How To Secure Your Cryptocurrencies – Hacker Noon

1.0 Gone Forever

At least 26,500 Bitcoins, 430,000 Ether, 11,000 Bitcoin Cash and 200,000 Litecoin have disappeared forever.

This was due to the death of a cryptocurrency exchanges founder, who was the only person to know the private keys for the “cold wallets” used to store the exchanges various cryptocurrencies.

The founder, 30 year old Gerald Cotton who founded the cryptocurrency exchange QuadrigaCX, unexpectedly died whilst in India due to complications from Crohn’s disease on the 9th of December 2018.

QuadrigaCX is one of Canada’s largest cryptocurrency exchanges and it is estimated that the dollar value of the lost cryptocurrencies is at around $147 Million.

Other reports put an estimate at over $250 million for the assets owed by QuadrigaCX to it’s customers.

Now we have a lot of investors who are potentially out of pocket and a company that owes hundreds of millions worth of assets to it’s customers due to the unforeseen and unfortunate passing away of it’s founder.

However stories like this are not uncommon, it is estimated that nearly 4 million Bitcoins are lost forever due to theft, lost private keys and blunders like the one investor who threw out his hard drive which contained 7,500 Bitcoins.

2.0 Into The Abyss

Since cryptocurrencies are governed through blockchain technology instead of a single entity, every user is ultimately responsible for their blockchain based assets unless they pass through a centralised system such as an exchange for example.

For one user to transfer cryptocurrency to another user they need wallets. A wallet signifies that a certain person owns the cryptocurrency, but NO cryptocurrency is actually stored on the wallet, it is stored on the blockchain instead.

Think of an apple and two pieces of paper on a table:

The apple = Cryptocurrency, in this case lets say 1 BTC

The table = The Blockchain, in this case the Bitcoin blockchain

The two pieces of paper = Two different wallets owned by two different users

Now lets say User A owns the first piece of paper and on top of that piece of paper is the apple which he also owns. Next, User A wants to transfer his apple to User B (a friend, an exchange or simply another wallet he owns).

User A moves the apple from his piece of paper to User B’s piece of paper, the apple (Bitcoin) stays on the table (Blockchain), but User B’s paper (User B’s Wallet) signifies that User B is in ownership of the apple.

I hope this clears up how Bitcoin and other cryptocurrencies are transferred but we will go into it more below.

Every cryptocurrency wallet is comprised of two elements, the public address (used to receive cryptocurrency) and the private key (which is used to spend cryptocurrency).

If you own a hot wallet (software wallets connected to the internet in some way) then you can send cryptocurrency as easily as you receive it.

However these wallets are seen as less secure since the private key is stored on applications which are connected to the internet.

Since the internet connected software or application holds the private keys, it is potentially vulnerable to hackers if they are able to successfully compromise the application.

This is the reason why many exchanges may decide to store a users cryptocurrency on a “cold” or offline wallet.

A “cold” or offline wallet is not connected to the internet in any way and you usually have to use the private key to “spend” the wallet.

Paper wallets for example have to be imported via their private keys into a “hot” wallet to be spent, this is why it is recommended to users to create a new paper wallet after spending one.

You can use BitAddress.org to generate a Bitcoin paper wallet and MyEtherWallet for generating Ethereum and ERC-20 paper wallets.

An extra layer of security can be added to paper wallets by using a paper wallet generator that’s add the option of encrypting the private key with a password.

I hope now you can see how important it is to have a backup of your private key or password, because if you lose it there is no password or private key reset option!

You also have physical cold wallets like the Ledger Nano S or Trezor, which are known as hardware wallets.

For these cold wallets you need to know the pin number for the device and then use their respective applications to transfer funds out of them.

Other cold wallets include software wallets which work offline, these are usually desktop wallets like Bitcoin Armory for Bitcoin and Rippex for Ripple/XRP.

If the owner of a cryptocurrency wallet loses the private key or passes away without any accessible backups, those coins are now lost. Forever.

This effect is so permanent that developers even use this method to “burn” or remove coins from circulation.

They will create an address for their token, dispose of the private key and then transfer a number of tokens to that address to be “burned”. Never to be accessed or used again. Ever.

These transactions are irreversible since there is no middleman involved in blockchain based transactions, all transactions are peer-to-peer.

The funds can only be returned if the owner of the receiving wallet decides to send it back. If there is no owner or the private key is missing then you can kiss that precious crypto cash goodbye.

3.0 Code Is Law

Missing private keys are not the only risk that cryptocurrency users and investors face.

If you are familiar about the story behind the infamous incident involving The DAO then you probably understand the saying “Code Is Law” within the blockchain space.

The DAO was a digital Decentralised Autonomous Organisation, a form of investor directed venture capital fund. The DAO crowdfunded $160 Million through a token sale in 2016, which was the largest ever crowdfunding campaign in history at the time.

In June 2016 hackers exploited a vulnerability of the code which allowed them to steal 3.6 Million Ether. There was a 28 Day waiting period before the hacker would be able to transfer the stolen funds from The DAO account to another address.

The Ethereum community eventually decided to execute a hard fork to undo the damage and return the stolen funds in July 2016. The majority of the Ethereum community including Vitalik Buterin, decided that the stolen amount was too large and may lead to the demise of Ethereum.

The hard fork was executed and the stolen funds returned back to their original owners, however a sizeable minority believed that the blockchain should remain immutable and that “Code Is Law”.

This lead to a fork with the original unchanged blockchain being renamed “Ethereum Classic” (ETC) and the new blockchain becoming the Ethereum (ETH) we know today.

Even though investors were able to regain their funds in this case, it still highlights the risk that early adopters face when dealing with cryptocurrencies and blockchain based assets.

We are at a stage now where cryptocurrency is not only used by tech savvy individuals, non technical people are getting more and more involved as the popularity of blockchain and cryptocurrencies grows every year.

Non tech savvy people are used to having a centralised organisation bail them out once they forget a password or any other important piece of information.

With blockchain technology, once you screw you up or if the only owner of a private key passes away, that’s it. It’s the price we pay for a decentralised, peer-to-peer system.

This greater level of freedom comes with a greater need for responsibility.

read original article here