How To Avoid Getting Hacked in Crypto
Hacking has been around for as long as access control for computing technologies was created. Even before the mass use of the internet in 80s, computers with password protection were being exploited. In 1965, MIT researchers found an exploit in a time-sharing software, where if more than one user attempted to access an editor, the system — only designed for use by a single person at a time — would erroneously swap the password file, exposing the other users’ passwords and allowing for access by that party.
But hacks in the cryptocurrency space are problematic since transactions are irreversible. Since the network is decentralized and trustless, it doesn’t have a mechanism to discriminate between transactions that are made with stolen coins or legitimate ones. Without the ability to cancel a transaction, the protections around preventing illegitimate transactions become incredibly important.
How Much Has Been Lost To Hacks?
High-profile hacks make for good headlines, so there is plenty of coverage around the largest ones. But for illustration sake, I will list the top 5 as of this writing:
• DAO, $53 million
• Bitfinex, $72 million
• Parity, $30 million + $275 million
• Mt. Gox, $460 million
• Coincheck, $530 million
While the numbers fluctuate based on the market price and the published amount at the time of writing, I think we can safely agree that over $1000 million has been lost due to hacks and human error.
How Thieves Steal Your Crypto
Perhaps one of the most important approaches in securing your cryptocurrency is to be aware of the ways in which it can be stolen. Below are just a few of the ways thieves have managed to bilk billions from honest individuals.
• Theft From Centralized Entities: You’ve probably figured this one already since the first half of the article addresses this. But it’s interesting to note just how much centralization plays a role in coin theft.
• Compromising Your Credentials: A hacker that gains access to your private key can move funds from your wallet from anywhere in the world.
• Phishing attacks: This involves a scammer tricking an individual into misplacing their trust to a “bad actor,” usually by similar appearance of a trustworthy entity. An example is when a scammer created a URL very similar to Binance in which the character “e” was replaced by a very similar looking “ẹ”(notice the diacritic under it). The fake site looked identical to the real one but would record all login information and even submit the credentials to the real site. It would display the user’s actual account information to make detection difficult.
• The $5 wrench attack: This is one of the worst kinds of attacks where a group of individuals kidnaps you and threatens bodily harm if you don’t hand over the credentials and passwords to all of your wallets and exchange accounts. These thugs almost always target individuals with a public persona.
• Copy-paste exploits: There are malware programs that can be installed on your computer without your knowledge — for example, being bundled with a legit program by an unscrupulous attacker. These programs can then replace the copied wallet address with their own, resulting in you unwillingly submitting crypto into their wallet.
Protecting Your Assets
Rest assured, all is not lost– there are still ways you can implement safeguards to reduce the chance of theft. Since cryptocurrency is a unique type of asset that affords a thief some form of anonymity and little chance of funds recover, implementing these practices, although an inconvenience, can spare you potentially significant and life-altering losses:
• Store your cryptocurrency and tokens offline in a hardware or paper wallet
• Secure your hardware or paper wallet in a locked safe when not in use
• Secure your private keys offline and away from where your wallet is stored, such as in a bank safe deposit box or other offsite secure location
• Limit cryptocurrency held at exchanges to what is needed for trading and exchange
• Use trusted bookmarks in your web browser to access your exchanges, wallets and other online cryptocurrency service providers
• Implement multiple passphrases on your hardware wallet to hide your primary wallet balances and mitigate losses as a result of the $5 wrench attack
• Implement F2A authentication with one form of authentication from an offline token generator like Google Authenticator
• Implement a multisignature approach for funds held on wallets
• Always double-check the wallet address after pasting it, and when supplying a wallet address to someone via email, chat or other digital communication, provide an image of the wallet address they can match it to, to verify they have received the correct address
Cryptocurrency presents us with some very specific and unique challenges around safeguarding our assets. But it also provides us with incredible opportunities to push the boundaries of financial technology to directly improve our lives.
By implementing good safeguarding practices, you can significantly reduce the chance of loss while experiencing the many benefits that cryptocurrency has to offer. For most, the tradeoff is well worth it. Perhaps, over time, the tools and knowledge will be developed to better track thieves and discourage theft in the first place. Until then, let’s not make their jobs any easier.