The decentralized model of cryptocurrency largely transfers power to users, which is why many users are drawn to it. However, with that power comes the responsibility of maintaining the privacy of your security keys. Effectively, by having complete ownership of your funds, you become solely responsible for the security of your funds. This article will examine various best practices for practical user security.
Cryptocurrency users are susceptible to being targeted by hackers
As a digital asset, cryptocurrency has intrinsic value and can be stolen and diverted to new owners instantly and irrevocably. This creates a massive incentive for hackers to target users who do not take their security seriously.
In 2020, research data revealed that global cryptocurrency losses due to hacking exceeded $3.8 billion. Trading platforms, wallet service providers, and related enterprises incurred most of these losses.
Due to the undeniable high risk of security threats and breaches, cryptocurrency trading platforms and wallet service providers are investing more in cybersecurity. The security systems they procure are like those used in traditional centralized financial institutions with complex and layered security features. As the security levels at the institutional level get harder to penetrate, individual users gradually become the target of hackers.
10 Best Security Practices for Cryptocurrency Users
1. Change your perception of cybersecurity
One fact that has existed for ages is that we are undoubtedly paying fees for the security of our funds in our bank account (though “security fees” will never appear on bank statements). Unlike traditional centralized banking financial institutions, decentralized systems such as cryptocurrencies transfer the control and responsibility of security to individual users.
With cryptocurrency, even when we might be excited to complete our first cryptocurrency transaction, we should not forget that there are no longer any security service providers similar to what banks have, and there may not even be enough regulations to provide any protection (depending on the national or regional regulatory regulations in which the holder is located). Therefore, it is recommended that cryptocurrency users have crucial security practices in place, such as buying simple and easy-to-use hardware security devices, mastering security protocols, and implementing security best practices recommended in this article.
2. Choose a trusted trading platform with reliable security incident compensation or insurance mechanism.
The most apparent risk faced by cryptocurrency holders is the theft of coins. Assuming most individual users hold coins on cryptocurrency trading platforms, choosing a trusted platform is undoubtedly important.
There is no benchmark for international security standards or third-party agency ratings for trading platforms in the cryptocurrency industry. Therefore, it is necessary to properly understand the security mechanism of a platform before registration, such as the company’s current security investment. Also, it is important to check if there is any user account security insurance or guaranteed compensation for security breaches.
3. It is not enough to be well-informed on anti-phishing practices and scams; you must complete a safety test.
You should be familiar with basic user security risks as a cryptocurrency holder. Among them, phishing is the most common. To avoid being viewed as a “fish” in the eyes of perpetrators, you should be equipped with the knowledge about common “baiting-the-hook” techniques.
One example would be when you receive a phishing email, and the URL that invites you to click is a fake domain name similar to a trusted one e.g. www.goog1e.com (note that it is not www.google.com). It could even be a clone website of a commonly used trading platform. According to data, around 65% of organizations worldwide experienced some kind of phishing attack in 2022. If your email has been compromised, or if you previously had a compromised account, then phishing emails will be carefully designed to target you. 96% of phishing attacks come from email, according to statistics.
So, how do you prevent this?
A reliable method for crypto holders is to complete an anti-phishing security test. The Google online test is a good benchmark and you can take the test here. It comprises a total of eight (8) questions and requires just 10 minutes of your time. Didn’t manage to score full marks? That means you need to increase your security awareness and try again. Many large companies also test employees’ security awareness and corporate security status.
Other common phishing methods include sending gifts or bonuses through fake official social media channels, posing as customer support personnel, or cloning trading platform CEOs' social accounts.
4. Use of 2-Factor Authentication (2FA)
The good news is that most cryptocurrency trading platforms, including Bybit or wallet service providers, require users to use two-factor authentication, such as Google Authenticator. The downside is that users will always dislike the hassle of using these tools.
Taking the time to understand the principles of the 2FA security mechanism will allow us to understand the correct usage of a 2FA. 2FA is an additional layer of security used to ensure that only legitimate owners can access their accounts. This “extra” layer means that in addition to some things you know (password, PIN, etc.), security verification will also verify the second layer (two-factor). This two-factor can be something you own, such as the Google Authenticator app installed on a mobile phone that you carry, a one-time password sent to your mobile phone via SMS or hardware tokens. These features are used on top of your existing mobile security features (such as fingerprints, iris and/or facial scanners, etc.).
When we install Google Authenticator directly on the computer, we give up an extra layer of protection every time we copy the verification code instead of using the smartphone app. It is very likely that once a hacker (remote) or a person who has physical access to your computer and gains access, your existing layers of protection will be penetrated.
At Bybit, users can bind their accounts with Google Authenticator. The best time to bind your Google Authenticator is immediately after your first login to the Bybit account.
Read here on how to bind your Bybit account to Google Authenticator.
5. Strong passwords independent of other Internet accounts
It is always the most economical choice for a hacker to try to hack the target cryptocurrency account by using a user’s compromised account and password. Knowing this, a savvy cryptocurrency holder will have the following preventive measures.
First, register a new email account for the cryptocurrency platform to circumvent any previous digital footprint that would allow hackers to successfully hack or clone your account. Secondly, do not use weak or common passwords.
A report from CipherTrace, a blockchain certificate company, shows that 65% of the Know-Your-Clients verification (KYC) processes in the world’s top 120 cryptocurrency trading platforms are weak. This means that once your crypto account password has been cracked, the hacker could easily obtain your crypto assets on the trading platform and transfer them to their wallet address, thus leaving little to no chance of retrieving the assets.
6. Dividing assets in a 70-20-10 ratio to diversify risks
In addition to trading on platforms using your accounts and cryptocurrencies, it is common for traders to store crypto assets offline like one would with cash in a safe. Personal crypto assets, whether stored in hard wallets, physical storage, desktop wallets, or mobile APP wallets, are recommended to be allocated to cold, warm, and hot wallets in the ratio of 70%, 20%, and 10% of assets depending on an individual needs and preferences.
Would you still carry your entire net worth around in your wallet?
Most people consider that reckless, yet cryptocurrency users often keep all their cryptocurrency in a single wallet. Instead, users should spread the risk among multiple and diverse cryptocurrency wallets. Prudent users will keep only a small fraction, perhaps less than 5%, of their cryptocurrency in an online or mobile wallet as “pocket change.” The rest should be split between a few different storage mechanisms, such as a desktop wallet and offline (cold storage).
7. Use a physical wallet that represents future trends
Because most users are far more comfortable with physical security than digital security, a very effective method for protecting cryptocurrency is to convert them into physical form. Cryptocurrency keys are nothing more than long numbers. This means they can be stored in a physical form, printed on paper or etched on a metal coin.
Securing the keys becomes as simple as physically securing the printed copy of the cryptocurrency keys. A set of cryptocurrency keys printed on paper is called a “paper wallet,” and many free tools can be used to create them. For example, I would keep most of my cryptocurrency (99% or more) stored in paper wallets, encrypted with BIP-38, with multiple copies locked in safes. Keeping cryptocurrency offline is called cold storage and is one of the most effective security techniques.
A cold storage system is one where the keys are generated on an offline system (one never connected to the internet) and stored offline on paper or on a physical device, such as a USB memory stick.
In the long term, cryptocurrency security will increasingly become hardware-tamper-proof wallets. Unlike a smartphone or desktop computer, a cryptocurrency hardware wallet has one purpose: to securely hold cryptocurrency. Without general-purpose software to compromise and with a limited interface, hardware wallets can deliver an almost foolproof level of security to non-expert users. It is no surprise that hardware wallets will become the predominant method of cryptocurrency storage.
8. Balance the risk of excessively complex protection to prevent asset loss
Complexity is the enemy of security, especially for the average individual user. The main risk addressed in the many security measures mentioned above is the prevention of stolen crypto assets, whether stolen on a trading platform or stolen physically – although, overly complicated security measures could pose greater risks.
Although most users are rightly concerned about cryptocurrency theft, there is an even bigger risk. Data files get lost all the time. If they contain cryptocurrency, the loss is much more painful.
In the effort to secure their cryptocurrency wallets, users must be very careful not to go too far and end up losing the cryptocurrency. In July 2011, a well-known cryptocurrency awareness and education project lost almost 7,000 cryptocurrencies. In their effort to prevent theft, the owners had implemented a complex series of encrypted backups. In the end, they accidentally lost the encryption keys, making the backups worthless and losing a fortune.
One important security consideration that is often overlooked is mortality, especially in the context of incapacity or death of the key holder. Cryptocurrency users are told to use complex passwords and keep their keys secure and private, not sharing them with anyone. Unfortunately, that practice makes it almost impossible for the user’s family to recover any funds if the user is not available to unlock them.
If you have a lot of cryptocurrencies, you should consider sharing access details with a trusted relative or lawyer. A more complex survival scheme can be set up with multi-signature access and estate planning through a lawyer specializing in “digital asset execution.”
9. Personal Data Protection and cryptocurrency-related privacy issues
Individuals own their data and cryptocurrency assets.
Personal data protection is a sensitive subject. A single trace can identify and associate your personal information (PI) in the encrypted world with your cryptocurrencies. For example, your online usernames/ID on crypto community forums, your IP address, smartphone device information, personal infor trading platforms, or even if you inadvertently mention the type and quantities of crypto you own on social media. Information about you being the owner of a particular wallet address, the crypto service provider (trading platform or wallet) you use, your attendance at a private cryptocurrency conference, etc. All this personal data could be easily obtained by unscrupulous individuals looking for easy targets.
Protecting your privacy is part of protecting the security of your cryptocurrency assets but it is also the only way you can avoid the conflict between the encrypted virtual world and the real world.
10. Living in the cryptocurrency world, you will need a security expert friend
“My deposit went to someone’s else address.”
“The customer support of the trading platform said that I was caught in a clipboard hijacking malware, and I will need to immediately use anti-virus software and check the browser plugin.”
“What exactly is a clipboard hijacking malware, and what should I do?”
Users in the digital world also face problems similar to those in the real world, especially security issues. They have so many questions with no answers and nobody to turn to. Perhaps, having a security expert friend in your daily life would make things much less complex.
In Summary
According to Statista, the number of blockchain wallet users, as of October 2022, stands at over 82 million. Cryptocurrency is a completely new, unprecedented, and complex technology. Over time we will develop better security tools and practices that are easier to use by non-experts. For now, cryptocurrency users can use many tips to enjoy a secure and trouble-free cryptocurrency experience.
Source: How to Keep Your Cryptocurrency Safe (2022) | Bybit Learn