Three Crypto Security Threats (and How to Protect Yourself)
Getting started with cryptocurrency is for many new users a transformative experience. When you buy your first bitcoin, ether, or any other cryptocurrency, you become — for the first time in your life — in full control of your wealth. You can hold it, store it, and move it around in whichever way you want, all without ever having to reveal your identity.
In the unforgettable words of Peter Parker — an expert in keeping one’s identity a secret — “with great power comes great responsibility.” While there are many, many benefits to the ‘immutability’ of cryptocurrency transactions, any kind of attack on your crypto will, unfortunately, be irreversible as well.
Ultimately, the best thing you can do is protect yourself with a ‘web’ of crypto custody tools and strategies, such as those that we will discuss below. But first, it’s a good idea to become familiar with some of the most common digital asset security threats affecting users and companies in the crypto space.
Today, we’ll discuss three types of crypto security issues: Exchange hacks, private key theft, and phishing.
Decentralized assets that are issued by blockchains are for all intents and purposes unhackable. Cryptocurrencies are secured through a distributed computing system that involves the verification of transactions by hundreds (if not thousands) of nodes located all over the planet. At least for the major, truly decentralized, coins, it just isn’t possible for a single malicious individual — or even a large group of hackers — to go into the blockchain, move some numbers around and pull funds out.
Unfortunately, purchasing and selling crypto in exchange for fiat currency still requires on- and off-ramps. This role is fulfilled by cryptocurrency trading platforms which, far too often, fail to adequately secure their systems. In fact, more than $3 billion in digital assets have been stolen from cryptocurrency exchanges over the last ten years alone.
The most notable cryptocurrency exchange security breaches were without a doubt the two (!!) that targeted Mt. Gox, a Tokyo-based platform that dominated the market during the early days of crypto. More than 850,000 BTC (then totaling around $600 million, or about…. $40 BILLION… today) was stolen from the exchange over the course of two attacks that occurred in 2011 and 2014.
While it is true that that attack was largely due to the lack of sophistication of early crypto infrastructure, big hacks continue to this day. As recently as December 2021, almost $200 million had been stolen from the BitMart trading platform. Even the biggest, most seemingly trustworthy exchanges haven’t gone untouched, with $40 million taken from Binance in an incident that took place in 2019.
Private Key Theft
2021 has been an exciting year for crypto. Today, there exists an entire world of new blockchain-powered applications (including Dapps) and there are now more ways to use your cryptocurrency and tokens than ever before.
DeFi, Play-2-Earn, and the metaverse are just a few examples of these exciting new opportunities. All this excitement, however, can sometimes lead to costly mistakes made by decentralized platforms and their users. It is precisely this that occurred when, just this month, a hacker targeted 96 wallets on the Vulcan Forged gaming platform.
According to The Block, Vulcan Forged, which offers six blockchain-based games and its own game studio, entrusts all user private keys to the Venly wallet management solution. By some means that has yet to be disclosed, the wallets which held a combined balance of $140 million ended up in the possession of some unknown individual who went on to ‘dump’ the tokens on the Uniswap decentralized exchange.
Alas, this particular case is not unique. In March, a similar attack affected the Roll cryptocurrency platform, causing users to lose $5.7 million.
Phishing and Fake Wallets
Phishing is a type of cyberattack where a malicious actor uses a fraudulent message or online postings to trick victims into providing sensitive information. Unfortunately, over the last few years, this has become a go-to tactic for hackers that aim to steal people’s cryptocurrency.
Such was the case in November, when hundreds of MetaMask and Phantom wallet users were targeted in a phishing scam that led to at least $500,000 in losses. According to a report from Check Point Research, the users had been targeted using search engine advertisements, which led to fake websites. Victims were prompted to enter their private keys and wallet passwords into these sites.
Worth noting is the fact that fake phishing wallets sometimes even make it onto the App Store. New crypto users need to be wary of imposters!
How to Protect Your Crypto
Based just on these above examples, there are a few key strategies you can take to ensure greater security for your digital assets:
1. Utilize cold storage for keys:
A private key is in ‘cold storage’ when it is not stored on a device that has a connection to the internet. The easiest way to achieve this is with a hardware wallet (such as Ledger or Trezor). An extra level of security is possible by storing backups, written on a piece of paper or engraved onto a metal card, in a highly dependable physical location, such as a bank vault.
2. Create Multi-Signature Wallets
An excellent strategy to pursue for larger cryptocurrency portfolios is the creation of multisig wallets. Basically, this involves generating wallets that have multiple private keys and that require that two or more custodians provide approval for all outgoing transactions.
3. Seek Insurance-Backed Guarantees
There are many good reasons to leave coins and tokens on an exchange account. On the one hand, this removes the responsibility of constantly keeping track of one’s private keys. On the other hand, it helps to save on deposit and withdrawal fees when the user knows that trades in the short- to midterm may be necessary. In our opinion, it is always best to select an exchange that offers insurance-backed guarantees. This means that the exchange provides the ability for users to protect their assets through some kind of insurance product.
Altercap’s Insurance-Backed Crypto Custody Solution
At Altercap, we offer an insurance-backed guarantee for all assets stored on our platform. Our cryptoasset coverage includes protection against a wide range of cybercrime scenarios, including hacking, device theft, phishing, malware, worms, and brute-force attack.
This product is provided in cooperation with Coincover, the market leader in crypto security. Plans start at just $1 a month and the first three months are free.
You can learn more here.