Be your own bank also means that users of Bitcoin and Co.
are responsible for the security of their investments themselves. The most important thing a crypto enthusiast can do for his investment is to pay attention to the appropriate security. Some guidelines are presented in this article.
„Be your own bank“ is probably the motto most associate with Italian Formula and other cryptocurrencies. Independence from central middlemen and the associated difficulty of confiscation make up an important part of the value proposition of cryptocurrencies.
But this independence from central middlemen comes at a price: investors must now ensure the security of their investments themselves. One is primarily responsible for the security of one’s private wallet.
In the age of mobile wallets, the risk that the money managed in the mobile wallet will also have disappeared after a theft should not be underestimated. Good mobile wallets are not simply accounts that give users access to centrally managed assets. In keeping with the cryptocurrency ideal mentioned above, users of wallets like Jaxx or Blue Wallet are 100 percent owners and managers of their funds in Bitcoin or other cryptocurrencies. However, „Not your Keys, Not your Coins“ can turn into an unpleasant opposite: with the loss of the smart phone, the private keys to one’s own wallet are also lost.
Even the use of hardware wallets, as advisable as it may be, does not offer total protection. Attackers can also corrupt them with the help of malware.
Not only Bitcoin threatened by hacks
Security problems like these are by no means limited to Bitcoin. The more complex smart contracts become, the more the risk increases there as well. The DAO exploit of 2016 and the defective Parity Multisignature Wallet are two prominent examples:
In the case of the DAO exploit, attackers were able to exploit a vulnerability in the code to transfer assets from the smart contract of this decentralized venture fund. Although investors were able to get their funds back on the Ethereum blockchain by performing a rollback – changing the transaction history written on the blockchain. However, such a radical approach is an exception, if not unique.
No exception was made, for example, for users of the Parity Multi Signature Wallet: with the terse sentence „I accidentally killed it“, devops199, a user who remains pseudonymous to this day, pointed out a fatal error in the smart contract behind this wallet. 153,000 ETH have been inaccessible ever since.
A March 2018 study found that such flaws are not uncommon: of nearly one million smart contracts examined, over 30,000 had glaring security vulnerabilities.
Entrusting funds to third parties does not solve the problem at all. MtGox, Cryptsy, BitGrail and QuadrigaCX are just a few examples of exchanges that have been hacked or have defrauded their users.
However, not everything is negative: Firstly, there are a lot of help that investors can follow in order to ensure the highest level of safety for their assets. Secondly, even after a crime has been committed, there are some measures that can be taken to find out the identity of the hacker.
In this series of articles, we would like to provide a little guidance within this mixed bag. In this first part, we discuss what points investors should pay attention to regarding security. Here is an overview of these points, which we would like to look at in more detail in the following:
Measures everyone can take to protect their Bitcoin and crypto holdings from attack.
A healthy dose of distrust
In the spring of 2018, a strange post by an alleged time traveler made the rounds. He mentioned „Bitcoin citadels,“ places where Bitcoin investors would have to retreat to in 2025 – for fear of attackers.
Such a dystopia is not that far away: September 2019, someone was tortured to death and was supposed to hand over the accesses to his Bitcoins. Last July, the former owner of the Bitmarket exchange was found dead. And back in the summer of 2018, a study found that robberies of crypto owners were on the rise.
One important tool investors can use to defend themselves from such attacks is discretion. Discretion is the foundation of what hackers call OPSEC or operational security. Investors are not hackers, but they should display a similar attitude and be silent regarding their cryptocurrency assets.
Good OPSEC also includes a secure computer. As with important passwords and sensitive stored data, investors should keep their computers free of viruses, malware, and security vulnerabilities.