Intrigued by the many possibilities of cryptocurrencies – not least by the prospect to “earn” serious money while doing nothing – you’ve decided to take the plunge and invest in some.
But do you know how to keep your investments safe in the Wild West that is currently the cryptocurrency market?
What you need to worry about
Setting aside the risks that could arise from the current legal and regulatory murkiness regarding virtual currencies (and cryptocurrencies as a subset of that category), your biggest worry at the moment should be the potential theft of your assets.
The list of dangers is long:
- Attackers compromising online exchanges, DDoSing them or destroying them altogether, making your funds temporarily unreachable or permanently lost
- Cyber crooks hacking cyptocurrency “banks” and wallet services
- Hackers grabbing investments by exploiting vulnerabilities in cryptocurrency, smart contracts, or security mistakes.
- Crooks stealing your digital wallet or account credentials (or your wallet file) through phishing or malware
- Your virtual currency getting corrupted.
There’s not much you can do about bugs and insecure services, but you can do things to protect the assets you have in your hand (so to speak).
For one, be extra careful when investing in projects and companies through initial coin offerings (ICOs).
The popularity of this fundraising method has exploded, but as we’ve recently witnessed, crooks can find ways to pocket the money meant for the startups. ICO-related scams (fake ICOs) are also a thing.
Secondly, you can protect your digital assets by keeping them in “cold storage”:
- In a paper wallet
- In an offline hardware wallet
- A data storage device inaccessible to anyone except you (e.g. USB, disk drive)
- Online but encrypted (with the encryption key offline).
All of these options have their pros and cons, but keeping most of your assets in them is safer than keeping them in software wallets, hosted wallets, or wallets tied with accounts of online exchanges.
Keys for software wallets can be easily stolen (phishing, malware), and third-party wallet services and exchanges (that hold your private keys) can be hacked.
Of course, there will come a time when you’ll have to use these services to carry out transactions, but definitely don’t keep the majority of your stash in them on a day-to-day basis.
Be on the lookout for phishing or scam emails and messages on social media and online forums. Projects like my MyEtherWallet team’s database of active scams can help you identify scam and phishing sites.
Another thing that should prevent you falling for phishing schemes: bookmark your crypto sites, and always use those bookmarks to reach them.