- Choose how you store your assets
- Distribute your assets
- Protect your keys
- Multifactor authentication
- Stay vigilant and apply common sense
Ordinary investors show more and more interest in crypto. Therefore, the issue of ensuring crypto security has become particularly urgent. The problem is that crypto assets exist in the virtual world. Their owners cannot simply hide a stack of Bitcoins in a vault or protect NFT art with an alarm system.
Often, the safety of assets depends on a code. If the key to your assets is lost or stolen, you may lose all your crypto holdings.
Moreover, scammers keep finding innovative ways of stealing crypto. According to the Chainalysis data platform, crypto-related crime reached the record level of 14 billion U.S. dollars in 2021 compared to 7.8 billion U.S. dollars a year earlier.
Even if you are careful, it is impossible to guarantee that your assets will always be safe. However, there are certain proven methods recommended by experts.
The ways users store their crypto varies significantly depending on the size of assets and the frequency of transactions.
One way is to entrust your assets to a centralized service. Such platforms as Gemini and Coinbase Custody help to organize safe crypto storage, which is like storing your money in a bank account. These platforms are custodial wallets that ensure the safety of the users’ private keys. These are randomly generated passwords, sequences of alphanumeric characters, that are used for transactions. To sign in, users specify an email and password, and it is also recommended to use multifactor authentication. After entering your password to the platform’s account, you can conduct operations with crypto.
To use these services, you need to pay an annual charge that usually constitutes less than 1% of your assets. Some services charge additional fees for setting up the account and withdrawing assets. Such expenses reduce the profits, and there’s still the risk of custodial platforms being hacked or going bankrupt.
Nevertheless, they provide an easy way to increase the protection of your assets if you do not want to bear the responsibility for storing your crypto.
According to David L. Yermack, a finance and business transformation professor at the New York University Leonard N. Stern School of Business, in this case, you rely on the idea that such a service will act in good faith.
Alternatively, you can opt for storing your assets in a noncustodial wallet. In this case, your private keys will not be stored by a service provider. You alone bear the responsibility for this confidential information that protects crypto assets.
According to a popular recommendation, private keys should be stored on some small hardware device that can be connected to a computer, like a USB drive. Since the assets are stored on the blockchain, no one cannot get access to them without the private keys. In this case, you do not have to worry about losing or damaging the device, the assets will still be available.
However, to access your assets via a replacement device, you need a recovery seed. This is a sequence of 12 to 24 words that is used for hardware wallets as a master password. Therefore, you opt for this method, make sure to keep your seed safe.
Popular hardware options are Trezor and Ledger wallets.
Many financial advisors recommend investors with significant crypto holdings to distribute their assets. For example, you can have two wallets:
- one wallet is accessible online and used for transactions;
- another wallet is autonomous.
Since the first wallet is characterized by higher risks, if you hold most of your assets in the back-up wallet, you only risk a small portion of your holdings.
The safety of crypto also depends on private keys. If you use hardware wallets, make sure that your private keys cannot be lost or stolen. Many experts recommend writing them down on a piece of paper and storing it safely, for example, in a vault or a safe-deposit box, or an autonomous computer with no access to the internet. As already mentioned above, safeguard your seed phrase, and make a copy of it.
It is also not a good idea to keep confidential information on a computer connected to the internet, a phone, or cloud services. These connections are not always safe. Never photograph your private keys with your phone or send them to anyone. By doing this, you also face the risk of having your data stolen.
It might be sensible to divide the private key and entrust its separate parts to a few people you can rely on. In this scenario, however, have a backup plan in case some of the elements are lost. The seed phrase can also be stored in the same way.
Ben Weiss, the co-founder and CEO of CoinFlip, reminds users that the retrieval process should not be too complicated, as adding more elements to the system increases the risks of losing your access data and not having access to the assets.
Experts do not agree whether it is a good idea to use password managers, for example, LastPass or KeePass. Many users entrust their passwords to financial and other accounts to such applications. The thing is, you need to decide whether you are ready to trust a particular application, taking into consideration the size of your crypto assets.
Adam Morris, the co-founder of the Crypto Head information platform, admits that many people find password managers convenient. He adds that with two-factor authentication such apps are often considered to be safe but does not recommend relying on them if you are dealing with a significant portion of your savings.
Many experts insist on multifactor authentication. In this case, a password is not enough for identity verification and access authorization.
Although many platforms use text messages for authorization, experts recommend using authenticator apps, for example, Google Authenticator, or a Universal 2nd Factor, a hardware device for ensuring secure access to online services. It helps to avoid the risks of a SIM swap scam which exploits a phone service provider’s ability to port a phone number to a different device. In this way, scammers take over various accounts.
Know that there are fishing websites that imitate official platforms and have similar addresses. By entering your data on such a website, you give them to scammers. Stay vigilant if you are visiting a website via a link or a URL redirection.
Always apply common sense. If someone is offering you unreasonably favorable conditions seemingly without considering their own interests, this is likely to be a fraud. No one just gives away significant crypto assets.