How to use your crypto wallet safely

Imagine that you’re entering your wallet and seeing no coins and several transactions to unfamiliar addresses. That likely means you’ve been hacked.

Due to the anonymous nature of cryptocurrency ‘ownership’ is determined by whoever holds the codes for it. So if it’s gone – in majority cases – it’s gone. You may track the address of the last wallet but it will give you nothing. Notify the company – it’s possible you are not the only one – and review your wallet and PC/smartphone security, if it has significant flaws.

Although if you kept your coins at a crypto exchange wallet and that exchange was hacked, there is a possibility that some kind of compensation will follow. The best thing you can do to protect your wallet is to make sure you’re aware of possible threats and you use your wallet correctly.

How can hackers steal cryptocurrencies?

The most popular type of fraud is phishing. Hackers may sent you a fake email from behalf of your wallet service, containing a fake URL, which may differ by one or several letters from the real URL of your wallet service. Or hackers even may redirect the right URL to fake URL when you’re entering the online wallet.

Besides of phishing, hackers use simple human mistakes, such as keeping private keys in mail, exposing the keys at public, using public unprotected networks that allows hackers to sniff all the information and find the password. Big amounts of tokens and large transactions may attract hackers to hack exactly your wallet.

Where to keep the keys?

A popular mistake is to keep crypto wallet keys in email, Google Drive or Dropbox, or any notes app in your smartphone. These are the first places hackers usually try to get in. In order to save your coins, you can relocate keys to any less obvious storage. You may record it to an USB stick, or just write it down and keep it in your drawer – you obviously shouldn’t expose it to anyone else. The shortest answer here is that offline is better than online.

What if you lose your keys?

For most popular software wallets, it’s ok to know only your backup phrase, a mnemonic phrase, consisting of 12 words. In case you forget your pin, you should just delete the app, install it again using the backup phrase, and create a new pin.

There are wallets that provide access via Touch/Face ID instead of pin-codes. For example, in the Lumi app, you should just switch on Touch/Face ID in the app settings. The good thing about apps like Lumi is that the only thing you need to know is a backup phrase. The bad thing is that once you’ve lost the backup phrase, you’ve lost an access to your wallet. In this case, technology is helpless. The last hope for such luckless crypto owners is hypnosis.

If your wallet sets a new address every time you sign in – it’s ok

This method is called HD-safe, or “hierarchical deterministic”, and means that every time you send or receive funds, a new address will be generated for your wallet. That’s a useful option, because it makes your transactions harder to track, and impossible for hackers to calculate the actual amount of money you keep at your wallet. If you need to transfer a big amount of coins you better split it to several transactions.

Is there an ideal wallet type with the best security level?

Unfortunately, no. All wallets differ by online and offline types, and the security mechanisms differ respectively.

The majority of existing online cloud wallets, or so called ‘hot’ wallets, use two-factor authentication, in case hackers try to enter your email. ‘Warm’ wallets, the ones that you install as a software to your computer, or as an app to you smartphone, use 12-word backup phrase and pin-codes. ‘Cold’ wallets are hardware ones, that are located at a USB stick or a special gadget — it seems like the most secure way so far, but even hardware wallets are not foolproof. Regular updates and careful key management are still vitally important.

Whatever kind of wallet you use, you should make sure that your laptop or smartphone doesn’t contain malware.

Leave a Reply

Your email address will not be published. Required fields are marked *