When you own BTC, ETH, or DOGE, what you really own is a private key… Anyone with access to this private key will have full control over your assets. What this means is that no one – no bank, no regulator, not even mom – can stop a thief spending all your hard earned DOGE. Once it’s gone, it’s gone.
Understandably, cryptocurrencies and blockchain can be quite daunting for beginners. But this is not an excuse to be lazy with our money. Security is not to be overlooked and must be on the top of everyone’s list, whether you happen to be a newbie or a seasoned HODLer.
“Not your keys, not your coins” is a mantra often repeated in the world of cryptocurrencies. And it means exactly what it says: if you don’t have sole ownership of your private key, then you aren’t the sole owner of your assets. Most of us will have purchased our first crypto through an exchange such as Coinbase, Kraken or Binance. These are platforms that allow buying and selling of crypto and by agreeing to use their services, we have also accepted their custody of our private keys (i.e. coins). Yeah, leaving your DOGE means it’s technically Coinbase’s DOGE, not yours.
What you should have hopefully gathered up to this point is that to minimise the risk of you losing all your crypto holdings, you have to take control of your private keys. Ensure that you and only you have the knowledge of how to access your funds: be it a private key to your bitcoin wallet address, the twelve-word seed to your Ledger, or the PIN to your Trezor (we’ll get to all this a bit later).
So, how can we make sure our funds are safe? Here is a list of best practices:
Best practices:
2FA – The first and easiest thing to do is set up 2 factor authentication on everything from the exchanges you use, to your email accounts (as well as everything else). We recommend choosing authenticators such as Google authenticator or Authy instead of TOTP sent via sms as these can be easily compromised by experienced hackers.
Password Managers – A good rule of thumb is that passwords and usernames can be jeopardised and that it’s only a matter of time. Avoid repeating passwords no matter how complicated they may be, because one compromised account puts all your other accounts at risk. Remembering passwords must be the bane of technology but it is crucial to get this right. Have in your mind one super difficult, master password and use a password manager to encrypt unique passwords for every service you use. We have experience with Lastpass and Keeper.
Cold Storage (Wallets) – More on this later but this is one way in which you can have full control over your private keys; meaning you and only you have access to your assets. There are four types of wallets you can choose from either a paper wallet, software wallet, online wallet or hardware wallet. Their levels of security and functionality vary, so it is worth understanding which option is best for you.
Discretion – Lay low, and play it safe. In a bull market, you may suddenly find you have more money than you thought you’d be comfortable with. Don’t let that get to your head, play it cool, lay low and keep it to yourself. There is really no benefit of letting others know how much you have apart from bragging rights. All it takes is one wrong move, one moment of pride and complacency for you to lose it all.
Always beware of phishing and scams – Always be on the lookout for red flags and remember that NO ONE has a right to know your private key apart from you, unless you’ve entrusted it to a selected person or exchange. If using a hardware wallet, you should never be requested for your seed phrase. I repeat, never, ever, ever, ever – not even if Ledger contacts you about your assets being at risk due to a supposed hack. This is a typical scam and if you’re feeling suspicious about someone or something requesting sensitive information, then say it with me “ NO ONE has a right to know your private key apart from me”. This is private and should be known by you and only you. Beware of false websites set up by malicious actors with domains very similar to the one you are looking for. Be careful of phishing attempts through your email; always check the sender address if you have doubts (today, most services that contact you have what’s called an anti-phishing code which is something that you’ve picked and only you and the service you trusted with it should know) Whenever you’re entering sensitive data, always, always check you’re on a secured site (by double checking the green Padlock on the URL tab).
VPN – When it comes to security, it really is better safe than sorry. For that reason, it’s certainly worth browsing and connecting to the Internet through a VPN. This will hide your personal information and your activity, reducing the risk of hackers associating you with the wallets and crypto assets you interact with.
While we’re on the topic of personal information, there’s always a chance of your name, phone number, e-mail and even home address being leaked. In fact, in 2020 alone there were several data breaches related to Facebook, Twitter and most notably Ledger. So, what do you do when your security has been compromised and you’re made among the many at risk of being targeted by hackers and scammers? If you discover your personal information has been made public, make sure you change all usernames and passwords of affected services. Gmail and other established services are pretty good at sifting out the spam, scams and phishing attempts but there’s always a chance of malicious attempts going straight into your inbox. Watch out for those red flags, if something doesn’t seem right, assume it isn’t. Trust your instincts and if in doubt, do not click on any links or download any files. Above all don’t fall straight into a hackers trap by giving out sensitive information and never ever send money to strangers, EVER!
