In the past few years, many people have started investing in cryptocurrencies as the stories of people getting double or triple returns on their investments have gone viral. In 2018 only, the number of investors and traders of cryptocurrencies increased by 17 million. As per the reports from wallets and trading platforms between 2018 and 2020, the number of cryptocurrency users increased by approximately 190%.
The high investments in cryptocurrencies come with security problems, scams, and threats in the crypto market. One can be duped of millions with just a minor mistake. For instance, there was a big phishing scam that went on for about three years. It scammed many investors and looted cryptocurrency worth nearly $100 million.
Hence adequate security measures are essential to be followed while trading or investing in cryptocurrency. One small mistake can cause a loss of hundreds of millions. This blog highlights the issue of security in cryptocurrency. It provides detailed information on securing cryptocurrency and essential tips for investing in the crypto market.
Security: Two-factor authentication
For protecting the cryptocurrency, it is essential to have two-factor authentication to enter the account of trading. It enhances the security of the account and notifies the user of the potential breach into their account.
Two-factor authentication increases account security by assuring it with a third party enabling high-security features for the account authentication.
A One-Time-Password (OTP) is sent to the user’s mobile device for logging into the cryptocurrency exchange account. One cannot enter the exchange account without entering the OTP received on the mobile device. This way, one will always have to enter the OTP while logging and also notifies the user if anyone tries to access their exchange account.
At times, people have weak passwords, and their login credentials can be compromised easily through keylogging or network sniffing and phishing. Two-factor authentication is the best security feature in such scenarios as the scammer cannot access the account without the OTP. Hence the account is very secure.
How to implement Two-Factor Authentication?
It is a simple process and requires a few minutes to secure the account with an extra security feature. It can be activated with the following steps-
Firstly, an app named Google Authenticator App has to be downloaded on a mobile device.
Enter the login credentials and log in to the exchange account. Select the option for “Two-Factor Authentication” found under the “Security Settings” category. A QR code will come up on the screen.
Scan the flashed QR code on the screen with the help of the Google Authenticator App. It will activate the Two-Factor Authentication. The Google Authenticator App will generate a 6 digit code after linking it with the exchange account. Enter this code in the “Authenticator Code” space in the account settings.
A pop-up will be flashed on the screen informing the user that Two-Factor Authentication has been enabled to the exchange account. Hence the account is secured with Two-Factor Authentication.
Now, the user has to enter the OTP every time logging into the exchange account.
- Always have a backup of the private keys before implementing Two-Factor Authentication.
- Always choose TOTP over HOTP for 2FA if the exchange account asks to choose between the two.
TOTP vs HOTP
While implementing 2FA, some exchange accounts allow users to choose between the kind of OTP they want to access the account. There are two kinds of OTP:
- HMAC-based One Time Password (HOTP)
- Time-based One Time Password (TOTP)
The major and prominent difference between these two kinds of OTP is that the HOTP can be valid for any amount of time, whereas TOTP is valid for only 30 seconds and will change after every 30 seconds.
TOTP is always preferred over HOTP as a new OTP is generated every 30 seconds by the Google Authenticator app. It is also very secure as it requires proper coordination between the mobile device and the app server.
If the user misplaces their mobile device, it becomes impossible to log in to the exchange account as they cannot generate OTP. Hence it is always recommended to have reserves of the private key while implementing the authentication.
If a user does not have any reserves of the private key, one can contact the exchange account’s support team. The user then needs to follow their instructions.
Sources of Risks
Along with the security measures, it is also prominent to know the sources of threats. It will help in better preparation against scams and will also keep people aware of the potential warnings.
There are mainly four kinds of potential threats to cryptocurrency. Following is the detailed information of these threats-
#1 Protection from Self
At times users also forget their login credentials or access keys (private/public keys) while their crypto coins are lost forever. Hence one can be aware of making such mistakes by following the below-mentioned tips-
- While registering for a new wallet, always remember to check the procedure of forgetting the password. This way, one will know the entire process without risking a high amount.
- Always keep a well-drafted backup of the private key. Keep this backup safely in some safe vault or a bank locker. It will be of great help in forgetting them. Upon obtaining the backup in the form of a print, one can use a USB cord to connect to the printer. Use a power cycle to erase the memory of the printer. Hence, it is advisable to keep a handwritten backup that is very safe and does not involve many risks.
- Avoid storing the backup keys and regular use keys at the same place. It might increase the chances of losing both the keys due to any mishappening like theft, hack, fire, etc.
- There are also multi-signature wallets available in the crypto world. These wallets need at least two pairs of keys (public/private) to authenticate a transaction. People having such wallets must be very careful while taking their backups. In a “2-of-2” authentication setup ( a set up where two private keys are required to authenticate a transaction), if a person is authorized to have both the keys, they should be careful and store both the backup keys separately.
- Remember not to store them with the regular use keys. In a “2-of-2” authentication setup, if the private keys are divided among both parties, try shifting to a “2-of-3” authentication setup ( a setup in which two out of three keys are essential to authenticate a transaction).
- In this setup, the third key stays with a trusted third party. The third party will be helpful when one of the parties is unable to complete the transaction.
#2 Opportunistic Attackers
This threat is generally for the casual traders and investors of cryptocurrency. Always be careful about protecting the main account.
One may think of an online wallet to protect here, but the prime account that needs protection is the email id. The user uses their email id in every operation, including resetting passwords, authorizing new accounts, and authenticating the transactions.
An opportunistic attacker will always be after the email id. Hence make it threat-proof and divert the attacker. One can do it by enabling multi-factor-based, hardware-based, or application-based security features to the email id. Once done, it is also essential to lock the crypto wallet with the multi-factor authentication factor.
#3 Dedicated Attackers
People trading or investing high amounts in the market must be aware of the dedicated attackers. There is a high probability that seasoned attackers will study the pattern and the investment of these traders and find a chance to attack them. They will try to phish them and will use the credentials leaked in earlier breaches of the account. These traders must know all the defense tactics to deal with such attackers.
Try to ignore web clients. Even if one wants to use them, keep complete power over the cryptocurrencies. There are several applications like coinbase that allow the traders to keep a “hosted wallet”. People do not have total power over the wallet. They need to preserve a certain balance in the wallet, allowing the user to use capital controlled by the coinbase.
It is advisable to prefer using desktop clients as these clients will give complete power over the keys(private/public).
Preferring a hardware client keeps a check on the private keys. Hardware clients do not allow the data concerned with the private key to ever come into contact with a system on an internet connection. Combine and coordinate a desktop on an internet connection with the hardware client to enhance security. These two will work in complete sync. The desktop will help in issuing transactions, the hardware client will enable the authentication of the transaction, and again the desktop will help transfer the transaction into the network.
If a user thinks that the threats or attacks are more sophisticated, they can use multi-signature (multi-sig) wallets that use at least two public/private keys to authenticate the transactions. One key can be kept by the desktop client, while the other one stays with the hardware client.
It will ensure high security to the wallet as both keys are required to access the wallet. Suppose the hardware client’s key is stolen or hacked, the attacker will not be able to access the wallet lacking authentication without the desktop client-key. Moreover, if malware attacks the system of a desktop client, authenticating the transactions will be impossible, as it requires a multi-sig wallet. Non-multi-sig wallets are easily prone to these attacks.
#4 Well funded, highly dedicated, and state-sponsored attackers
If a person is well-known in the crypto market to exchange a high amount of currencies, he should be aware of such attackers. Firstly, they must appoint professionals who could study the volatile environment and provide customized and personalized suggestions.
Try to follow all these security methods to keep the cryptocurrency safe and secure.
If a person controls a pretty hefty sum of cryptocurrency, he must also be physically aware and must have good security for himself and the devices.
It is advisable to make use of “cold storage” equipped with air-gapped systems. Always try having multi sig wallets for offline transactions. It can be done with the help of clients such as Armory and Electrum. The software will be installed on an offline or air-gapped system. It is a system that has no connection with any signal passing medium like ethernet, wifi, or Bluetooth.
Another copy will be installed on an “online system” in “read-only” mode. The online system will issue an unsigned or unauthorized transaction. A USB will be used to pass this transaction to the offline or air-gapped system. Here, the transaction will be signed or authorized with many private keys. Again the USB will be essential to send back the signed or authenticated transaction to the online system and will be passed on to the network.
Tips to Secure Cryptocurrency
Below-mentioned are some of the essential tips essential to secure cryptocurrency from potential threats-
Always keep an eye on the account activity
- Always conduct an audit on the cryptocurrency logins, wallets, and other relevant accounts to reduce the risk of a security breach.
- Always check the email used for registering various cryptocurrency accounts. It is always helpful to note down the accounts on a piece of paper. It will help in maintaining the record of the number of cryptocurrency accounts. It will make it easier to keep an eye on the account activities.
As mentioned above, this is essential in maintaining the security of cryptocurrency accounts. It will provide an extra layer of protection to the account.
Be aware of Phishing emails
Be very careful of the emails received. Firstly, try to avoid opening any suspicious emails. Never enter any sensitive information in any of the links received on suspicious emails.
These emails are also harder to identify as they look very genuine. Check the sources properly and then only respond to such emails.
More importantly, avoid using emails to transfer cryptocurrencies to digital wallets. Cryptocurrency exchange platforms or ICOs do not indulge in the transfer of cryptocurrency through emails.
Avoid Storing All the Money in an Exchange
In the past few years, several crypto exchange platforms have faced security issues. They are attacked, compromising their several accounts.
Hence it is not safe to store the entire amount on the exchange platforms. Wallets are essential for keeping money.
There are typically four kinds of wallets-
- Hot wallet
- Cold wallet
- Mobile wallet
- Paper wallet.
Experts in the crypto world suggest using the cold wallet for higher security. This wallet is also called a hardware wallet. It consists of a Secure Element (SE) chip that stores the keys safely in an offline mode.
One can opt for the following hardware wallets-
- Ledger Nano S
- Trezor One
Use software for hiding digital footprints
All the online activities are recorded in the form of digital footprints like site cookies, social media posts, login details, and IP addresses. Online attackers use these footprints to get personal information. It can cause a severe risk to the crypto accounts.
Hence one must be well aware of this and use VPN (Virtual Private Network) to hide their original identity or IP address. It will save a person from being followed and reduce any potential leaks of sensitive information.
As cryptocurrencies are evolving, so are the threats. Security measures also need to enhance with time. Like users, service providers are also equally responsible for the security of cryptocurrency.
The innovations in blockchain technology have helped a lot in enhancing the security features of cryptocurrency. Now it is not that easy to hack an account and take out all the money. The account security also depends on the security measures followed by the users. It also depends on the vulnerable points fixed by the software company.