If you are a cryptocurrency trader or holder you have probably heard of cases of people’s wallets being hacked with their coins vanishing into thin air. Recently, Ian Ballina, a cryptocurrency influencer and investor lost about $2 million right from his wallet. More recently, MyEtherWallet (a web-based Ethereum wallet) had a DNS attack which cost innocent users their cryptocurrency. With all the different storage options for cryptocurrency, cyber-security seems to be an impossible task.
A trusted method of preventing cryptocurrency theft is to create an offline wallet. One of the most popular offline and secure methods of storage is the Ledger Nano S. The Nano S is a hardware wallet which only allows coins to be moved upon PIN code entry and button presses. The device only turns on upon being plugged in. Even if someone gained access to your computer while the device was plugged in, they would be unable to steal your cryptocurrency.
Private keys serve as an “account password” and are used to approve transactions. Never share your private key with anyone. Your private key is a long series of numbers upon wallet creation similar to this:
Public Keys and Addresses
This private key is used to generate an even longer key referred to as the public key. These two keys are used to generate a 40-character string called a public address. This address is used to transfer funds, and is normally found this format:
It should be near impossible for any hacker to get access to private keys if proper storage is done. Blockchain technology is inherently public and immutable and allows anyone to make transactions (including hackers) approved by the private keys. Keep your private keys secure, and your coins will be secure.
By creating a wallet completely offline, an attack vector is removed from potential hackers. In some cases, hackers will have remote access to a computer when a wallet is created, compromising its security.
Combating Phishing in Cryptocurrency
Despite all the security measures put in place, one still needs to be on alert as it is highly required in this instant time. In 2017, over $400 million was taken from ICO treasuries from hackers.
Most ICO fraud has occurred through phishing which is when someone misrepresents themselves as the legitimate party receiving the funds. Instead, victims will be tricked into sending funds believing its an ICO address or giveaways.
Fraudsters have also impersonated famous names and organizations in the cryptocurrency industry on social media, tricking users to send funds with fake promises.
These phishing scams are known as social hacking. To avoid this, it’s best to verify the authenticity of the address or person the fund goes to. Double check a Twitter accounts username to make sure it is the real user (it most likely won’t be if they claim to be doing a giveaway). These accounts often use similar profile pictures and will sometimes even have a fake verification check mark.
Using MetaMask and the myetherwallet extension can also help one avoid being phished, because the URL to the ethereum main network is already hard-coded.
Never click a link to myetherwallet (dot com). Type the full name into the address bar, and when the page has loaded, check that the connection is secure (the padlock). Then make a bookmark of that and use that bookmark to visit the page in future. If you allow your browser to autofill the url, it could autofill an address that looks very similar. A recent scam that we discovered involved using unicode to make the url look very similar to the real address. Can you see why this url is incorrect?
etḥereum (dot com)
The actual URL in a non-unicode browser would display as xn--etereum-yt3c (dot com), but did you notice the ḥ? That dot under the ḥ is a unicode character that looks to us like a h, but is actually a character used in some languages to indicate a certain phoneme.
Notice this url: ṁyetherẉallet (dot com)
Those dots are not screen artifacts. Note that these websites have been taken offline because Digitex staff alerted the relevant authorities, but they appeared in browsers WITH the secure padlock, and looked almost identical to the real websites.
As stated above, using secure hardware wallets such as Ledger Nano S ensures that one’s digital assets are safe. At a price of $100, the Nano S is relatively cheap considering just how secure the device keeps your coins.
- Keeping your coins safe seems to be an impossible task.
- A trusted method of preventing cryptocurrency theft is to create an offline wallet, such as the Ledger Nano S
- Never share your private key with anyone.
- It should be near impossible for any hacker to get access to private keys if proper storage is done.
- Fraudsters often like to impersonate famous names and organizations in the cryptocurrency industry on social media, tricking users to send funds with fake promises.
- Using MetaMask and the myetherwallet extension can also help one avoid being phished.
- Never click a link to myetherwallet (dot com). Type the full name into the address bar, and when the page has loaded, check that the connection is secure (the padlock).
- Using secure hardware wallets such as Ledger Nano S can help ensure that one’s digital assets are safe.