One of the most difficult things for a new cryptocurrency investor to initially get to grips with is the extent to which you are the sole custodian of your new asset. It’s completely different from having funds in a bank, for example, where you are a customer with rights and protections. And the first lesson you need to learn is: do NOT leave your coins hanging around on the exchange where you bought them!
There are a number of reasons why you don’t want to do this:
Firstly, exchanges can get hacked.
Cryptocurrencies are booming, and they’re big news. They’re also pseudo-anonymous and easy to move around the world in a flash – no wonder they’re attractive to hackers. And what is really, really attractive to a hacker? An exchange they know is loaded with lots of lovely money. As a consequence, they operate in a state of open warfare against continual penetration attempts, an ongoing arms race in which sometimes the hackers pull ahead – and funds are stolen.
Sure, some exchanges offer various insurances and guarantees, but at the end of the day if your coins are taken you are largely on your own. And – as the owners of the $450 million Bitcoin ‘lost’ from the Mount Gox exchange found out in 2014 – it’s unlikely that any assets exist to replace what is taken, whatever the cause of their disappearance.
Secondly, YOU can get phished
Even if the exchange itself never gets compromised, fraudsters know that people are logging in and out of them all the time, and go to increasingly subtle and sophisticated lengths to try and get you to log in somewhere else instead. Would you have spotted this one, using an ṇ instead of an n? Certainly in a mobile browser, or an underlined link in an email, you wouldn’t see it at all:
Creating a site that looks enough like the real (and perfectly genuine and secure) Binance exchange is all it takes to complete the illusion and collect people’s passwords.
You can protect yourself to some extent by enabling two factor authentication on all exchange account logins, and using an anonymous dedicated email account for all your cryptocurrency transactions. But the sums involved on exchanges are simply too tempting, so the efforts to rob them will never stop.
So, what can you do?
Keeping your assets warm – or cold
It comes down to the usual trade-off in tech: convenience and usability, versus security.
Funds on an exchange are easy to access and trade, that’s what the exchange is for. Day traders need to be able to move as fast as the market moves, and have to keep their coins right there, ready to buy or sell as soon as the signals are right. But most of us transact much less frequently, and can tolerate slightly less convenient access to our crypto coins, in the name of better protecting them.
The next step is to move your coins to a browser-based ‘hot’ wallet, which is more secure than an exchange but still easy to operate online. Some of them are directly connected to exchanges, like Shapeshift, so you can pretty easily make some quick trades, whilst knowing your coins aren’t sitting there right on the exchange itself. You can make a hot wallet a bit more secure by using a dedicated machine, which is never used for everyday browsing.
There are also desktop wallets like Exodus, which run on your local machine – but of course do have to connect to the internet to transact. They are one stage safer though, because your private keys are stored on your own device, not on the server on the exchange. Of course, you need to keep your machine free of malware, etc, but it’s likely not tempting the big-time hacker attempts in the way an exchange does.
But to truly protect your cryptocurrency from online attacks, you need to get it right OFFline – to a cold storage wallet. Put a literal gap, an ‘air gap’, between your private key and the internet. If you think of a hot wallet like the wallet in your pocket – convenient, accessible, but never carrying around more than you could truly stand to lose – then cold storage is akin to a safe or deposit box.
There are a number of dedicated devices you can use to store your cryptocurrencies on, including the Trezor, Ledger Nano and Keepkey. These devices all support different coins and have pros and cons and as ever you need to do your own research, but they’re essentially USB keys secured with a ‘seed’ phrase (usually 12 or 24 words) in addition to PINs and passwords. Securing that seed phrase is vital, and depending on the size of the asset to protect, you might want to keep a copy in a separate location.
You are of course placing your trust in the manufacturer of the device itself, and it goes without saying you must never ever use a pre-owned storage device.
The coldest and least accessible choice of all is to generate a paper wallet, using a specialist online tool for this purpose – but don’t even go to the site until you have run all the virus and malware checks on your computer. After you get there follow the instructions carefully, including downloading the site for offline use, and ensuring that your computer and your printer are fully offline, before you ultimately print out your cryptocurrency wallet.
This is a great way to share or gift cryptocurrency, but as a long term storage option, it does need to be considered vulnerable in the sense that any piece of paper is vulnerable – if that private key is damaged by water, fire, fading or anything else, it’s gone for good.
It’s a good response though, to people who say they don’t trust any currency they can’t see physically, or hold in their hand! Give them $10 worth of Litecoin or something, on a paper wallet, to get started with – who knows how far down the rabbit hole they will tumble on their cryptocurrency adventures?