Bitcoin and other cryptocurrencies are the cool kids of the investment world, appealing to mavericks, futurists, and aggressive investors. Many forward-thinking investors are looking to crypto as a way of diversifying, and consider it an essential component of their portfolios.
The advantages are numerous and appealing – freedom from political boundaries, big banks, and federal rules are just the beginning. Some investors relish the privacy and anonymity.
Money Revealed expert Mike Dillard also notes that the blockchain itself is secure because of its decentralization and definite rules. He notes that while every bank and credit card in the world has been hacked, the blockchain itself has not.
To top it off, cryptos are expected to increase in value as more grow to understand them and seek out their advantages. Olga Kharif of Bloomberg writes, “The number of verified users of cryptocurrencies almost doubled in the first three quarters of the year… according to a study from the Cambridge Centre for Alternative Finance. Users climbed from 18 million to 35 million this year.”
But although the blockchain itself has never been successfully hacked, some of the exchanges have. The Guardian reported in July 2019 that, “A cryptocurrency exchange in Tokyo has halted services after it lost $32m (£25m) in the latest apparent hack on volatile virtual monies. Remixpoint, which runs the Bitpoint Japan exchange, discovered that about ¥3.5bn in various digital currencies had gone missing from under its management.”
Similarly, the Guardian reported the hack of Japanese-based Coincheck exchange in 2018. Fortunately, the company was able to reimburse some of the funds that were lost to customers. It turns out that a technical glitch on Coincheck’s part had made the funds more accessible to hackers.
Perhaps the most legendary example of crypto insecurity is the infamous Mt. Gox hack in 2011, in which hackers stole an estimated 2,000 bitcoins from the exchange. They were hit again in 2014 as hackers leveraged a bug in the system to steal even more.
Hackers only get more clever and innovative over time. For crypto investors, that means getting your crypto off the exchanges and any other online storage and keeping it in a secure wallet.
There are wallets and apps available that will allow crypto to be stored on a smartphone and other digital devices. Exodus.io and Jaxx.io are software wallets that you download to a cell phone or computer. Now your crypto is off the exchange and will not be lost to a hack.
This adds a definite layer of security. Making use of encrypted passwords, such as those generated by the free 1Password app is a further step that Dillard recommends.
However, in a practice called SIMjacking, hackers have been able to hack smartphones by figuring out user names and passwords and getting SIM card information from unscrupulous phone company employees. In addition to this risk, what if a smartphone is lost or destroyed?
There is a similar risk when storing the wallet on a computer – what if the computer dies and data is unretrievable?
Dillard says that his number one rule of crypto is to always control the crypto. Hardware wallets, he explains, are the best way to do this. He recommends wallets such as Tresure.io and Ledger.com.
These wallets are small, secure digital storage devices that can be stored in a safe, bank deposit box, or other secure location. Accounts can be transferred from an exchange or wallet directly onto the device and then stored in the secure location.
The benefits of a secure location can not be overstated. Consensys reports that threats could include a house fire, or something as nebulous as mere forgetfulness – one man is reported to have accidentally thrown away $9 million worth of crypto, while another caught his cat running off with hardware wallet in its mouth!
These devices are password-protected, and the crypto can be recovered even if the device is lost, simply by using the password. When a wallet is set up, the user is given a recovery seed of 8-16 randomly generated words. This recovery seed is the user’s password to reload the wallet.
To store the recovery seed and other secure information, Dillard suggests first creating a new Gmail address and use a completely new user name and password. Then download the Google Authenticator app, which generates two-factor authentication codes. These codes change constantly and only live on your device.
All passwords created in this process need to be strong, random, and unique. Phillip Martin of the Coinbase Blog recommends coming up with long passwords (16 or more characters), using password managers like LastPass, 1Password, or Dashline to create and store passwords, and to check to see if a password is risky by checking it on haveibeenpwned.com/Passwords.
Further, Martin suggests that users opt for a one-time 2-factor authenticator, or 2FA, to be sent to a smartphone or other device with every login. This measure is even more secure when done via authentication apps such as Google Authenticator or Authy instead of via SMS.
Finally, a little common sense can add a layer of security. Sarah Rothrie of Crypto Briefing suggests that investors keep mum about their crypto stash, saying, “If nobody knows about it, nobody can steal it. In many cases, people who’ve made themselves known as crypto users have made themselves a target.”