Developing blockchain solutions since before it was cool and I’m in Auckland, NZ
The fallout from the mass hack of celebrity Twitter accounts has prompted a furious blame game and caused the uninitiated to blame bitcoin for facilitating the scam. The crypto community knows that to be false – Twitter’s centralized system, complete with “god mode” allowing them to post on behalf of users, was responsible.
Nevertheless, the attack had an undeniable crypto component given that the hacker obtained more than $120,000 in bitcoin. Fears that the attacker may have been able to access the DMs of the compromised accounts have prompted digital asset holders to reconsider their opsec.
Sharing passwords, private keys, and wallet seeds in private messages is a recipe for disaster. But beefing up your digital security doesn’t stop there.
Here are three ways to keep your crypto safe in the wake of the Twitter hack that’s placed the cryptosphere on high alert.
1. Know Your Exchange’s Custodial Policy
Just as it doesn’t make sense to entrust your entire net worth to a custodial platform, it’s illogical to trade on an exchange with zero knowledge of its custodial policy. Choose a crypto-buying platform that implements meticulous hot and cold storage procedures, and which has ideally partnered with a leading custodial provider.
Perform your own due diligence, but broadly speaking, if an exchange is making a big deal about its rigorous custodial procedures – and provides evidence of this – it’s probably not just paying lip service to the concept.
Trust is all relative within crypto, but as a rule, companies with large reserves and clearly defined custodial practices are likely to act ethically and dutifully towards their customers. For buying and selling crypto, Skrill stands out as one of the more reputable platforms on account of its long standing within the e-money space and its solid track record. It enables 12 cryptocurrencies to be bought and sold with low fees, and supports conditional offers, allowing you to automatically buy in when a crypto reaches your target price.
Convenience aside, Skrill’s greatest strength in the context of crypto lies in its track record: it’s been providing digital payments for almost 20 years and has built up an impeccable reputation in that time. That accrued goodwill has been inherited by its crypto buying service, giving customers confidence that their digital assets will be securely custodied by the e-money giant.
As for dedicated crypto exchanges, there are few on the market that haven’t been hacked, but of the leading platforms, Coinbase, Binance, Gemini, and Kraken all score highly. Coinbase stores less than 2% of its customer funds online, and all user deposits are fully insured, while Binance is suitably crypto-rich to make restitution should anything go amiss.
A recent $3 million hack of Cashaa appears to have been exacerbated by the use of a Blockchain.com wallet to custody user funds. Avoiding third-party wallets to store customer deposits would seem the most obvious takeaway from this, but it’s not that simple.
While this particular incident may have been triggered by Cashaa’s failure to maintain proper cold storage procedures, exchanges that implement best practices are not exempt – all it takes is one disgruntled employee or a cunning piece of malware to put all user funds at risk.
2. Decentralize With Care
DEXs come with their own security considerations. On the one hand, funds aren’t custodied in the conventional sense, so provided only you know the private key, they can’t be hacked.
This isn’t strictly true, though. Certainly, maintaining robust cold storage practices, including the use of airgapped wallets, is about as safe as hodling gets – though caution should be taken when using off-the-shelf hardware wallets. Once you lock your assets into defi protocols, however, to capitalize on yield while still hodling, a whole new attack vector emerges.
Smart contract exploits and oracle bugs have seen defi protocols manipulated to steal user funds; this year alone no less than five defi hacks have secured millions of dollars in cryptocurrency. As the total value locked into defi protocols grows, so do the incentives for breaking their underlying code, be it through outright hacking or manipulating price feeds to profit.
Custody your funds if you know what you’re doing, but don’t lock all of your assets into highly experimental protocols that introduce layers of complexity and unknown risk.
3. Up Your Opsec
Decentralized exchanges (DEX) are great for trading a limited range of Ethereum-based tokens, but for everything else, centralized exchanges and crypto swapping platforms still rule. Centralized exchanges are relied on by the crypto community for swapping assets that reside on different blockchains and for accessing advanced products such as options and derivatives. But like centralized platforms such as Twitter, they’re a honeypot for hackers.
Whether trading on centralized exchanges, DEXs, or simply placing funds in cold storage, there are certain practices that you should follow to minimize your risk of falling prey to hackers. After all, if attackers have your vital details, be it a private key or exchange password, they’ll get in: CEX or DEX, it makes no difference.
To prevent this from happening:
- Delete mobile apps that make unreasonable privacy demands, particularly those that can access your clipboard
- Avoid copying and pasting your private key or seed on desktop or mobile – and certainly don’t send it via Twitter DM, even to another account you control
- Store your wallet backup or exchange login in an encrypted drive with a strong, unique password, or offline in several parts
- Instruct your cell provider not to port your number to a new handset unless you give explicit instructions and pass extensive verification checks
Owning cryptocurrency comes with its risks, but these needn’t be prohibitive. Provided you perform basic due diligence of the trading platforms you use and maintain good opsec, your digital assets should be as safe as your physical ones, be it your house or car.
Hackers are gonna hack as sure as traders gonna trade. Be smart, select a responsible crypto swapping platform, and you’ll keep hodling until the day you’re ready to sell.
Disclosure statement: The author has no relationships with any of the companies mentioned in this article.