5 Ways to Keep Your Crypto Tokens Safe
(Updated on January 2018 with additional recommendations and best set of tools)
If you have been purchasing and trading cryptocurrencies, one of the most crucial things you can do is make sure they are secure. The most common way to buy/sell, send/receive and exchange Bitcoin/Ethereum/altcoins are Coinbase and exchanges, such as GDAX, Poloniex, Bittrex, and Liqui.
The biggest lesson learned from the Mt. Gox hacking a few years back is that none of these exchanges are a good place to hold your beloved cryptocurrency coins.
Why?
Each crypto wallet has a public and a private key. The public key allows others to send you tokens and is shared with others publicly in transactions. A private key is only meant for you, and allows you to spend your tokens. You are the only person who is meant to have a private key.
When a third party (e.g. Coinbase, GDAX, Mt Gox etc) holds your private keys in a database, if that third party is hacked, your private key can be stolen and you can lose all of your coins.
Below are 5 useful tips to secure your coins.
1. Keep your tokens in a hardware wallet
A hardware wallet is a physical device that holds your cryptocurrency wallet’s private keys isolated from your computer and invulnerable to most common attacks. We highly recommend one!
Advantages of using a hardware wallet are:
- Protection against common attack methods such as computer viruses, malware, phishing attacks and keyloggers, to which online exchanges and online wallets are vulnerable. Read more here.
- Maintain 100% ownership of your private keys. You own the coins not a 3rd party service (e.g., Coinbase, exchanges).
- Private keys are stored with solid encryption and cannot be transferred out of the device in plaintext even if someone stole your hardware wallet.
- You can send and receive coins through a secure user interface (UI) as if you are using Coinbase, compared to a paper wallet, which must be imported to software at some point. Below is what the Trezor interface looks like. Very straightforward to send/receive payments and to view transaction history.
Trezor, Ledger Nano S and Keepkey are the best three hardware wallets out there.
Trezor supports Bitcoin, Ethereum (+ all ERC-20 tokens), Ethereum Classic, ZCash, Litecoin, Namecoin, Dogecoin, Dash, and Bitcoin Testnet. ERC-20 support means you can invest in almost all Ethereum based ICOs and be able to send/receive them from your Trezor, thanks to its new firmware update and MyEtherWallet integration. If you invest in ICOs, Trezor is a great option.
Ledger Nano S supports Bitcoin, Ethereum, Ethereum Classic, Ripple, Litecoin, Dogecoin, ZCash, Dash, Stellar, NEO and Stratis. Ledger’s current biggest advantage over Trezor is its support for Ripple, a currency with one of the highest market caps. Ledger also supports ERC-20 tokens with MyEtherWallet integration.
Keepkey supports Bitcoin, Ethereum, Litecoin, Dogecoin, Dash, and Namecoin.
We use Trezor to store, send, and receive Bitcoin, Ethereum, Augur, Ethereum Classic, ZCash and 10+ more types of ERC-20 cryptocurrencies and would highly recommend it. You can buy a Trezor on its official website. We do not recommend buying on Amazon, as resellers could hypothetically tamper with the hardware before shipping it.
A common question we get is
Will I lose my coins if I lose or displace my hardware wallet?
The answer is absolutely not, as long as you have your recovery seed somewhere safe. We experimented with recovering our Trezor using our seed and it’s a very easy and seamless process. More on recovery here: https://doc.satoshilabs.com/trezor-user/recovery.html
A cool but fully optional gadget for keeping your seed extra safe is Cryptosteel. It allows you to put your recovery seed in an indestructible steel surface.
2. Use These Chrome Extensions Not to Get Phished
Since we wrote this post on August 2017, many phishing scams have emerged to steal private keys and/or hardware wallet pin codes from users trying to use services like MyEtherWallet.
To avoid getting phished, download EAL and MetaMask. These two Chrome extensions will help you avoid accidentally entering websites that try to steal your data while you are using your hardware wallet.
Example Scenario:
You want to use MyEtherWallet with your Trezor or Ledger Nano S, which can be accessed by going to https://www.myetherwallet.com while your hardware wallet is plugged to your computer. There are many sites that try to emulate the same user interface of MyEtherWallet to get you to accidentally reveal your pin and private keys:
These Chrome extensions help you avoid these malicious websites.
3. Set up 2 Factor Authentication (2FA) — ideally with Google Authenticator — on every service you use
One of the best things you can do to make sure your accounts don’t get hacked is to enable 2FA on them. Ideal form of 2FA is to use Google Authenticator on iOS and Android, which is supported by most of the services mentioned below:
- Google Accounts
- Coinbase
- Crypto Exchanges: All exchanges that we know of support 2FA with the Google Authenticator iOS and Android apps.
- iCloud
- Facebook: Because a lot of apps use Facebook authentication, the more secure you make your Facebook, the better.
4. Purchase two Yubikeys
SMS based 2FA is not safe enough.
Google Authenticator‘s Time-based One-time Password (TOTP) implementation of 2FA is inadequate. Read this blog post to see why.
The optimal solution? FIDO/U2F based 2FA. The best product for 2FA with FIDO/U2F is Yubikey.
Yubikey requires you to physically insert a USB device into your computer to log into your Google, Facebook, or Dropbox accounts. You carry this device on your keychain. Yubikey is easier to use than Google Authenticator and more secure.
If you have an Android phone that supports NFC and a PC/Mac with normal USB ports, buy two of this Yubikey.
If you have a PC/Mac with normal USB ports, buy two of this Yubikey.
If you have a PC/Mac with USB-C ports, buy two of this Yubikey.
The reason you want two Yubikeys is to keep one as a backup in case you lose the one you carry around with you.
Please remember Yubikey currently does not work with most exchanges. Google Authenticator should be the go-to alternative in these services.
A common question we get is:
“Trezor and Ledger Nano S tell me they have the same U2F functionality as Yubikey — why not use them instead of Yubikeys?”
While you can use your Trezor/Ledger Nano S as an equally secure 2FA option, they are not a replacement for a Yubikey. We strongly recommend you to keep your hardware wallet somewhere stationary and safe. If you want to access your accounts anywhere you go, you want your main Yubikey with you at all times, and your backup Yubikey somewhere safe.
5. Apply basic security common sense
- Do not use the same password in multiple services.
- Pick strong passwords (password managers like 1Password help).
- Enable the best 2FA security option (Yubikey > Google Authenticator 2FA > SMS 2FA) wherever you can based on the service you use.
- If you use a hardware wallet, keep your paper recovery seed somewhere safe. Our friends who have a large sum saved in crypto investments opt to keep their recovery seeds in a physical bank vault.
Hope this helps and good luck with your crypto investment journey!
Who are we?
Deniz Kahramaner is an Advisor at Accompany and StackShare. He previously led data, growth and analytics at big data startup Accompany ($20M Series B). BS in Electrical Engineering & MS in Computer Science at Stanford University.
Vlad Andrei is the Former Head of Product at real estate investment platform RealtyShares ($20M Series B). BS in Computer Science & MS in Management Science and Engineering at Stanford University.
Vlad’s and Deniz’s interests include fintech, real estate, cryptocurrency and artificial intelligence. They have been active investors in cryptocurrency since 2011 and real estate since 2008.
Appendix: Alternative wallet options
If do not want to spend money on a hardware wallet, you can use one of the alternatives below.
The three safest alternatives to hardware wallets are Coinbase Vault, paper wallets and desktop wallets. We recommend hardware wallets over these options, for security and usability purposes.
Coinbase Vault
Coinbase Vault is Coinbase’s offering to keep your Bitcoin and Ethereum coins secure. While we still would recommend a hardware wallet if you have a lot of money invested in cryptocurrency, Coinbase Vault is a good, safe bet for keeping small amounts of tokens secure. The downside of Coinbase Vault is that it only supports Bitcoin, Ethereum and Litecoin as of December 2017.
Paper Based Wallets
A paper wallet is a piece of paper that has your private and public keys written on it. You can use a few online tools to send and receive tokens using both keys.
Similar to hardware wallets, advantages of using a paper wallet are protection from malware and keyloggers, and 100% ownership of your private keys.
Disadvantages of paper based wallets are:
- No nice UI like hardware wallets. You need to use Electrum or blockchain.info to spend your coins.
- Using paper wallets can be tricky as you can lose some of your tokens if you don’t use them properly due to change addresses. Read the section “Spending From a Paper Wallet” here.
Use paper wallets if you plan to buy & hold your tokens for years. If you want easy send/receive functionality, paper wallets aren’t for you.
Blockchain.info is the best paper wallet option out there in our opinion.
Desktop Wallets
Desktop wallets are wallets that live on your PC or Mac. They are as easy to send/receive tokens with as hardware wallets, but they are as secure as your computer is and are more vulnerable to software viruses and hacking. If your computer is hacked, your private keys could be copied and your coins could be stolen.
Below are good desktop wallets for specific currencies:
- Stellar (XLM): Official Stellar Desktop Client as recommended by Stellar on its website
- Ripple (XRP): Official Ripple Desktop Client.
Some popular desktop/mobile wallets that support multiple currencies are Jaxx, Electrum and Coinomi.
If you use a desktop wallet, make sure your private key file is very safe. The best place to put it is a physical hard drive disconnected from your computer. Keeping it in your iCloud or Dropbox, albeit convenient, makes you vulnerable to any security vulnerabilities that Dropbox or Apple might have.
Web Wallets
Online wallets are services that keep your private keys. We do not recommend them. If they get hacked, you can lose your coins.
