Why should I care about Cryptocurrency Security?

Vault12
Vault12
Feb 4 · 11 min read

TL;DR

If you trust any institution to protect your seed phrase for you, you are not taking advantage of the greatest feature of cryptocurrency: independence.

If you lose your seed phrase, and you don’t hve a backup, your crypto is gone.

If someone steals your seed phrase and takes your crypto, you will probably never get it back.

If you don’t share access to your seed phrase with anyone at all, your heirs will not be able to access it.

There are solutions and best practices that can help you protect your crypto.

Risks with Cryptocurrency.

To be brutally honest, and this goes for all kinds of valuables, if you don’t care about security, then hackers and accidents could take your hard earned assets from you. This site is designed to show you the options avaialble from the industry, and this article outlines the risks and makes reccomendations.

There is a big difference between using traditional financial institutions to trade in stocks and manage your bank accounts, and the world of buying and selling digital currency. This key difference is highlighted in the following scenario:

If you forget the password to your bank account, you can obtain a password reset from the bank, but with native crypto, there is no one who can give you access to your funds.

Why? Because crypto is protected with digital key, a list of words, known as a seed phrase, and without this key, you cannot access your funds. This means that protecting your seed phrase is the same as protecting your funds.

You could avoid the responsibility of protecting your seed phrase if you were to rely on a centralized exchange like Coinbase or Gemini to hold your crypto wallet for you as a custodian. When a custodial exchange controls your wallet, they are responsible for protecting the keys, and they can give you access to your cryptocurrency again if you forget your password to the exchange. Although this is super-convenient, you must keep in mind that whatever entity controls your keys or codes also controls access to your cryptocurrency, and that comes with downsides as well as the upside of convenience.

In uncertain times, a primary benefit of owning cryptocurrency is the ability to be your own bank and to control your own funds — this is the very promise of the Blockchain and cryptocurrency — but to realize this benefit, you must control your own keys, and thus, your own security.

The risks to your seed phrase, and hence to your cryptocurrency, range from hackers attacking centralized exchanges and stealing millions of dollars worth of cryptocurrency, to fraud by the owners or employees of less well-known exchanges, to the theft of USB and other types of storage drives with seed phrases on them. However, the most likely risk is simply that you will lose access to the seed phrase because you lost the paper that you wrote it on. (9 out of 10 wallets tell you to only back up your seed phrase onto a piece of paper.)

Additional risks include the seed phrase being lost in some kind of accident (e.g., the floods and fires that plague certain regions like California), or even — despite your diligent efforts to religiously back everything up — you could simply forget the password to the encrypted drive where you stored your seed phrase.

Understanding the vectors of loss

Let’s expand on each to understand clearly which solutions might be best for each situaiton. None of this is “rocket science”, moreover this kind of knowledge (known as “key management” — popup/glossary) is not unique to Bitcoin or cryptocurrencies, but is essential for your future security on the Internet in general. The world wide web is now being rebuilt on the decentralized principles and cryptographical technologies that help it to scale further and deeper with the fundamentally enforced requirements to protect our data and sovereignty.

These risks affect everyone, and the best way to reduce them is to make sure that you carefully back up your seed phrase. This site describes for you the most common options available. Supplementing this guidance, the crypto Wallet Guides show you how to create wallets in a secure and safe manner, highlight where you have options, and suggest when you should follow the default instructions.

We hope that these articles, written by security experts, help you to navigate crypto security in a practical way so that you can enjoy participating in the exciting and empowering world of crypto.

Let’s explore in a little more detail, and point you to the right resources to protect yourself.

Cameron Winklevoss, Winklevoss Capital

In a traditional banking scenario, clients don’t have to worry about the theft of their account funds, or incorrect transactions. This is because banks work with consumers to block potentially fraudulent transactions, and to issue chargebacks for unintentional transactions. The role of the traditional bank is to provide and ensure such security.

What “owning your own money” really entails.

A distributed database on a blockchain network is also extraordinarily secure and resilient. When cryptocurrency advocates explain blockchain technology, they highlight the fact that blockchains have no single point of failure. By this, they mean that there is no single place where an attacker could maliciously halt or modify the network. From a technical standpoint, blockchain transactions are extremely secure in the validation, resilience, and integrity that they provide.

However, points of failure associated with a decentralized blockchain database migrate towards the user’s end of the spectrum: by managing your own money, you become the potential single point of failure in protecting your funds. How? As a cryptocurrency owner, your access to this resilient network is through your crypto wallet, and that access is granted through a digital private key that is stored in your wallet. Your seed phrase was used to generate this private key, and your seed phrase can also restore your private key if your wallet is damaged. Your careful storage and use of this private key — and your seed phrase backup — determines whether your crypto funds remain secure, or are exposed to loss or theft. In this way, as the guardian of your wallet and seed phrase, you are fully responsible for the safety of your funds.

Blockchain transactions are fast, and permanent.

The decentralized finance movement introduces a new paradigm in which owning your own money and participating in a decentralized financial network creates a whole new form of economic mechanics. The main concept is that instead of central authorities solely determining an economy’s fate through monetary policies, monetary policy is also greatly affected by how blockchain software evolves, and by how people interact with it.

How a blockchain network settles and records transactions for a cryptocurrency is determined through the exercise of its operational protocols. Transactions, once completed, remain immutable forever. The part of that last sentence to pay close attention to is “immutable.” Immutability is a characteristic that offers great security to monetary transactions, since once a transaction is completed, it is committed permanently, and can not be reversed for any reason.

Settlement is very fast compared to traditional banking, where charges may be reversed long after the transaction has been completed. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.

The challenges of crypto key management.

Taking control of your own crypto keys puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. If this happened, your funds would be abandoned on the blockchain forever, since no one would be able to guess or restore that lost digital key.

Poor key management is by far the most common way that cryptocurrencies are lost. Consider that, given that many of us need to rely on a “forgot password” option to recover simple 9-character passwords, it’s unrealistic to believe that we can be trusted to casually maintain a 48-character string of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days, storing his private key on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $352 million at today’s (quickly-changing) coin price of $47,000. Ouch.

Key management is difficult for those that are technology-savvy — and even harder for those who aren’t. Because of this predictable difficulty, estimates show that between 17 and 23 percent of all bitcoins have been lost as a result of losing a private key.

Hostile actors.

Hackers pose one of the most serious threats to cryptocurrency holders. In 2017, 13.7% of the entire world’s population reported a hack of some type digital asset — including both bank account balance and cryptocurrency. This indicates two key and important points: One, hackers are rampant, and will relentlessly continue to steal from consumers. Two, consumers are not effective at personal digital security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this could be far greater of a threat than it is right now.

Hacking attacks are possible through targeted malware or virus attacks, and through other deliberate compromises. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a Chrome browser VPN extension was hacked and used to retrieve private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2 million from average consumers. In 2018, a MyEtherWallet browser plugin DNS hack let hackers steal over US$365,000 from users.

Exchanges have also not been left out of the fun — see Risk 1 below — numerous major exchanges have seen thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.

Risks and Recommendations.

Below is a short summary of risks and some poignant examples, together with some common-sense recommendations. More details on how to implement security are found throughout this site.

When they first start trading cryptocurrency, many people end up leaving their crypto on the exchange. It’s convenient, the funds and the coins are on hand to easily do transactions, but unfortunately, hackers love the fact that so much crypto is in one central place, ready for the taking.

According to to Inside Bitcoin, more than $11 billion (and counting) has been stolen not only from supposedly secure crypto exchanges, but also other custodial wallets and mining platforms since 2011, mostly due to hacking incidents.

However, the number of exchange hacks is not declining. In fact, you can find up to date lists of cryptocurrency exchange hacks on the internet. According to , Cyber-attacks and hacking incidents on digital assets netted $1.8 billion in the first 10 months of 2020 alone.

Most recently, a large hack happened on the KuCoin centralized exchange in September 2020, with hackers stealing $275 million from the Singaporean exchange.

Hackers have gotten their hands on $11 billion in stolen cryptocurrency since 2011. More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets, and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed. — July 2020

Exchange hacks are not just limited to third parties — employees, and even founders of exchanges have perpetrated massive fraud.

This is why it is essential that you not leave your crypto assets on exchanges, regardless of assurances to the contrary.

In addition to the famous QuadrigaCX case in 2019, another top10 exchange, OKEx suffered an outrageous hack by a founder who went missing, absconding with exclusive access to users’ private keys, this led the exchange to freeze withdrawals on all users’ assets for more than five weeks.

Joe DiPasquale, BitBull Capital

There are many, many stories of seed phrases being backed up onto local devices and then getting lost or stolen, or the PIN/Password being forgotten — in contrast with leaving seed phrases in centralized cloud storage. The trouble with local storage is that it’s easy to lose, or even for someone to target you and steal the storage device.

With so much of our personal information available to anyone who wants to target us, the risk of your crypto being targeted is very real. Personal attacks include email phishing attacks, SIM Swap attacks that can sidestep 2-factor authentication, and various other ingenious social engineering attempts. The majority (50%) of crypto thefts in 2020 occurred on Defi protocols.

“We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting “nearly $3.78 billion” in 2020,” according to a report from Atlas VPN. — Jan 2021

Data on cryptocurrency lost due to accidents and natural disasters is hard to come by, but estimates indicate it is north of $10 Billion. Accidents — losing your hardware wallet, or leaving your paper seed phrases behind because you had to evacuate California wildfires and earthquakes, have contributed. Many believe that the biggest loss comes from simply forgetting PINs and passwords — something that can happen even if you take precautions.

Tens of billions worth of Bitcoin has been locked by people who forgot their key. Of the existing 18.5 million Bitcoin, around 20 percent — currently worth around $140 billion — appear to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis. — Jan 2021

James Howells, a Welsh I.T. worker, began mining Bitcoin on a personal computer in 2009. By 2013 he had mined 7,500 Bitcoin which is worth about $270 million in Jan 2021. In 2013 he stopped mining and sold the computer he was using for parts on eBay. He kept the hard drive with the hope that Bitcoin would rise in value. In 2013 when cleaning his house he accidentally threw the drive away and it, along with the rest of his trash was taken to the local landfill in Newport, South Wales and buried. Asked how it ended up in landfill, he explained that it was “thrown out into a bin bag during a clear-out in a case of ‘mistaken (hdd) identity’ in summer 2013. There were two HDDs in the same drawer, the wrong one got binned? s*** happens.”

The landfill reportedly contains about 350,000 tons of waste and 50,000 more tons are added every year. An article reported that “a council spokesperson said their offices have been “contacted in the past about the possibility of retrieving a piece of IT hardware said to contain bitcoins,” but digging up, storing and treating the waste could cause a “huge environmental impact on the surrounding area.”

We usually don’t think of death or incapacitation while contemplating how to enter the brave new world of crypto, yet the consequences of how crypto is secured means that to ensure the accessibility of funds by future generations, specific protective steps must be taken. This starts with talking to a trust and estate lawyer to draw up a will and a plan for how beneficiaries can access assets. This can be a convoluted process. As a result, companies like Vault12 have identified solutions to provide simple and easy to use solutions for digital inheritance.

There is a steady drumbeat of these stories happening with worrisome regularity:

In December 2018, Gerald Cotten, the founder of the bitcoin trading exchange, died (under somewhat mysterious circumstances) resulting in the loss of $250M and the exchange going bankrupt. Gerald was only 30 years old and had not created an inheritance plan, nor were instructions of how to access the centralized assets ever found.
In April 2018,
Matthew Mellon, heir to Mellon family banking fortune and former chairman of the NY Republican Party finance committee, and cryptocurrency proponent, died. Prior to his death, he held an estimated $1B in Ripple (XRP) — all of this remains were inaccessible as he left no instructions, even though he protected the cryptocurrency via cold storage in multiple locations around the US in different people’s names.

In 2017, an unidentified young crypto investor in Colorado died with a small fortune in cryptocurrency held in a coinbase account. The family, however, had no access to the account and eventually had to petition Coinbase directly. Eventually the assets were released after a lengthy process. If the account holder had not been a U.S. Citizen, this would have been a much more complicated process.

Related Articles Around the Web

Originally published at https://vault12.com on February 4, 2021.

Vault12

Protecting the future of money

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store