Do you sometimes leave your exchange account logged in after a trading session? Would it be possible to guess or find out the recovery information to the email linked to your trading or Coinbase account? Do you ever search ‘Binance’ and then click the link instead of typing the URL directly into the browser?
If you answered YES to any of the above (or a number of other common mistakes) then you could be exposing yourself to unnecessary risk. Whilst it may seem over the top to implement all of the following recommendations, it’s prudent to take as many precautions as possible when it comes to assets as vulnerable to theft as cryptocurrency.
Whilst the current market has seen portfolios deflate in value in a seemingly never ending bear movement, I worry far more about the possibility of losing a large chunk of my portfolio malicious software than the market collapsing.
The hacking of major cryptocurrency exchanges has been a fairly frequent recurring event. From the Mt. Gox breach in 2014 of $475 million worth of Bitcoin to the more recent theft of $500 million worth of NEM from Coincheck in June of this year.
Whilst there isn’t much you can do if the exchange itself is compromised, there are precautions you can take to avoid losing funds as a result of you being the central point of failure.
One of a number of such examples of individuals failing to take necessary precautions is the $50 million stolen from users of Blockchain.info, a popular provider of digital currency wallets. The thefts took place using over a prolonged period of time using phishing adds. The scammers would buy Google Adwords for cryptocurrency related terms, drowning out the real Blockchain.info site with similar looking links such as Blockclain.info, then stealing the private keys once users entered them on the identical looking website.
Whilst many of the recommendations below might seem obvious, I would put money on most investors falling foul of at least one of these (I certainly have!):
Cryptocurrency Stored on An Exchange:
- Set up a dedicated email address for each trading account.
- The email account used for an exchange should have 2FA enabled and no account recovery.
- Use a unique and difficult to guess email username.
- Use all of the available characters for passwords.
- Don’t use password combinations you also use elsewhere.
- Use private browser when on an exchange and delete any history/cookies.
- Do not save auto fill account details of the exchange (username and password) on your computer.
- Exchange should have 2FA enabled.
- Save 2FA recovery keys in a secure location.
- Only keep funds you are planning to actively trade on an exchange.
- Run anti-virus software regularly.
- Never click on advertisements.
- Always type the exchange URL directly into your browser.
Cryptocurrency Stored Off Exchange:
- Use a cold storage hardware wallet bought directly from the manufacturer or use a device that has never been connected to the internet to generate wallet and private keys.
- Keep private keys for your hardware wallet in a secure location.
- Never discuss/disclose the value of your cryptocurrency assets in public.