You could be leaving your crypto wallet open to hackers—here’s how to protect it

Jun 12, 2021 0 comments

The Justice Department on Monday reported it successfully retrieved $2.3 million in bitcoin paid by Colonial Pipeline to ransomware hackers in April.

But the news caused a stir of confusion online — some speculated that bitcoin was “hacked,” and on Tuesday, the price of bitcoin seemed to slide due to concerns over security of the cryptocurrency.

Though it isn’t exactly clear how it was done, experts say the FBI’s ability to retrieve the bitcoin ransom was due to the criminals’ storage of their private keys, rather than any vulnerability with the cryptocurrency itself.

Private keys, or a string of letters and numbers similar to a password, are used to unlock access to a holder’s cryptocurrency. In turn, it’s extremely important that your private keys remain undisclosed to the public.

“Anybody, anytime, that gets a private key can move funds,” Parker Lewis, head of business development at bitcoin custody and loan firm Unchained Capital, tells CNBC Make It. “The only way that funds can be moved is if you have the private key, and that’s why securing private keys is so important.”

According to the Federal Trade Commission, nearly $82 million was reported lost to crypto scams during the fourth quarter of 2020 and first quarter of 2021. That is more than 10 times the amount from the same period the year before, the FTC reported.

To protect your crypto from hackers or any outside threat, it’s important to understand how to secure your private keys.

How to protect your wallet

Regardless of where you decide to store your cryptocurrency and private keys, be aware of bad actors in the space. Though there are many different scams, a common one is sim swapping.

Here’s how a sim swap scam typically happens.

When you sign up with an exchange, you set a username and password and can add two-factor authentication, or two FA, to protect your account. If a hacker is able to get your login information, they’d also need to pass the two FA to gain access to your account. To do this, they’ll call your phone company and convince them to transfer your phone number to theirs.

“It’s pretty unfortunate, but it’s not very difficult for them to convince your telecom company to transfer your number, which is why we flat-out say never use SMS text message for two FA if you can avoid it,” Neuman says.

However, for some exchanges, the SMS two FA is the only option. If you can’t avoid it, call your carrier and ask to add a password or other barrier to your account, Martin says.

If the exchange offers it, Martin also recommends using a YubiKey, which he calls “the gold standard for two-factor authentication.” The YubiKey, created by security company Yubico, is a USB hardware authentication key that can be plugged into a device.

Martin also recommends using password managers and warns to not use the same password across your accounts.

Once you pick a wallet service, its software will also often generate a unique seed phrase, or a collection of 12 to 24 random words, which could be used to recover your crypto wallet. Your seed phrase should also be kept completely private and in a secure location offline.

Along with security measures, you should also remain skeptical when receiving outside messages regarding your crypto wallet.

“If it’s too good to be true, it definitely is,” Martin says. “No one on Twitter is going to send you back double what you send to them.”

Lastly, “be very skeptical if someone offers to install remote screen viewing software on your laptop. I can tell you for sure Coinbase will never do that.”

Sourced from cnbc.com.

Donate

Comments

Translate

Contact Form