, there’s a public encryption key, which everyone can use to send you funds. There’s also a private key, which only you should be able to access. The private key is what enables you to make payments from your account to others. If someone gets hold of your private key, they will be able to siphon all your funds to their own address.
Most online wallets store your private keys and keep them secure. And to be fair, they have reliable security. But every once in awhile, even the most secure services fall victim to data breaches. In 2014, famous Bitcoin exchange Mt. Gox was robbed of 850,000 bitcoins, worth $460 million at the time (in current BTC prices, the hack would be worth $9.5 billion). Last year, Bitfinex, another popular cryptocurrency exchange, lost $60 million worth of Bitcoin to hackers.
The point is, no matter how secure an online wallet is, it can be hacked. An alternative is to use an offline wallet, also known as a cold storage. Offline wallets give you full control of the private key and don’t store them in an online service. Trezor and Ledger are two popular offline hardware wallets. You can also opt for offline software wallets, such as Electrum and MyEtherWallet, or paper wallets.
Take note that, as Alexandr Nellson explains in this excellent Medium post, using an offline wallet securely is much more complicated than the online wallet experience, so you might want to keep a small amount of crypto in an online account for day-to-day transactions and have an offline wallet for large quantities of cryptocurrency.
Another consideration is that offline wallets can be a double-edged sword. They will protect you from data breaches at major service providers but will also give you full responsibility to protect your private keys. If you forget your wallet’s PIN code, lose the key or the seed, or destroy the private keys accidentally, no one will be able to help you and your bitcoins will be lost forever.
We might be laughing at offline wallets in a few years. You could compare it to earlier generations stashing their money under the mattress instead of putting it in a bank. But for the moment, cryptocurrencies are still a nascent field and they’re unregulated, so you’re pretty much on your own.
Hopefully, this guide will help you navigate your way through the exciting world of cryptocurrencies. Go and make your digital fortune, and stay safe.
Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.