Cryptocurrencies are very popular at the moment, and some people are making big profits by trading. However, most people do not look into security and this is why some people end up losing their hard earned money. Digital currencies are very attractive for hackers, as they are easily transferred around and very difficult to track. In this article, we will look into how you can protect yourself and your cryptocurrency against hackers and other malicious parties.
The most common way of losing your cryptocurrency is a phishing attack. You are probably getting many bitcoin related emails at the moment, and those emails want you to take some kind of action. Some of the most common ones are the ones impersonating Coinbase, Blockchain and Binance. You should never click any links in any email that you do not expect, i.e. a password reset email that you have just requested yourself is okay to click on.
However, there are many other ways – more sophisticated ways. We are pretty sure that most people know about phishing attacks by now and how they work. To stop a phishing attack, as mentioned before, you should never click on links in emails. Furthermore, you must set up two-factor authentication on all cryptocurrency platforms and exchanges. This makes your security level much higher. Do not use SMS, you should use Google Authenticator or something similar.
One of the more sophisticated ways involve swapping the recipient bitcoin address with the address of the hackers. The swap occurs right before you click on the last button that confirms the transaction. It is very difficult to see, and it can happen on both computers and mobile devices. It is most likely to happen on a computer, as people tend to download more programs and executables on their computer.
A solution to this problem is to use a hardware wallet such as the Ledger Nano S. If you have never heard about the term hardware wallet before, we will explain it briefly. A hardware wallet is a device in the same size as a USB flash drive. This device can be connected to any device, usually computers and mobile devices, and it will strengthen your wallet security a lot. When sending a crypto transaction, you will need to physically confirm the transaction by pressing a button on the device itself.
So, when a bitcoin address swap attack occurs, you will be able to see that the recipient address has changed before you confirm the transaction. Devices like the Ledger Nano S have a LCD display on them displaying the transaction amount, the fees associated with the transaction and most importantly the recipient address itself. A hacker can still successfully perform a swapping attack, but that requires you to not pay attention when confirming the transaction on the hardware wallet. The advice is therefore that you always pay attention when making a transaction in any cryptocurrency.
We have already mentioned that you must use two-factor authentication (also known as 2FA or MFA) in the beginning of this article, but you can do even more to strengthen your account security as it is not viable to hold all of your cryptocurrency on a hardware wallet if you are an active trader.
Back in the days, people used the same username and password everywhere. It was convenient, understandable. After thousands of leaks and more focus on online security, people have started using unique passwords and password managers. This is a good trend, but many still use the same email address everywhere. Our tip is that you create an unique email address for every crypto exchange and platform you have signed up for. Why? It reduces the risks of phishing attacks, and it is a lot better for your anonymity if you choose neutral email addresses.
It is possible to create aliases on Outlook (email addresses ending in @hotmail.com or @live.com) and you can use the dot trick in Gmail. However, not all exchanges and platforms accept these, and they are still linked to you in some way. Therefore, you should create a new account and store the unique passwords in a password manager such as KeePass. A good email provider is Protonmail. They promise that they do not keep any logs or anything like that – but they are not able to recover your email account if you do not set a recovery email. Keep that in mind, if you choose not to put in a recovery email address.