If you decide to let an exchange or mobile wallet custody your crypto, the most obvious point of failure is forgetting the details that enable you to access that service.
In the first instance this means your Username and Password, which you should take appropriate action to be strong/unique and saved securely. If you save those credentials through another service, such as your Google account or LastPass, that in turn becomes a point of weakness.
Further to this, access to your email address is generally required to approve key actions, such as approving withdrawals, or setting up other security features, so take care to remember those access details. to, which are an other crucial layer of access.
If you take the non-custodial option – the DIY approach – the loss of access details will relate directly to your Private Keys or Seed. If you haven’t heard of him already James Howells provides one of the most extreme examples of this,
€337,500,000
The value of 7.500 bitcoin that in 2013 James Howells
accidentally threw away, stored as Private Keys
on a laptop hard driveAlways back-up your Private Keys or Seed – obviously taking appropriate security measures and storing in a separate location, preferably offline. Don’t use something perishable, like paper, or anything corruptible.
If you use a Hard Wallet you’ll likely have several layers of security and weakness: credentials for a dashboard service (e.g Ledger Live), a pin to access the device and the Seed. Of those, the Seed is most crucial, if all else fails, that will enable you to recover your coins.
The ultimate solution to protect your seed is to engrave the phrases into metal that is corrosion, heat and pressure resistant. Renowned Bitcoin evangelist, Jameson Lopp, has created an amazing review of the best metal seed storage engraving options.
Of course you then need to store that metal engraving somewhere safe, illustrating that the buck (or Bitcoin) has to stop somewhere.
Phishing
Guarding against phishing should be something that you are already wary of when using any online service. It refers to attempts to trick you into downloading malicious software which can then compromise your computer, or spoof sites which will then harvest your details and access funds/data.
This is particularly relevant for custodial services, for which phishing emails and fake websites are very common, but non-custodial options aren’t immune.
Ledger, the maker of a popular hard wallet, had a
database of customer details hacked in July
2020, including email addresses. Those customers
then became targets for phishing.Equally, browser-based services are often targeted with fake websites, which then trick users into downloading malware of harvest details.
To guard against email phishing:
- Use an encrypted email service like Protonmail and use it only for important services
- If you’re unsure whether an email is authentic, check the actual sending address rather than just the visible sending name; this is usually a giveaway
- Authentic services will often refer to you by name, Phishing emails don’t
- The content of Phishing emails is often poorly written or formatted
Leave a Reply