Securing cryptocurrencies
It’s a jungle out there.
It has been a busy few months in the cryptocurrency hacking world. In the last six months we have seen a variety of hacks and scams, major and minor, hit the crypto world. The largest was a recent hack of the Poly Network, which saw US$600 million stolen using a protocol exploit. Then there are the many scams, from hacked YouTube videos to fake coin offerings where the coin/token creator just runs off with the money people invested.
If you run your own wallet, there’s also the danger of your PC being compromised by malware. A ransomware hack or data loss can leave you unable to access your wallet and therefore funds; and if the hackers get access to your wallet, then they can transfer the money out of it. And in the world of crypto there are no chargebacks or safety nets. Once a transaction is made, it is final, meaning the only way you might get your money back is if the hackers are caught by law enforcement (unlikely, since many of them live in countries where there is no enforcement of this kind of activity) or if they have a sudden attack of conscience.
For those reasons, it’s critical that you take extreme care with how you secure your cryptocurrency. We’ll look at some of your options below.
Wallet vs exchange
For most people the core choice comes down to self-hosting vs exchange hosting.
With a self-hosted wallet you store the private keys that can authorise transactions with your money on your computer and/or mobile device. The cryptographic keys are stored in a wallet application such as Exodus ( www. exodus.com), BRD ( brd.com) or Metamask ( metamask.io).
Wallets can be either full wallets, meaning they download an entire copy of the cryptocurrency’s blockchain to your device; or they can be ‘light’ which means that they only download a portion, saving space on your device.
Hosting your own wallet has its advantages. For a start, there’s a saying that many cryptocurrency enthusiasts use: “not your keys, not your coins.” Meaning that if somebody else (ie. an exchange) has control of your crypto keys, then you don’t really have control of the money. Self-hosting a wallet might also be the only way that you can ‘stake’ coins on certain proof-of-stake (PoS) networks that allow you to earn passive income on your cryptocurrency.
The downside of a self-hosted wallet is that you are in charge of the security of that wallet, so you absolutely need to do your research on securing it. As noted above, if the system you store the wallet on is lost or compromised, you can potentially lose everything – and people have, with an estimated four million Bitcoins lost forever this way. We’ll cover this more below.
The other option is to host your money on an exchange like Coinspot ( www.coinspot.com. au) or Swyftx ( swyftx.com). Exchanges are where you can trade between regular currency (eg. Australian dollars) and cryptocurrencies, or swap between cryptocurrencies. The majority of centralised exchanges will host a wallet for you, so when you, say, purchase Bitcoin on the exchange that Bitcoin will be attached to your account on the exchange. You can then send it on to a private wallet if you choose, or simply leave it on the exchange.
The advantage of doing that is that the wallet is protected by (presumably) professionals whose business it is to keep the data secure. You still have to secure your account using multi-factor authentication and a good password, but getting a malware infection is a much lower risk.
That being said, crypto exchanges are far from 100 percent guaranteed. In 2014,
Japanese crypto exchange MtGox was famously hacked, with the criminals escaping with US$450million in Bitcoin – none of which has been recovered or reimbursed. Just this year, another Japanese exchange, Liquid Global, was hacked and US$100 million in cryptocurrency was stolen, though Liquid says it will reimburse those losses, which is a sign of how exchanges have matured from the ‘wild west’ of the earlier era of Bitcoin.
Australian crypto legislation
The good news for Australian crypto investors is that there is some regulation of exchanges operating in Australia. Before 2017 it was a significant hassle to buy crypto as an Australian, since you had to arrange some kind of international credit transfer and in most cases you could not use a credit card.
As of 2017, however, crypto exchanges have been allowed in Australia, and they have to comply with government rules. They must register as exchanges with Australian Transaction Reports and Analysis Centre (AUSTRAC); they must maintain and provide financial records, and they must positively identify users (they will not allow anonymous accounts). While some users might not be happy with the lack of anonymity, the regulation does provide some level of comfort for users knowing that these services have oversight. If you really want anonymity, you can still use a foreign or decentralised exchange; it’s just less convenient. You can also transfer tokens/coins to a private wallet and what happens to the currency then cannot be monitored by the government.
Securing your own wallet
If you choose to go with the self-hosting option, you should do some serious research on how to secure it. Critically, you will need to ensure:
• You’re using a strong password. No dictionary words, names or simple phrases. Strings of
random characters only.
• You’re using a well known and reputable wallet application. Do your research.
• That your wallet is backed up. Even if you’re not hacked, you may lose your phone or your PC may decide to kick it. Make sure you have an up-to-date backup of your wallet and keys.
• That you use multi-factor authentication where possible. This depends on the specific wallet in use, but you should investigate security options and use them.
• That you create and store recovery phrases securely. Many wallets allow you to create a recovery phrase that will allow you to recover your keys in case of loss or damage. These tend to be quite long and inconvenient and are designed as a ‘last resort’ recovery method. Record the phrase somewhere physical and safe (on a piece of paper in a secure place, for example). Do not store it on your PC.
Apart from those, making sure your system is free of malware is your best protection, so all the usual precautions apply about opening attachments in emails, running anti-malware software, being careful about what you install, being aware of scams. Take proper precautions and your wallet should be safe, but you will have to take the time and learn about security.