2021-11-24
Securing Your Cryptocurrency Wallet
Most people usually begin their crypto journey with centralized exchange (CEX) such as Luno, FTX, and Gate.io as it is easily accessible and fiat deposit enabled. As time goes by, they advance and will start to look for alternative ways to gain in the crypto world such as in decentralized exchange (DEX) or buying and selling Non-fungible Token (NFT). In order to connect to DEXs or marketplaces and also to store the tokens and NFTs purchased, a user would need to have a crypto wallet.
Crypto wallet exists in two forms; physical such as a Ledger (cold wallet) and a software program (hot wallet) such as Metamask and Phantom. It is used to store private keys safely and also allows sending and receiving transaction. Crypto wallet uses two key pairs; private, which gives access to your wallet and public keys, which is similar to bank account number. In this article, we will focus more on hot wallet.
The rise of interest in cryptocurrency had also caught the attention of scammers. According to a report by CBS News on June 2021, in America alone, more than $80 million in cryptocurrency investment scams were reported since October 2020, which resulted in a 1,000% increase from the previous year.
There are numerous ways to get scammed in the crypto world, and one of the famous way is through stealing money directly from your crypto wallet, like what had happened to this user on twitter:
@0xflim told his story of getting scammed on Twitter. Read the full thread here.
Almost 500 ETH which is equivalent to around $2 million USD was stolen from his Metamask. From his tweets, he himself is unsure on how the initial compromise had happened and thought that it was probably from malware attack.
Other than that, there are also other ways for crypto wallet to be hacked, such as from phishing scam, fake mobile applications, fake IDO Whitelist and exploitation of SMS 2FA verification. So, how can we avoid this from happening to us?
They said, "prevention is better than cure". Therefore, before the same thing happens, it may be best for us to take precautions in securing our crypto wallet.
Recovery phrases that were given when you open your wallet are a set of very important keys that can be used to unlock your wallet. Anyone with the phrases can access your wallet even if it is already being opened by you in your device.
Hence, the recovery phrases need to be kept safely; not by screen-capturing and saving it to your photo album or saving it in contacts and notes. This is because your phone or computer may be hacked without you knowing, and the perpetrator may access all applications and documents to get your recovery phrases. The best way to store your recovery phrases are offline and keep them somewhere safe.
Auto-approve was created to ease transactions in the wallet. However, it also has helped to ease thieves for stealing cryptocurrencies in the wallet. Due to that, it is best to turn off the auto-approve setting and just go through the hassle when connecting with DEXs or marketplaces.
As there are a lot of reported cases received on auto approve transaction, on October 8, 2021, Phantom had decided to remove auto approve setting and only allows advanced users to use it.
A burner wallet means that the wallet is used for minting or transacting on that particular time only. It is not used to store cryptocurrency. Only a certain amount which is needed will be sent to the wallet and be used immediately.
For example, a user will need to have 2 Phantom wallets. The main wallet will be used to store cryptocurrency and it is not connected to any DEX or marketplaces, while the burner wallet will be used to mint and operate transaction.
Oftentimes we heard about wallets getting hacked after not logging out from the exchange. Hence, after every mint or transact, please ensure to log out and revoke access from the sites that were connected to your wallet.
Phishing may exist in many forms; be it in Google ads, random links, fake mobile apps or browser extensions. These links and fake apps are created to steal your recovery phrases to access your wallet. Please ensure that the website you are visiting or the application you want to download is legit before proceeding with any transaction.
A malware attack is when a malicious software that was installed in victim's device executes an unauthorized action on their system. It is often used to gain personal information for financial gain. Therefore, under any circumstances, please do not click or open any suspicious files found in your machines.
Unlike hot wallets, cold wallets are not connected to the internet, hence, they are not prone to cyberattacks. Criminals would need to be physically available in order to steal from the wallets. For safety purpose, cold wallets need to be kept in a secure and safe place.
We are often told to change our password frequently for our important accounts, such as emails, computer password or online bank account. Thus, it should also be a good practice to be used for crypto wallet and exchanges. Frequently changing password, using different password for different account and setting up two factor authentication (2FA) are great ways to keep your account safe.
As cryptocurrency continues to gain its popularity, it will also attract the attention of cyber criminals. Getting our hard-earned money stolen is probably the thing that we wouldn't even wish to happen to our enemy. So, please remember to always take precautions and keep yourself updated with the latest news related to security.
CrepeToast