5 Ways to Keep Your Crypto Tokens Safe
If you have been purchasing and trading cryptocurrencies, one of the most crucial things you can do is make sure they are secure. The most common way to buy/sell, send/receive and exchange Bitcoin/Ethereum/altcoins are Coinbase and exchanges, such as GDAX, Poloniex, Bittrex, Liqui and Bitfinex.
The biggest lesson learned from the Mt. Gox hacking a few years back is that none of these exchanges are a good place to hold your beloved cryptocurrency coins.
Each crypto wallet has a public and a private key. The public key allows others to send you tokens and is shared with others publicly in transactions. A private key is only meant for you, and allows you to spend your tokens. You are the only person who is meant to have a private key.
When a third party (e.g. Coinbase, GDAX, Mt Gox etc) holds your private keys in a database and that third party is hacked, your private key can be stolen and you can lose all of your coins.
Below are 5 useful tips to secure your coins.
1. Keep your tokens in a hardware wallet
A hardware wallet is a physical device that holds your cryptocurrency wallet’s private keys isolated from your computer and invulnerable to most common attacks. We highly recommend one!
Advantages of using a hardware wallet are:
- Protection against common attack methods such as computer viruses, malware, phishing attacks and keyloggers, to which online exchanges and online wallets are vulnerable. Read more here.
- Maintain 100% ownership of your private keys. You own the coins not a 3rd party service (e.g., Coinbase, exchanges).
- Private keys are stored with solid encryption and cannot be transferred out of the device in plaintext even if someone stole your hardware wallet.
- You can send and receive coins through a secure user interface (UI) as if you are using Coinbase, compared to a paper wallet, which must be imported to software at some point. Below is what the Trezor interface looks like. Very straightforward to send/receive payments and to view transaction history.
Trezor supports Bitcoin, Ethereum (+ all ERC-20 tokens), Ethereum Classic, ZCash, Litecoin, Namecoin, Dogecoin, Dash, and Bitcoin Testnet. ERC-20 support means you can invest in almost all Ethereum based ICOs and be able to send/receive them from your Trezor, thanks to its new firmware update and MyEtherWallet integration. If you invest in ICOs, Trezor is a great option.
Ledger Nano S supports Bitcoin, Ethereum, Ethereum Classic, Ripple, Litecoin, Dogecoin, ZCash, Dash, and Stratis. Ledger’s current biggest advantage over Trezor is its support for Ripple, a currency with one of the highest market caps.
Keepkey supports Bitcoin, Ethereum, Litecoin, Dogecoin, Dash, and Namecoin.
We use Trezor to store, send, and receive Bitcoin, Ethereum, Augur, Ethereum Classic, ZCash and 10+ more types of ERC-20 cryptocurrencies and would highly recommend it. You can buy a Trezor on its official website or on Amazon.
A common question we get is
Will I lose my coins if I lose or displace my hardware wallet?
The answer is absolutely not, as long as you have your recovery seed somewhere safe. We experimented with recovering our Trezor using our seed and it’s a very easy and seamless process. More on recovery here: https://doc.satoshilabs.com/trezor-user/recovery.html
A cool but fully optional gadget for keeping your seed extra safe is Cryptosteel. It allows you to put your recovery seed in an indestructible steel surface.
2. Alternative wallet options
If do not want to spend money on a hardware wallet, you can use one of the alternatives below.
The three safest alternatives to hardware wallets are Coinbase Vault, paper wallets and desktop wallets. Neither are as safe as hardware wallets, but are all entirely free.
Coinbase Vault is Coinbase’s offering to keep your Bitcoin and Ethereum coins secure. While we still would recommend a hardware wallet if you have a lot of money invested in cryptocurrency, Coinbase Vault is a good, safe bet for keeping small amounts of tokens secure.
Paper Based Wallets
A paper wallet is a piece of paper that has your private and public keys written on it. You can use a few online tools to send and receive tokens using both keys.
Similar to hardware wallets, advantages of using a paper wallet are protection from malware and keyloggers, and 100% ownership of your private keys.
Disadvantages of paper based wallets are:
- No nice UI like hardware wallets. You need to use Electrum or blockchain.info to spend your coins.
- Using paper wallets can be tricky as you can lose some of your tokens if you don’t use them properly due to change addresses. Read the section “Spending From a Paper Wallet” here.
Use paper wallets if you plan to buy & hold your tokens for years. If you want easy send/receive functionality, paper wallets aren’t for you.
Blockchain.info is the best paper wallet option out there in our opinion.
Desktop wallets are wallets that live on your PC or Mac. They are as easy to send/receive tokens with as hardware wallets, but they are as secure as your computer is and are more vulnerable to software viruses and hacking. If your computer is hacked, your private keys could be copied and your coins could be stolen.
Below are good desktop wallets for specific currencies:
- Stellar (XLM): Official Stellar Desktop Client as recommended by Stellar on its website
- Ripple (XRP): Official Ripple Desktop Client.
If you use a desktop wallet, make sure your private key file is very safe. The best place to put it is a physical hard drive disconnected from your computer. Keeping it in your iCloud or Dropbox, albeit convenient, makes you vulnerable to any security vulnerabilities that Dropbox or Apple might have.
Online wallets are services that keep your private keys. We do not recommend them. If they get hacked, you can lose your coins.
3. Set up 2 Factor Authentication (2FA) — ideally with Google Authenticator — on every service you use
One of the best things you can do to make sure your accounts don’t get hacked is to enable 2FA on them.
- Google Accounts
- Crypto Exchanges: All exchanges that we know of support 2FA with Google Authenticator
- Facebook: Because a lot of apps use Facebook authentication, the more secure you make your Facebook, the better.
4. Purchase two Yubikeys
SMS based 2FA is not safe enough.
Google Authenticator‘s Time-based One-time Password (TOTP) implementation of 2FA is inadequate. Read this blog post to see why.
The optimal solution? FIDO/U2F based 2FA. The best product for 2FA with FIDO/U2F is Yubikey.
Yubikey requires you to physically insert a USB device into your computer to log into your Google, Facebook, or Dropbox accounts. You carry this device on your keychain. Yubikey is easier to use than Google Authenticator and more secure.
If you have an Android phone that supports NFC and a PC/Mac with normal USB ports, buy two of this Yubikey.
If you have a PC/Mac with normal USB ports, buy two of this Yubikey.
If you have a PC/Mac with USB-C ports, buy two of this Yubikey.
The reason you want two Yubikeys is to keep one as a backup in case you lose the one you carry around with you.
Please remember Yubikey currently does not work with most exchanges. Google Authenticator should be the go-to alternative in these services.
A common question we get is:
“Trezor and Ledger Nano S tell me they have the same U2F functionality as Yubikey — why not use them instead of Yubikeys?”
While you can use your Trezor/Ledger Nano S as an equally secure 2FA option, they are not a replacement for a Yubikey. We strongly recommend you to keep your hardware wallet somewhere stationary and safe. If you want to access your accounts anywhere you go, you want your main Yubikey with you at all times, and your backup Yubikey somewhere safe.
5. Apply basic security common sense
- Do not use the same password in multiple services.
- Pick strong passwords (password managers like 1Password help).
- Enable the best 2FA security option (Yubikey > Google Authenticator 2FA > SMS 2FA) wherever you can based on the service you use.
- If you use a hardware wallet, keep your paper recovery seed somewhere safe.
Hope this helps and good luck with your crypto investment journey! This is the first blog post in our blockchain security series. Expect more to come soon.
Who are we?
Deniz Kahramaner is an Advisor at Accompany and StackShare. He previously led data, growth and analytics at big data startup Accompany ($20M Series B). BS in Electrical Engineering & MS in Computer Science at Stanford University.
Vlad’s and Deniz’s interests include fintech, real estate, cryptocurrency and artificial intelligence. They have been active investors in cryptocurrency since 2011 and real estate since 2008.