The Ultimate Guide to Never Get Your Cryptocurrency (Bitcoin) Stolen
The bitcoin industry has grown over the last decade, transforming from being a geek’s hobby to a standalone sector that lawmakers and big companies are taking note of. From buying pizza to being one of the major performing assets in the last few years, bitcoin is playing a huge role in introducing a lot of people to cryptocurrencies.
But this growth has also attracted the attention of criminals who are out to steal the digital assets from unsuspecting holders.
Once you lose your cryptocurrencies, there is no way that you can get back them again. This is different from fiat money which you can lose in the street and is owned by the lucky person who picks it up.
Cryptocurrency is digital money and there are so many sophisticated and complex ways that can be used to steal it.
How crypto is stolen or lost
There is quite some bit of confusion when we talk about losing your cryptocurrency, particularly bitcoin. Cryptocurrencies such as bitcoin reside on a permanent and distributed ledger called the blockchain. This ledger keeps a record of all the transactions of the cryptocurrency in question.
No one really owns the cryptocurrency. What you own is the private and public keys, the addresses that allow you to send and receive the digital assets.
In essence, you don’t lose your cryptocurrency, you only lose the keys, or technically, the right to send or receive your digital assets.
There are several methods that criminals resort to when they want to steal your digital assets, and sometimes may even have nothing to do with you, even though you can avoid it by knowing how to best safeguard your digital currency. Here are examples of how your cryptocurrency can be lost or stolen:
Exchange hacks
I will start by telling you that cryptocurrency exchanges are moving targets for hackers and other cybercriminals. This is because exchanges are what are known as hot wallets – cryptocurrency wallets that are constantly connected to the internet.
Another reason why exchanges are targeted is because of the large number of digital currencies at their disposal. They are nothing but digital gold mines for criminals.
The history of cryptocurrency exchange hacks is not flattering either. This has prompted lawmakers all over the world to step in and try to regulate the industry in the interest of protecting investors from losing more crypto in the future.
The Mt. Gox hack
Launched in 2010, Mt. Gox quickly rose to prominence end between 2013 and 2014, it handled more than 70% of all bitcoin transactions worldwide, making it one of the largest crypto firms at the time.
However, its success story was short-lived after reports broke out that the exchange had lost 850,000 bitcoins (BTC) (valued at $450 million at the time) in customer and company funds. 200,000 BTC were later found.
The exchange filed for bankruptcy and the investors who lost their money are still fighting for compensation.
Coincheck hack
Coincheck, another Japanese-based cryptocurrency exchange lost nearly $530 million in NEM in January 2018 in one of the biggest heists the industry has ever seen. The exchange was acquired by the Monex Group four months later.
As the details of the hack emerged, it became clear that the hack was not entirely because of the ingenuity of cybercriminals, but because of the exchange’s reluctance to implement strong security measures in place.
Coincheck stored all their NEM tokens in a single hot wallet, making it easy for hackers to get away with a large stash of money. They broke two security simple rules of thumb:
- Do not keep all your eggs in one basket.
- Use a multi-sig wallet for large transactions. This adds a new layer of security.
Binance exchange
The Binance hack was not on a massive scale as the previous two as the thieves only got away with 7,000 BTC or $40 million at the time. It is significant because Binance is one of the largest exchanges in the world by traded volume, and has managed to put in place strong security features. However, it was still not immune to hacking.
Binance was forthcoming about the hack, with the exchange’s CEO and founder Changpeng Zhao stating that the masterminds of uses multiple techniques such as viruses and phishing to penetrate the marketplace.
Summing up the hacks
There is no doubt that exchanges drive the crypto market by providing liquidity to people and entities that want to buy, sell, and trade cryptocurrencies. However, due to a large number of digital currencies they have in their hot and cold wallets, they are the first firms to be targeted by hackers.
As a practical example, North Korea is alleged to have amassed $2billion to finance its missile developing projects by launching cyberattacks on cryptocurrency exchanges and financial institutions.
Exit scams
The crypto industry is still swimming in unchartered waters, exposing the players to a wide range of exit scams perpetrated by exchanges, token creators, crypto brokerages, and all those in between.
According to crypto detective firm CipherTrace, 2019 is shaping up to be the year of exit of scams with more than $3.1 billion lost through exits this year alone.
QuadrigaCX scandal
Perhaps one of the most controversial exit scams in recent memory is the QuadrigaCX scandal. Quadriga, which rose after the fall of Mt. Gox to become one of the largest cryptocurrency exchanges in Canada, became the center of attention when it could not locate $190 million in fiat and cryptocurrency after its founder, Gerald Cotten, mysteriously died on honeymoon in India in late 2018.
This scandal raises more questions than answers because it involves identity changes, a sudden death, a last-minute will, and a marriage.
While the death of the founder was the final nail in the coffin, the early signs for its collapse were there. The exchange faced financial difficulties throughout the year leading to Cotton’s death, making the whole saga even more suspicious.
After his death, the exchange claimed that Cotten was the only one who had access to the funds. In short, this means that the money may be gone for good, especially in the case of crypto.
Other scandals
There have been several other scandals that have seen ordinary lose their crypto holdings. Plus Token, a South Korean exchange pulled off a classic scheme which set back Japanese, Chinese, and South Korean investors as much as $2 billion.
The crypto industry is a good target for exit scams because anyone can create their own digital asset, launch an initial coin offering (ICO), promote it, and take people’s money. The scammers can do this because they operate on a promise rather than a working product. After some time, the bad actors who collect the funds from investors disappear with the money and that’s the end of it all.
Many people lost money at the height of the ICO bubble in 2017 and 2018. This was mainly due to the promise of crazy returns on their investment.
Phishing techniques
Phishing techniques are on the rise. You could be targeted through emails, fake URL links to popular websites and exchanges, and malware.
How to protect your cryptocurrency
Protecting your cryptocurrency from theft is an art that you need to master. It is something that you need to constantly update yourself on because criminals are now relying on more than one method to steal your digital assets. Moreover, they are improvising on a daily basis, making it even more difficult to stay on top of the game.
Here are some of the important tips to help you safeguard your cryptocurrency against theft:
Know the different types of wallets, and choose the right one
We have already mentioned that one of the most interesting facts about decentralized cryptocurrencies is that you don’t actually own them. The cryptocurrencies permanently live on the blockchain, a transparent and immutable ledger that keeps a complete record of all the transactions on the network.
To send and receive the digital asset, you need a digital wallet. A bitcoin wallet is simply a set of private and public keys that allows you to send, receive, and store your digital wealth. The keys give you access to your cryptocurrency residing on the blockchain.
There are several types of bitcoin wallets, and they each offer different levels of security.
Online wallet
An online wallet is one that is mostly connected to the internet and runs on the cloud. They are convenient because they can be accessed from any device as long as it is connected to the internet.
Online wallets are very practical and make it easy for you to travel from place to place without having to carry a dedicated device for your wallet. Unfortunately, online wallets, also called hot wallets, are prone to hacks and require additional layers of security. You need to be very careful about them because they have a documented history of being hacked.
Mobile wallets
Mobile wallets come in the form of applications that are installed on your mobile devices such as smartphones. They are very convenient as you can easily use them to pay for goods or services in physical stores.
To use the wallet, you first need to install the application on your phone and register an account. They are generally regarded as a safer option than cloud wallets. The risks associated with mobile wallets include the loss or breakdown of your phone.
Desktop wallet
Desktop wallets are computer programs that are installed on your computer. They are only accessible from the devices they are installed on. There is a possibility that you may lose all your cryptocurrency if your computer is destroyed or hacked.
Hardware wallet
Hardware wallets are hardware devices used to store your cryptocurrencies. They usually take the form of a USB drive. They are capable of making online transactions but they spend most of their time offline. This is one of their strongest points as they are less susceptible to online attacks.
Hardware wallet manufacturers make their devices compatible with various web interfaces. They are very expensive, but also very safe.
Paper wallet
A paper wallet refers to the printed copy of your private and public keys to your digital wallet. It is one of the safest methods out there.
How to ensure the security of your digital currency on your wallet
While there are various types of wallets, they can all be grouped into two categories: hot and cold wallets. Hot wallets are connected to the internet and cold wallets are not.
The secret to safeguarding your cryptocurrencies lies in how well you use the two in an efficient and secure manner. You must strive to store the bulk of your digital assets in a cold wallet and only transfer a small portion that you want to use for transactions in a hot wallet.
You should also utilize additional layers of security to keep your assets safe. You also need to be aware of the following:
- Keep your software updated – try to update your software wallet as often as possible. This is mainly because updates patch vulnerabilities found in your wallet.
- Wallet back up – remember to back up your wallet software. You will be able to recover your assets in case of damages.
- Protect your keys
- Do not access your wallet from the same browser. Browser extension malware can be used to gain access to your cryptocurrency wallet.
1. Your exchange is not your bank
Over the last few years, cryptocurrency exchanges have become the new playing ground for cybercriminals who have stolen billions from these marketplaces.
Although many of them are beefing up their security systems, the exchanges will always remain susceptible to attacks. The best way to avoid being a victim from these losses is to keep your cryptocurrency away from exchanges.
You must be the custodian of your digital assets. Only keep the assets you want to use for trading on exchanges and keep the rest on your private wallet managed by you. The majority of exchanges are not legally bound to reimburse your assets if they are stolen. This makes it even harder to trust exchanges with your cryptocurrencies.
2. Do not keep your eggs in one basket
You have heard that it is not a good idea to put all your financial eggs in one nest. This is true for the cryptocurrency in your personal wallets.
Have as many wallets as possible and make sure that you do not stash all your holdings in one account. If one of your wallets is compromised and cryptocurrency is stolen, you will have the comfort of holding onto what has been left in other wallets. Just imagine if you had kept all your cryptocurrencies in one wallet and it got hacked?
Only store your digital assets in wallets you can trust, most preferably on cold wallets.
3. Be aware of phishing
Phishing techniques are on the increase but you can beat them by looking out at the following:
- Check English grammar – the majority of phishing emails are typically written in bad English and should be a red flag if you detect it. A company that you are investing your money in should at least hire a professional writer to produce well-written content. A few mistakes are acceptable but not the whole email.
- Suspicious email addresses – if you see suspicious email addresses, then you better stay away from them. You can easily spot a company email address when you see it.
- Don’t give away your password or email address – This goes without saying but never give your private keys to anyone, even those close to you.
- Verify wallet addresses – Do not be quick to send digital currencies to unknown wallet addresses. You should verify them first.
- Check URLs – There are many phishing sites that are created to mimic an existing website but they are only created to con people. Only visit a website with the green secure lock. As an example, Libra, Facebook’s yet-to-launch cryptocurrency already has phishing sites.
4. Do not blindly invest in ICOs
Gone are the days when a white paper was all you needed to read before investing in initial coin offerings. Many unsuspecting investors lost a big chunk of their money buy into an idea in which the creators were not keen on implementing.
Do your own due diligence before investing in ICOs. Take your time to read the white paper, scrutinize the founding team, and see if the business model is viable. Avoid hype and run away from ICOs that thrive on marketing language rather than providing the technical details of the project.
5. Use trusted networks
Make transactions on secure computer networks that you trust and know that no one may be spying on your online activities. There is no need to use public networks when it comes to your money because it can have very severe repercussions.
6. Keep your investments to your self
Do not be tempted to follow the trend of sharing everything about your life on social media. Do not openly talk or mention about the amount of money you have invested as you attract unwanted attention to yourself.
The criminals with either try to hack you or they will commit a physical crime to get to your private keys. In April 2018, a crypto YouTube influencer Ian Ballina was hacked while streaming a live ICO review. He lost millions in crypto.
7. Use custody solution
Over the last few years, institutional money has been flowing into the crypto space and this is one of the reasons why custody solutions are appearing from many angles. Companies or high net worth individuals can turn to these professional services in order to safeguard their digital assets.
8. Be careful with passwords
In this day and age, we have so many accounts ranging from email, social media, to digital wallets and remembering these passwords can seem like a hard and tedious task to do. Many people use the same password for all their accounts because a single password is easy to remember. It sounds convenient, but also dangerous.
Do not recycle passwords and make sure that each is a mix of letters, uppercase & lowercase letters, symbols, and numbers. Also, try to make your password as long as possible to make it difficult for hackers to use a brute force attack to crack your password.
Hackers need around 2.5 hours to crack an eight-character long password using a brute force attack. It is also advisable to constantly change your password after a few months.
9. Monitor browser extensions you install
Many browser extensions on the market can greatly improve your online experience. You don’t need to be reminded that the internet is also full of malicious browser extensions that capitalize on unsuspecting users who grant the plugins more permission than necessary.
Some of the plugins can initially sound like what you need, or even push it to the point that you think you are the one who is winning. It may be true, but the plugins can secretly steal anything on your computer – from private keys to passwords.
Doing due diligence before installing a browser extension might potentially save you from a future disaster. Read the reviews of the plugin you want to install.
10. Install an anti-virus program
Many people complain that anti-virus programs place a heavy load on their systems, causing them to run slow. But they are necessary because they protect your devices from viruses and malware. Downloaded malware can steal your cryptocurrency using several techniques. Malware can steal browser cookies from your favorite crypto exchanges or passwords you saved on Chrome.
The malware can bypass your 2-Factor Authentication and log into your accounts where your crypto is.
Conclusion
You are on your own when it comes to cryptocurrency because unlike banks and other financial institutions, you have no insurance for the theft or loss of your digital assets. There are a lot of benefits of being the bank to your own cryptocurrency, but you are required to put effort into securing your digital wealth.
The tips given above should help you to protect yourself and assets against theft and losses. Remember to never put your cryptocurrency in one basket and your private keys should not be shared with anyone.
Institutional investors who don’t want to constantly think about the security of their digital assets should engage the services of professional custodial solutions, but they will have to pay a high price for this.