Crypto Security For the aspiring trader or investor
So you heard about bitcoin or crypto. Maybe through the news, maybe a friend suddenly showed up in a new Maserati after bumming money off you for years. Doesn’t matter, you want in on what amounts to the gold rush of our era. I feel ya, chase that money. But before you do, I am gonna lay out the guidelines you need to follow to protect yourself and your cryptocurrencies from any malicious actors out there.
Why is security so important in crypto?
So if your credit card gets stolen, or your paypal gets hacked. and some asshole from Florida (and it’s always some asshole from Florida) goes on a shopping spree with your hard earned dollars, you can contact your credit card company or Paypal and get your money back. This is a feature of the centralized marketplace we operate in today. In the crypto world, if someone gets access to your accounts or wallets and sends the funds elsewhere, they are gone, for good, like forever, with almost zero chance of getting it back.
This is why it is important to protect your funds. Thankfully, with a bit of prep work it is actually really easy to keep yourself secure, so let’s get to it.
Secure your cell provider:
This is an interesting one to put first, but I feel like it is a weak link almost everyone forgets. Here’s a video showing how easy it can be:
My recommendation is you restrict access to make any changes to your cellphone account and any numbers attached to it to you alone. I would also restrict/ban any number porting requests. The process varies by service provider, but those 2 things should keep any social engineering attempts from fucking you.
Secure email accounts:
The next step is limit access to any emails used for account creation on exchanges. First off, make note of what email you are using with your cellphone account, now never EVER use that email address for anything crypto related :)
If you plan on using a gmail account, disable phone recovery. This ties into the previous point. A lot of times hackers will get your cellphone number ported and use that to recover your gmail account with the hope that you used that when signing up for exchanges.
My preferred strategy is a simple one, use a unique email account for each exchange you sign up for. I’d recommend tutanota.com or protonmail.com with a very unique username and password for each email address created. I currently use lastpass to store all my passwords, but I have ordered a hardware password protector called mooltipass (shout-out to The Fifth Element) and will let you guys know how awesome/not awesome that is. You can order one here: www.themooltipass.com. If you don’t want to store your email/password combos digitally, simply go old school with a pen and paper.
Registering at exchanges:
So you have got yourself a boatload of emails to use, they are weird and wonderful and have ridiculous passwords keeping them safe. Time to go register at the various bitcoin/altcoin exchanges. Most of them use your email address as the login, but if they have the option for a username make sure to use a different one at each website. Do not recycle passwords, use a new and unique password for each exchange. This should go without saying.
2FA Saves the Day:
Once you can login to your accounts, the FIRST thing you will is enable 2FA on them. You have a few options on how to do this. The easy way is to download the google auth or authy app on your cellphone and use that. The extra secure way is to get an old tablet or cellphone, factory reset it, connect it to wi-fi long enuff to install either app, then never let it on the internet again. The app can add accounts just fine without a connection.
The option to turn this on is normal under account settings or a security tab. Most exchanges offer multiple security/2fA options, always go with Google Auth. Once you choose that option, a QR code will appear that you can scan with your app, it looks something like this:
You will also have a string of characters displayed with it. This is your secret seed and can be used to re-create the 2FA account for this website manually in case something happens to your phone. WRITE it down, don’t store it on your computer. If someone gets hold of it they can basically re-create your 2FA account, not good. Once you have scanned the QR code and given that account a name in the app, it will generate a timed 6 digit code that you need to enter into the website to turn on 2FA. Some exchanges will actually give you the option as to what actions require 2FA, always make sure login and withdrawal are selected, the others are up to you. Once that is done, your exchange account is secure!
For those of you that want to use authy, here is a good write-up from them on how best to secure it: https://authy.com/blog/understanding-2fa-the-authy-app-and-sms/
Last but not least, securing your actual coins:
Alright, we’ve taken all the necessary steps to protect our accounts. Now we can buy some bitcoin, or any other random shitcoin. What now? You can keep it on an exchange, but with the understanding that if your account get hacked (unlikely with the steps you have taken), or more likely if the exchange gets hacked, you could lose your funds. Most traders will keep short term “bags” (this is what we call the cryptocurrencies we buy, as in “I bought a bag of ripple today”) on exchange. If you are doing long term trades or are an investor, you will want to move the coins off exchange into a wallet.
The safest place is a hardware wallet such as a Trezor, https://shop.trezor.io/ or a Nano Ledger, https://www.ledgerwallet.com/r/4022. These devices do support a limited number of altcoins as well as bitcoin, and require a small bit of setup that I can get into in a later article if need be.
Your next best bet is the official wallet software of the coin you are looking to store. I recommend installing it on a separate computer if possible and limited that devices internet access, reconnecting it intermittently to keep the blockchain(s) up to date.
To find the wallet, go to www.coinmarketcap.com,use the search bar to find the coin you are looking to store, and then use the social links to go to the website and download the official wallet. Please note that some coins require a lot of GB of space to download the blockchain.
Once the wallet has been installed and the blockchain synced, go to settings and encrypt the wallet. This will prevent anyone who does not know that password from being able to send your coins elsewhere should they get access to that device.
I would also recommend copying the wallet.dat file to a usb backup. This can be found in c:\users\<username>\AppData\Roaming\<coinname>. You will have to enable view hidden files to get there. Password protect and hide said USB drive.
By following the guidelines above, you will be able to eliminate the 99% of the risk of losing your coins. Outside of a few exceptions and maybe getting a keylogger installed, I am confident in saying that this will protect your cryptocurrency investment.
Just don’t lose your passwords!