ZeroGuard
Published in

ZeroGuard

Best Home Crypto Trading Security Tips

Hackers have found their new cash cow, cryptocurrency theft, and ole’ Bessie is udderly leaking. With the amount of people doing their transactions from home on outdated hardware/software, using insecure networks and/or implementing sloppy or lazy password practices (like reusing the same one over and over), millions of dollars are being stolen in the blink of an eye.

Worse yet, tracking the work of hackers is often challenging since their footprints can be eliminated digitally. If an adversary gains access to a cryptocurrency account, investors do not have any legal recourse to replenish the lost assets, since virtual coins are still unregulated by governments or central banks. When you lose your keys, your money is gone. Simple as that.

That doesn’t seem to deter the growing number of people who are seeking their fortune from the comfort of their living room. Crypto trading from home can be a safe and arguably lucrative practice if one takes the time to learn a little about the process and how it can be done with some degree of cyber hygiene. Here are some storage options and tips on how to keep your keys to yourself.

Crypto Wallets

Essentially, a cryptocurrency wallet is a software program designed to store your public and private keys, send and receive digital currencies, monitor their balance, and interact with various blockchains. It has a private key associated with it — a long string of letters and numbers that serves like a password. There are basically two types of cryptocurrency wallets: hot and cold. And much like the taps on your sink, finding the right blend of the two is often the best bet.

In fact, most cryptocurrency holders use both cold and hot wallets. Hot wallets are convenient for those who do frequent trading, while cold wallets are better for the long-term holding (ie. savings account) of crypto assets.

Hot Wallets

The easiest way to store your wallet is right on the exchange from where you bought it (ie. Coinbase, Kraken, etc.), known as “non-custodial” wallets. These are accessible via the web and apps, and you have access to your private key. Because you must entirely trust the exchange, many choose not to store large amounts on it. It is oft-mentioned that keeping the bulk of your digital assets in exchanges is generally not a good idea.

Another wallet storage option is through financial apps (there are many that have recently gotten into the crypto purchasing game) like PayPal and Robin Hood. These “cloud wallet” apps tend to limit one’s options to only buying and selling cryptocurrency in their environment, so you have to cash out through them, of course incurring fees along the journey. In this scenario, you don’t have access to your private key and if that financial third-party provider gets breached, the hacker(s) have the “keys to the kingdom”.

Cold Wallets

Because of the lack of control, many choose to store their cyber wallets on their laptops and desktops. Exposing your keys on the internet has blatant risks, so a safer option is to store your keys on a cold wallet.

One type of cold wallet is the “paper wallet” which is, as the name implies, a physical copy or paper print of your public and private keys. It can refer to a piece of software that generates a pair of keys, along with a digital file for printing out. With paper wallets, one is assured a relatively strong level of security and you can import them into a software client or simply scan the QR code to move or transfer funds.

But there are still risks. For instance, paper wallets can be easily damaged, burned, easy to copy and take pictures of, and require mutual trust if you’re not making one yourself. To make paper wallets less fragile, sometimes people laminate them, create multiple copies and store them in different locations, engrave them on pieces of metal or other sturdy materials, etc. Don’t discount the use of a good ole’ wall safe, either.

Note that it is a bad idea to keep electronic copies of your paper wallet on your PC; they should always be kept offline. Writing down passwords — yes I mean with pen and paper — is a route to go, provided you put the information in a safe place that you will remember and no one else will find.

The other main type of cold wallet is the purchase of a storage system to put on a device NOT connected to the Internet. This is known as a hardware wallet. Certain manufactures, like Trezor or Ironkey, make proprietary drives specifically designed for storing crypto wallets. There are built-in additional protections to guard your keys even when plugged into the internet.

The problem is that many of these devices have a security failsafe that limits the amount of times you can enter your password or recovery protocols. And never forget that this is new technology, so it is subject to bugs, malicious updates and all of that other fun stuff that keeps Rogaine in business.

Fortunately, usually you can disable the option to wipe the whole storage on your hardware wallet. Also, most of them allow you to create backups (although you still need to remember the recovery passphrase).

Getting a hardware wallet directly from a manufacturer is the most secure way to purchase one. It is unsafe to buy it from other people, especially ones you don’t know. Mind that even if you get a hardware wallet from a producer, you should always initialize and reset it yourself.

Best Ways to Keep Your Cryptocurrency Safe

Take a hybrid approach to storing your crypto assets

Cold wallets should be used to store the majority of a consumer’s cryptocurrency, while only keeping a small amount of currency in the hot (online) wallet. The cold wallet should also be stored in a secure place such as a safe or safety deposit box, and separate the private and public keys. Additionally, don’t keep cryptocurrency in exchange for a prolonged period or longer than necessary.

Always enable two-factor authentication (2FA)

Never reuse passwords across your accounts and enable password rotation when possible. Using a trusted password manager can help to automate this process and take the guesswork away. If you go for a hot wallet, choose a password which is hard to guess, and never put your 24-word recovery sheet online.

Work with reputable cryptocurrency wallets, exchanges, brokerages and mobile apps.

Carefully research each platform’s security features to understand how their data will be protected. Trusted entities should incorporate best security practices such as requiring multi-factor authentication, SSL/TLS encryption and using air-gapped devices that are kept offline when storing cryptocurrency. And it’s NOT paranoid to assume that all of them will inevitably have a data breach.

Protect yourself from phishing

Social engineering attacks can come from anywhere on all of your devices, including texts, social media, third-party messaging platforms or email. Many bogus websites imitate exchanges for the sole purpose of stealing your login data. Always check whether the website address is correct. Also be wary of malicious mobile apps that have the hidden ability to log your keystrokes or watch your screen activity.

Make sure you have antivirus software installed and up-to-date

Many people install antivirus software on their computers, and they are starting to realize they should do the same with their smartphones and tablets.

Be aware how your wallet is used in transactions

The cyber protections applied to your wallet are only as good as your understanding of them.

Understand the different methods and processes to protect your digital currency

The three most important components to learn about are secret key protection, recovery seed protection and cryptominer malware protection.

Avoid sharing the secret key

The secret key is used to validate that the person sending the digital coins is the owner of the wallet being used. This secret or private key should never be shared. To take it a step further, don’t tell people you have cryptocurrency.

Skip using wallets hosted by providers

The wallets hosted by providers are considered the unsafest choice because you are allowing them to store your money on their hosted wallets, which are totally out of your control.

HTTPS

Login only to secure websites with a valid HTTPS certificate. Most legitimate sites have one. For extra safety, try browser plugins like “HTTPS Everywhere.”

Use a secure Wi-Fi connection

Never connect to your online wallet, exchange account or another critical security point via public WiFi. Even when you’re at a presumably safe place, make sure your WiFi access point uses strong encryption like WPA-2 protocol. Another consideration is to do your transactions through a trusted VPN.

Whitelist IP and Withdrawal Addresses

If you have a static IP address, use it for your safety. Make sure that only you can access your accounts and funds, assuming, of course, your provider supports this.

Use security measures you can handle

Don’t overcomplicate your security. Strive for an appropriate balance between complexity and security.

Be sure the recipient wallet is correct

Always check a recipient address before proceeding with a transaction. A simple one letter mistake could direct your transaction to another wallet. In contrast to some traditional financial services, most crypto transactions are irreversible. Some malware is also capable of changing the right destination of your crypto, so a double-check of transaction details is never redundant.

Don’t fall for “Giveaway” scams

Don’t ever fall for offers sounding like “send us Bitcoin and get double your Bitcoin back.” This type of attack is quite common on platforms like Twitter, with attackers frequently impersonating celebrities, politicians, or crypto personalities promising to double user’s crypto fortune. When in doubt, use forums like Reddit or TrustPilot to look into “deals”, especially if they appear too good to be true.

And finally,

Use small “test” transactions to get your feet wet and to test the convenience, user-friendliness and security of the crypto currency platform. And only invest what you can afford to lose.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store