Have you ever stressed over the safety of your crypto assets? What ways can someone hack you? What steps could you take to make your security framework safer? One of the biggest promises of cryptocurrencies is self-custody. But self-custody also means protecting your funds is your sole responsibility. Since cryptocurrencies are not like insured banks and loosely regulated by governments, getting hacked leaves the users with almost negligible chances to get their funds back. To give you an understanding of the various risks with cryptocurrencies, we have compiled a page that covers various attack vectors that have led to the loss of funds, so you can gain inspiration and take the right steps that would keep your funds safe. This article covers steps you as an individual can take to protect yourself.
Public Wifi are good, they are convenient and most importantly, Free to use. But they are equally loved by the attackers. Public WIFIs open multiple attack options for them like Man-in-the-middle attacks, Fake Wifi, Packet Sniffing, Sidejacking, and Shoulder-surfing attacks on the Wifi users. It’s best to stay away from these public free services.
Public WiFi means any WiFi service established and owned by Contributing Group that is provided for use by its customers on Wireless device, and is password protected or has other secure authentication protocols established and managed by such Contributing Group.
In case you ever find yourself in a situation where the only option is to use public wifi, here are some things that you can do to keep yourself safe :
VPNs can be used on any device to maintain your data privacy and avoid eavesdropping or tracking of your activities. A VPN essentially creates an encrypted tunnel that keeps your online activity private and secure, giving you control over your data.
While Phishing scams are the most common in the Web3 world. Somehow, crypto investors still fall for it. Here is the easiest framework to prevent you from falling for it.
For how much you try, there is a certain level of probability that some malicious actor will somehow get into your security environment. Why not use an antivirus to have your back just like you have a bodyguard and security cameras to have your back in the physical world?
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.
While it is important to have a strong password, it is also important to add an additional layer of security like an MFA, wherever it’s possible.
Multi-Factor Authentication in Web3 usually happens in four ways:
If you hold any cryptocurrency, you must hold your assets in a wallet. Wallets are of two types:
A custodial wallet service (like Coinbase or Nexo) holds on to the private key, so it is responsible for safeguarding a user’s funds.
A non-custodial wallet, on the other hand, gives users full control over their private key, and with it sole responsibility for protecting their holdings.
Self-custody starts with non-custodial wallets, also known as Private Wallets.
Crypto assets sit on the blockchain and are never in your wallet. In contrast to what many think, wallets are aimed at securing your keys and not your assets. There are three types of wallets: Paper Wallets, Software Wallets and Hardware Wallets. But how can you secure each one of them?
First of all, let’s start by addressing the elephant in the room. If you centralize all your assets in one private wallet. It’s highly likely that you are NGMI (Never Gonna Make It). It is always best to distribute your assets into multiple wallets. Now, back to types of wallets and how to secure each one of them.
Paper wallets were generation one of wallets. A paper wallet is a printed piece of paper containing keys and QR codes used to facilitate your cryptocurrency transactions. Because they are removed from the internet, at one point, paper wallets were considered to be more secure than other forms of cryptocurrency storage because of their air gapped nature.
Recently, Paper wallets have seen a significant drop in their usage in the recent past. Reasons for the drop in usage surround mainly because of their private key storage being in plain text and physical nature. This can lead to loss and theft of the same. The way you secure them is similar to securing your seed phrase that we will talk about later in the Seed Phrase preservation section.
A Software Wallet is a form of cryptocurrency wallet that’s based on software, so installed as a mobile app or accessed via a website, or installed as software on a desktop or laptop computer. The software itself stores your private keys that are used to access your cryptocurrency funds.
Software wallets, recently, Software-based wallets, also known as Hot wallet, are more accessible and more convenient therefore are the most commonly used wallets. Most common examples of software wallets are Metamask (Extension-based), Electrum (Desktop-based) & Rainbow (Mobile-based). Software wallets are amazing because of their ability to connect to the blockchain and the Dapps. But the connectivity also opens up ways for malicious actors to compromise your security.
Software wallets store your private keys in your computer using encryption which might or might not generate encryption entropy using your password. This brings about a security concern because of the desktop being internet connected, anyone getting access to your desktop physically or virtually can potentially reach to your software wallet data file and steal your keys.
Hardware wallets are a form of offline storage. A hardware wallet, also known as Cold Wallet, is a cryptocurrency wallet that stores the user’s private keys (a critical piece of information used to authorize outgoing transactions on the blockchain network) in a secure hardware device.
Hardware wallets till date have been the safest way for individuals to store their cryptocurrencies. Because a hardware wallet stores keys in an offline manner. That makes it difficult to access by the attackers.
Hardware wallets should be used for low velocity asset holds. For high velocity trades, maintain balance in software wallets or transfer to Software wallet for trades. Once trade is done, transfer your funds back to your hardware wallet, that way you will protect your funds from future potential smart contract exploits. While keeping your hardware wallets like a true cold wallet.
Hardware wallets are considered the safest so far because they store your private keys in a secured offline environment, which never connects to the internet. Hardware wallets usually contain a secure internal chip like ATECC608A which are responsible to keep your private keys secure. The private keys never leave this chip even when you transact with your wallet. Even though hardware wallets have been hacked before as well, they are ways to improve its security model even further. More on that in the later sections.
Smart contract based Dapps sit over blockchains and need some kind of communication and permissions from the wallets, in order to execute a command. These commands can be deducting funds from the wallet to swap with another asset. But while there are many legit contracts, there is a threat to security if you grant permission to a malicious contract. So, it becomes important to know how to identify malicious contracts.
Maintaining wallets can be hard and sometimes you are needed to make connections because of fund unavailability or high gas fees. This raises the threat level of wallet towards future potential exploits relating to that smart contract.For such cases, use smart contract revokers to browse all permissions granted to various smart contracts and revoke permissions in case you find a contract having unsafe permissions.
Seed Phrases are the biggest Single-Point-of-Failure in crypto security stack. Many investors have lost billions of dollars worth of crypto because of the loss or theft of their seed phrases. Back in 2017, Blockchain analysis firm chainalysis estimated that 23% of all Bitcoin in circulation could have been lost forever, already.
While many methods to store crypto have been experimented with, one method that is strictly discouraged is storing your seed phrases online. Online backups are readily available in the vicinity of the attackers with high surface area to be attacked.
Offline methods include paper and steel backups. Both solutions come in Plain-text which widens the attack surface area, as anyone seeing the plaintext seed phrase can drain all your wallet at his disposal.
It is highly recommended to follow the experts guidelines while building security around your seed phrase storage. Some of them include
But some of them tend to be too complex for the average user to implement, or may require you to buy a completely new set of networks and computers to build a secure environment. This can be especially tricky because any mistake while setting up a DYOR security stack can lead to permanent loss of funds. While there seems to be no better option securely to backup your Seedphrase. Seedless Wallets have come as a long awaited solution.
In the recent past, Seedless wallets have been in rising popularity. Seedless wallets replace the need to write down a backup passphrase and keep it secure. They do away with the hassle and stress of hodling your seed phrase in an unsafe way, thereby, removing any single-point-of-failure within crypto backups and improving overall security.
Cypherock X1 empowers users to protect their keys by sharding wallet keys to 5 shards(One X1 Wallet & Four X1 Cards), user needs only 2 of the 5 shards in order to reconstruct the Keys and manage their funds. Shards are stored in a way that no single shard gives information about other shards. This process completely takes away the single point of failure nature of seed phrases. As you can manage your funds even if you lose 3 of the 5 shards that too without ever worrying about anyone being able to read your seed phrase. Since your private keys are decentralized with Cypherock, it is 10x more secure than any other hardware wallet in the market and hence it is not exposed to the attack vectors with the current hardware wallets.
Source: Naman Seth, Cypherock
You can see this list here.
1 | Trezor hardware wallet, the official online store | ||
2 | Ledger hardware wallet, the official online store | ||
3 | KeepKey hardware wallet, the official online store | ||
4 | BitBox02 hardware wallet, the official online store | ||
5 | CoolWallet hardware wallet, the official online store | ||
6 | ELLIPAL hardware wallet, the official online store | ||
7 | D'CENT hardware wallet, the official online store. | ||
8 | SafePal hardware wallet, the official online store | ||
9 | SecuX hardware wallet, the official online store | ||
10 | BC Vault hardware wallet, the official online store | ||
11 | BitLox hardware wallet, the official online store | ||
12 | Keystone hardware wallet, the official online store | ||
13 | ProKey hardware wallet, the official online store | ||
14 | NGRAVE hardware wallet, the official online store | ||
15 | Keevo hardware wallet, the official online store | ||
16 | GridPlus hardware wallet, the official online store | ||
17 | Ballet hardware wallet, the official online store | ||
18 | OPOLO hardware wallet, the official online store | ||
19 | Foundation (Passport) hardware wallet, the official online store | ||
20 | ImKey hardware wallet, the official online store | ||
21 | Tangem hardware wallet, the official online store | ||
22 | HashWallet hardware wallet, the official online store | ||
23 | Material Bitcoin hardware wallet, the official online store | ||
24 | ShieldFolio hardware wallet, the official online store | ||
25 | OneKey hardware wallet, the official online store | ||
26 | Blockstream Jade hardware wallet, the official online store | ||
27 | Cypherock hardware wallet, the official online store | ||
28 | Keepser hardware wallet, the official online store | ||
29 | NEXA hardware wallet, the official online store |