Every cryptocurrency investing scenario starts with providing security to your digital funds. That is the main reason why choosing a reliable Bitcoin wallet is one of the most-discussed topics on beginners’ threads on every single cryptocurrency-related forum on the web.
Before you start making money, you have to make sure it’s going to be safe.
But how one can be one hundred percent sure their funds are well protected? Is it possible to hack a crypto wallet? What steps can you make to make sure it never happens to you?
Your tactic depends heavily on the type of crypto wallet you’re using.
Based on a report, businesses are the main target of cybercriminals closely followed by exchanges. We’ve all heard those bogeyman stories about exchanges being hacked and Bitcoins that were lost forever, but people often prefer to think that bad things only happen to others.
The reality is, in fact, quite the opposite – exchange hacks are all too common these days. In the 2019 alone, twelve crypto exchanges were hacked. According to Cointelegraph, last year hackers got away with $292,665,886 worth of cryptocurrency and 510,000 user logins.
The truth is, keeping crypto on exchanges is like buying a sports car and only driving at a low speed. Exchanges use the concept of custodial wallets. When keeping your assets in an exchange wallet, you voluntarily give them the right to manage your crypto.
To provide faster user experience, exchanges keep customers’ funds in hot wallets, so they are able to quickly execute transactions on the Bitcoin (or any other) network whenever it’s required. Although this strategy significantly increases the speed, the crypto funds become vulnerable to cyber-attacks.
But why do the majority (92% according to the Binance research) of people still prefer to store their funds in custodial wallets?
There are two possible reasons for this:
- The lack of information on basic crypto security rules
- Buck-passing – you don’t need to take any security precautions yourself, remember mnemonics, protect your devices from malware, etc
Investing in cryptocurrency, considering its volatility, is risky business by itself, so why jeopardize it even more?
The golden rule of Bitcoin: keep your crypto in a client-side wallet that provides you with full control over your money.
Hardware crypto wallets are often viewed as one of the safest solutions to guard your digital assets. A little device that looks like a regular USB-drive that you can buy for as little as $60 serves as offline storage and is good for storing the funds that you don’t plan to move, sell, or exchange for a while.
Although hardware wallets provide their owners with maximum security, apparently they aren’t entirely invincible.
A group of security researchers set out a goal of hacking a hardware wallet and eventually managed to succeed. Depending on the model of the device, they demonstrated several ways a given type of wallet could be compromised.
4 ways to hack a hardware wallet:
- Allow the wallet to confirm an outsider’s transactions by hacking into a poorly-protected general-purpose microchip
- Control the wallet via a hardware implant
- Using side-channel attacks
- By implementing a hacking technique called voltage glitching
However, all of these methods require physical contact with your crypto wallet device which in most cases is a nearly impossible task.
Non-Custodial Software Wallets
Non-custodial crypto wallets, including mobile, desktop, and web wallets, offer an advanced level of security by storing private keys on users’ devices. So unless a hacker manages to get access to the device via malware or trick you into giving away your private keys or mnemonics, your Bitcoins will remain effectively protected.
The good news is that there aren’t so many fraudulent techniques out there and most of them are quite elementary, so once you’re aware of the main concept, you’ll have no difficulty in protecting yourself.
The second golden rule of crypto security is to always use the two-factor authentication for an advanced level of protection.
Apart from sending out phishing emails, scammers get in touch with their victims via Telegram, Facebook, and other social media. Usually, they impersonate a staff member of the wallet provider and their goal is to get access to your private keys or mnemonics – they would ask you to fill in a form for the sake of security check-up or bluntly reach out to people who are seeking help.
On Facebook, scammers may create a fake profile that looks exactly like the real profile of the wallet with its name and logo and leave comments under the original posts saying the wallet is hosting a giveaway and whoever sends some Bitcoin to this address will immediately receive twice as much. Additionally, they may leave a few more comments as supposedly excited users who did as they were advised and got the reward.
On Telegram, it is not infrequent that scammers make a copy of the admin’s account and change a few letters in their user name and reach out to the group members in an attempt to steal personal info.
- Whenever you’re being contacted by a person who asks you to share your private keys, mnemonics or other sensitive info, take a screenshot of the message, report and ban this account and let the wallet team know about the issue.
- Double-check all URLs and never click on random links.
Monty Manford, a BBC editor, has shared his sad crypto wallet story about losing $30,000 worth of Ether. He decided to store his assets in the old-fashioned way and use a paper wallet. He felt that printing out his set of keys was not enough and kept a copy of his private key in the draft of Google Doc file. As you might have guessed, it wasn’t long before he found his wallet empty.
Hacking into mail servers is no rocket science, so leaving your sensitive info in the cloud is a very bad idea.
Use password managers to store your passwords, PINS, and mnemonics.
Malware Crypto Wallet Hacks
Statistics show that the number of mobile crypto-jacking malware increased from 8 different types in 2017 to 25 types by mid-2018.
One type of malware is so-called keyloggers, which copy passwords, mnemonics, PINS and send them back to hackers. Another harmful software would replace the wallet address you’re pasting before you make a transaction.
Apart from the above-mentioned malware, there are all kinds of Trojans and other viruses that can mess up your device and leave you penniless. The only way to protect yourself against them is to use a decent antivirus solution.
Make sure that your virus scanners stay updated and get in the habit of running the system checks on a regular basis. Do not use random flash drives and do not click on suspicious links on the web.
Fake Crypto Wallet Apps
Be careful when downloading your new bitcoin wallet as practice shows that sometimes the scammer’s phishing version of the app somehow manages to slip through the security check and make it to the Google App Store.
When downloading a wallet from the App store, use the links from the wallet’s official website and check the number of downloads and reviews.
The Bottom Line
Client-side crypto wallets offer a much stronger level of security than exchange wallets, but the responsibility of protecting your device lies with you. As long as you’re cautious, sensible and responsible, your crypto funds will stay intact.
You should never give access to your private keys and mnemonics to anyone, no wallet provider would ever need this info to fix your wallet issue. Using anti-virus software and two-factor authentication is a must.
Stay safe and don’t forget to backup.