ACADEMY
  • /
  • SECURITY
Security

Storing crypto

Privacy and responsibility

One of the main features of crypto is its privacy and anonymity – or, at least, pseudonymity (see the Privacy section to learn more) – but this brings both unprecedented advantages as well as new dangers to this new asset class.

On the one hand, it means that, as long as you take the necessary precautions, your funds and transactions can be hidden from prying eyes, but on the other hand, this is also taken advantage of by criminals to avoid prosecution. It’s a general rule that more power brings more responsibility, and the same holds for crypto.

Unlike traditional finance, everyone can have complete custody of their funds in crypto, but this also means that they themselves are responsible for all the precautions to prevent their coins from being stolen. If someone manages to steal your credit card data, for example, you can always contact the bank and possibly have any illegitimate transactions canceled.

But if someone steals your private key and takes your Bitcoin, there’s no centralized entity that can cancel the transaction (although there are services such as CipherBlade that specialize in tracking down the criminals).

That’s precisely why learning about the different types of scams and hacks is so important, and in this lesson, we’ll give a brief overview of the risks of storing crypto, before moving on to other types of scams and attacks.

Counterparty and exchange risks

One of the more obvious risks involves storing your crypto in an exchange or other similar centralized service.

While leading exchanges normally have state-of-the-art security measures, hacks still do happen every so often, and they use ever more sophisticated methods. For example, $40 million worth of Bitcoin was stolen from Binance in 2019, and the hackers managed to do this by obtaining private info from a variety of apparently independent accounts, and then withdrawing all the funds – 7000 BTC – in one transaction.

However, the loss didn’t affect users’ funds, as it was covered by Binace’s insurance fund, but it nevertheless remains an important example of how exchange hacks can and do happen.

An even more significant risk with storing funds on centralized services involves the potential for phishing attacks and other forms of identity theft, whereby hackers can obtain users’ passwords and/or 2-factor authentication info, and this is something we’ll cover in some depth in the following lessons.

Overall, the thing to keep in mind regarding exchange risks is that it’s always important to research any exchange where a significant amount of funds is held and to check their reputation. Ideally, an exchange should keep most of their funds in cold storage (i.e., in hardware wallets), with only smaller amounts in hot wallets in order to enable withdrawals to be processed quickly. And of course, the safest decision for any individual is to choose a hardware wallet for long-term crypto storage, but there are important precautions to take here as well.

Self-custodial storage

Storing your crypto in your own wallet can be the safest option, but only if you’re careful with how you go about this.

The first thing to mention is that not all wallets are created equal, and here we’ll cover software and hardware wallets (another option are paper wallets, but this is no longer that popular due to the widespread availability of hardware wallets).

Essentially, what you own when you own crypto is your private key, and these types of wallets differ in how and where the private key is stored. With software wallets, the key is stored on your computer, and it may or may not be encrypted, depending on whether you use a password for your wallet. In any case, this form of storage isn’t ideal, as your private key could be compromised if your computer becomes affected by malware.

Of course, software wallets – especially in the form of browser extensions – are extremely convenient, so using them for trading on decentralized exchanges is perfectly fine, but only as long as you make sure not to keep too large amounts of tokens in them. When using software wallets, it’s important to take all the usual precautions regarding malware. If possible, use a secure operating system (Linux distributions, for example, are widely regarded to be among the safest options), or at least good antivirus software with up-to-date malware databases.

Still, hardware wallets offer more security, as the private key is hard-coded in the wallet itself, and never leaves the device. Regardless of what kind of wallet you use, the crucial thing is to securely back up your seed phrase, as this is the only way to recover your funds in case you lose your wallet, while anyone that manages to get access to the seed phrase can steal your coins. Never take a photo of your seed phrase or store it on any digital device whatsoever; instead, write it down on a piece of paper and store it somewhere safe.