Have you been hacked? Would you even know if you were? What can I do to avoid losing my crypto to hackers or scams?
I run into these questions from people all the time and I always hate to hear when someone has been hacked and lost their cryptocurrency. Many times this comes down to just general security of your computer or your phone, but there are some very clever ways that hackers and scammers trick you into getting access to your funds. I take a quick look at some of the most common security loop holes as well as give you my top 6 tips on how to avoid being hacked.
Popular Hacks & Scams
Hacking is not new, but when you commit to "being your own bank" this comes with the responsibility of truly managing your own security & understanding the threats that are out there. The risk of losing your cryptocurrency can be greatly reduced if you just stick to some basic best practices. Here are some popular hacks and scams that people commonly fall victim to.
- Phishing - This is one of the MOST common ways that hackers gain access to your private data. Pronounced "fishing", it can come in many forms like an email from an address that is very similar to one that you would normally open. You will get ones that say "you won money" or "we have suspended your social security number call us", you read the email and click on a link taking you to a phony website where they can then steal your personal info. You may even encounter these fake websites while searching or in link on forums.
- Malware - We download a lot of content from the internet and visit a wide variety of websites. It's pretty easy to pick up various types of malware on your computer and not even know it. These include trojan horses, keyloggers, fake mobile apps, and more. The big threat here are the ones that snoop for your private keys being copied & pasted through normal use. In addition, there are a LOT of fake apps on both the Google & Apple stores that you may download thinking they are the official ones and then enter in your private keys and data.
- Centralized Systems - If you leave all your crypto on a centralized exchange or similar type of platform you are basically begging to be hacked! Trusting a 3rd party to hold your crypto for you is a major security risk. Proof? Here are some of the top crypto hacks of centralized platforms;
DAO - $53 million
Bitfinex - $72 million
Parity - $30 million + $275 million
Mt. Gox - $460 million
- Sim Swapping - This is one of the latest security threats that you may or may not have heard about. It is the process of a hacker finding out your personal data, then using your data to convince the phone company to switch your phone number over to a SIM card they control. This then gives them access to ANYTHING that is linked to your phone. Millions of dollars in crypto were recently stolen by a 20 year old using this technique.
6 Tips To Avoid Losing Your Crypto To Hacking
Here are my top 6 tips and basic steps you can take to secure yourself from hacking & scamming attempts that are trying to steal your cryptocurrency.
- General Computer Security - The first step to avoiding loosing your crypto is to make sure your general computer and phone security are in place. For your desktop or laptop make sure you have an anti-virus software installed. There are a ton of free ones like Bitdefender, but also look into installing a malware scanner like Malwarebytes which is also free. For your mobile phone, Lookout is a great app that is free and helps secure your phone from hacking. Other ways include using a VPN (Virtual Private Network) to keep your internet connections secure. I like to use Hidester VPN (of which I am an affiliate).
- Two Factor Authentication (2FA) - In cryptocurrency a good 2FA system is a must! Two Factor Authentication means that to log in or access personal data you must do it in two ways. So a password and then a code from your phone. I recommend either Google 2FA or Authy for your phone. These apps are tied to your specific phone so they are impervious to a SIM swap attack. NEVER use the "text message" 2FA mode for anything as most text message apps are not encrypted or secure.
- Own Your Own Private Keys - Leaving all your funds on an exchange like Coinbase or Binance is just silly. While we DO have to trust exchanges from time to time, you should only leave what you are using for active trades on the 3rd party platform and move the bulk of your funds to a wallet where you own the private keys. This will prevent your hard earned crypto from getting stolen during an exchange hack or similar. "Not Your Private Keys, Not Your Crypto".
- Cold Storage - In regards to the above, its a good practice to move really large sums of crypto into a cold storage solution. This is a fully offline device or wallet that keeps your cryptocurrency extra safe and is a great long term solution for hodling your coins. I recommend the Ledger, Trezor, or even the Coolwallet S as a high quality cold wallet solution (these are my affiliate links, I have extensively tested them). Using a cold storage solution completely takes your crypto out of play for a remote attack, but remember to hide or store it in a safe location because the threat of physical attack is still there.
- Double Check URL's & Apps - To avoid being phished, always double check the url's of the websites where you are entering in sensitive data as well as anytime you click to a website through an email. It is REALLY easy to glance at a url and think it is right and then realize it had one letter that was switched out like an "I" for an "l". Same thing goes for the apps you download. Double check they are the official version of the app before downloading as there are a lot of impostors out there. You can always follow a link directly from the verified homepage of the project.
- Add A PIN & Disconnect Phone From Accounts - The best way to avoid being SIM swapped is to make sure you have a PIN number on your phone account. Companies like Verizon make this mandatory, but others only have it as an option. This will add one more security layer between you and a hacker trying to swap out your SIM as they will need to know the PIN to do so. The only thing this wouldn't stop is if there is an insider at the phone company that could have possible access to this PIN. In this case it is also good to make sure you don't use your phone number as the reset or forgot password option for your email accounts and similar. Disconnecting your phone from these types of "resets" will also prevent a hacker from getting to more of your data if there is a breach.
Being your own Bank can be a scary thought, especially for beginners in cryptocurrency. We have been trained since youth to recognize only one system for doing things financially and it has been to "trust" your bank. In this new age of financial freedom, we must take back some of that trust and educate ourselves on the best security practices if we are to take these matters into our own hands.
It's not an easy thing to do, so I applaud you for taking the first steps in this financial revolution!
I really hope that these security tips help you along your crypto journey. If you know any other helpful tips that I might have missed, leave a comment below with them and I can update this article. Until next time...
'Stache That Crypto Friends!