Keeping your crypto secure is arguably the best thing you can do yourself. You might’ve heard about people’s crypto wallets getting hacked and thought they must’ve been using a bad password or that it could never happen to you, however, I am here to tell you that couldn’t be further from the truth.
It’s a common misconception that one needs to have poor security habits for their account to get compromised. The reality is that savvy attackers don’t even need to find your password to gain access to your account. Some of the most common types of attack include brute force attacks (the attacker guesses what your password is until they succeed), phishing attacks (the attacker will pose as a legitimate body like an exchange to get your details), and database attacks (the attacker finds relevant info like passwords from a different site that has been compromised).
Security Flaw – SMS 2FA
Over the past few months, a new type of attack has been rising in popularity. Unfortunately, this attack is very hard to protect against as it’s easy to think you’re doing everything right. I would hope you’re all using 2-factor authentication (more on that later) but if you have set to send a code as a text, you’re in danger.
In a devastating blow to crypto security, attackers can spoof your phone number and email address in order to convince your mobile network that they’re you. Once they’ve gained the network’s trust they request that any texts going to your mobile number be rerouted to their burner phone. Meaning that they’re able to gain access to your account and reset the password without anything seeming off to the exchange. I know of multiple people this has happened to, causing them to lose thousands, so I can only imagine just how frequent this attack has become.
How to Protect Yourself
Luckily, the solution is simple. All you need to do to secure your account is disable SMS 2FA and use an app like Google Authenticator or Authy. By doing this you prevent any attackers from being able to access your 2FA code, greatly improving your crypto security. To ensure you don’t lose access to your account if you lose your device we recommend setting up your authenticator on multiple devices (laptop, mobile, pc, etc)
If you’re unsure of what 2FA actually is, don’t worry, we have you covered. 2FA essentially acts as a last line of defense if your account gets compromised. Let’s say someone got access to your account. Without 2FA, they would be free to do whatever they wanted (withdrawing, changing password, etc) without anyone getting alerted. But by enabling 2FA, you’ll be required to input a code sent to your device to prove you’re the real owner of the account.
What is a Private Key?
A private key is akin to a password. It’s a string containing a mixture of letters and numbers, used to gain access to your wallet. Say you lose your device, you can use that string to gain access to your crypto wallet from a different device – meaning you can never lose your funds unless you lose your private key. As such, it’s imperative you never share your private key with anyone as it will massively hinder your crypto security.
Different Types of Wallet
You would be forgiven if you assumed that every wallet was essentially the same; after all, they all fulfill the same basic functions. However, there are two primary types of wallets. You may have heard the names mentioned before – custodial wallets and non-custodial wallets. While this may sound confusing you needn’t worry. Think of it like this: custodial wallets take custody of your private keys and non-custodial wallets give you ownership of the private key.
A custodial wallet means that a 3rd party is managing the private key on your behalf. As we’ve previously mentioned, that does mean you could technically lose access to your funds if the company managing your keys dissolves. Overall, while some recommend custodial wallets for beginners I think it’s important to practice crypto security from the start of your journey. This isn’t to say that custodial wallets don’t have their place, however, they will never match the security offered by a hardware or non-custodial wallet.
Some examples of Custodial Wallets:
As the name implies, a non-custodial wallet is essentially the opposite of a custodial wallet. When using a non-custodial wallet you’re in charge of the private key. While this is advantageous for security purposes, it does leave you with the responsibility of keeping it safe. We recommend writing it on a piece of paper and locking it away somewhere secure.
Some examples of Non-Custodial Wallets:
The final type of wallet we’ll discuss is a hardware wallet. These wallets differ from the two we previously discussed as they require a physical device to access the account. While hardware wallets operate in a similar way to a non-custodial wallet, they also have the benefit of requiring you to authorize the transaction using a separate device. This means that for someone to access your funds they would need your private key and physical access to the device; far safer than the alternatives. As such, we recommend storing any large sums in a hardware wallet.
The only drawback to hardware wallets is that they’re seldom convenient in terms of fees, if you need to swap or sell, make you move your funds back to an exchange. Additionally, some hardware wallets (Ledger) have limited storage space, meaning you can only have a few coins per wallet.
Examples of Hardware Wallets:
There’s no reason for a custodial wallet to be considered unsafe. However, the reality is that if something unforeseen happens and you can’t access the exchange or company holding the keys, you’ll be left out of pocket.
By far, the best way to keep your crypto secure is by using a hardware wallet. That way you have multiple barriers between your funds and attackers.
Using 2FA certainly improves your safety, however, be sure to use an authenticator like Authy or Google Auth as SMS 2FA has a known security flaw.