Digital lock reflecting the best possible crypto security
Basics of Crypto Security

Why should you care about Cryptocurrency Security?

Five categories of risk to cryptocurrency investors that everyone should know, some stories of staggering losses, and recommendations to protect your digital assets.


Learning about crypto security may seem daunting, since cyber threats are complex and ever-evolving. As a crypto investor, you don't need to become a crypto security expert, but there are a few very important concepts that you should understand. This article offers a summary of what you need to know about crypto security, reveals the biggest risks, and suggests a few things that you can do to best protect your assets.

Key Highlights: Crypto security considerations

Here are some of the main considerations when it comes to crypto security:

  • Retain your independence: If you trust any institution to protect your seed phrase for you, you are not taking advantage of the greatest feature of cryptocurrency: independence.
  • Theft is usually permanent: If someone steals your seed phrase and takes your crypto, you will probably never get it back.
  • Your best protection is a private, secure backup: If you lose your seed phrase, and you don't have a backup, your crypto is gone.
  • Don't forget about inheritance: If you don't share access to your seed phrase with anyone at all, your heirs will never be able to access it.
Some simple best practices can help you protect your crypto — let's dive into them.

What are the security threats to cryptocurrency?

To be brutally honest — and this goes for all kinds of valuables — if you don't pay attention to security, hackers or accidents will likely take your hard-earned assets from you.

There is a big difference between using traditional financial institutions to trade stocks and manage your bank accounts, and the world of buying and selling digital currency.

The key difference is:

If you forget the password to your bank account, you can obtain a password reset from the bank, but if you forget the "equivalent to a password" for crypto that you hold, there is no one who can restore your access to your funds.

Why? Because crypto is protected with a digital key represented by a list of words known as a seed phrase, and without this seed phrase, you cannot access your funds. This means that protecting your seed phrase is the same as protecting your funds.

You could avoid the responsibility of protecting your seed phrase by relying on a centralized exchange like Coinbase or Gemini to hold your crypto wallet for you as your custodian. When a custodial exchange controls your wallet, they are responsible for protecting the keys, and if you forget your exchange password, they can give you access to your cryptocurrency again. Although this is very convenient, whatever entity controls your keys or codes also controls access to your cryptocurrency, and that comes with downsides ("third-party risk"). In uncertain times, a primary benefit of owning cryptocurrency is the ability to "be your own bank" and to control your own funds — this is the very promise of the Blockchain and cryptocurrency. To realize this benefit, you must control your own keys, and thus, your own security.

The threats to your seed phrase — and hence to your cryptocurrency — range from hackers attacking centralized exchanges and stealing millions of dollars worth of cryptocurrency, to fraud by the owners or employees of exchanges, to the theft of your own local physical storage drives with seed phrases on them. However, the most likely threat is simply that you will lose access to the seed phrase because you lost the paper that you wrote it on. (Many crypto wallets advise you to just back up your seed phrase onto a piece of paper.)

Other threats include the seed phrase being lost in an accident (e.g., floods and fires that plague certain regions like California), or even — despite your diligent efforts to back everything up — you could simply forget the password to an encrypted drive where you stored your seed phrase.

Why is crypto loss so common?

What are the biggest risks to crypto security?

Let's examine the most common risks to crypto loss.

Don't worry — none of this is "rocket science." Moreover, cryptographic protection (and the "key management" that it requires) is not unique to crypto or Bitcoin, but is essential for your security on the Internet in general.

The best way to reduce these risks is to make sure that you carefully back up your seed phrase.

Supplementing this guidance, Vault 12's Wallet Guides show you how to create wallets in a secure and safe manner, and suggest when you should follow default instructions. We hope that these articles, written by security experts, help you to navigate crypto security in a simple way so that you can enjoy participating in the exciting and empowering world of crypto.

Let's explore in a little more detail.

"Safeguarding money is necessary for the crypto economy to flourish."

Cameron Winklevoss, Winklevoss Capital

What "owning your own money" really entails

In a traditional banking scenario, clients don't have to worry about the theft of their account funds, or incorrect transactions. This is because banks work to block potentially fraudulent transactions, and to issue chargebacks for unintentional transactions. The role of the traditional bank is to provide and ensure such security.

A distributed ledger on a blockchain network is also secure and resilient, though it uses different mechanisms. Blockchain transactions are extremely secure in the validation, resilience, and integrity that they provide.

However, points of failure associated with a blockchain network migrate towards the user's end of the spectrum: by managing your own money, you become the potential single point of failure in protecting your funds. How? As a cryptocurrency owner, your access to this resilient network is through your crypto wallet, and that access is granted through your seed phrase. Your seed phrase can restore your private key if your wallet is lost or damaged. Therefore, your careful storage and use of this private key — and your seed phrase backup — determines whether your crypto funds remain secure, or are exposed to loss or theft. In this way, you are fully responsible for the safety of your funds.

Blockchain transactions are fast and permanent

The decentralized finance (DeFi) movement has introduced a new paradigm in which owning your own money and participating in a decentralized financial network creates a whole new form of economic mechanics. Instead of central authorities solely determining an economy's fate through monetary policies, an economy is also affected by how blockchain software evolves, and by how people interact with it.

How a blockchain network settles and records transactions for a cryptocurrency is determined through the exercise of its operational protocols. Completed transactions remain immutable forever. Immutability is a characteristic that offers great security to monetary transactions: once a transaction is completed, it is committed permanently, and can not be reversed for any reason.

Transaction settlement is very fast compared to traditional banking, where charges may be reversed long after the transaction has been completed. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.

The challenges of crypto key management

Poor key management is by far the most common way that crypto is lost. Given that many of us need to rely on "forgot password" functions to recover simple 9-character passwords, it's unrealistic to believe that we can be trusted to casually maintain a digital key or seed phrase.

Key management is difficult for those that are tech-savvy — and even harder for those who aren't. Because of this predictable difficulty, estimates show that between 17 and 23 percent of all bitcoin have been lost as a result of losing a private key!

Taking control of your own crypto keys also puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. If this happened, your funds would be abandoned on the blockchain forever.

Hackers and crypto

Hackers pose one of the most serious threats to cryptocurrency holders. In 2017, 13.7% of the world's population reported a hack of some type digital asset — including both bank account balances and cryptocurrency. This indicates two important points: One: hackers are rampant, and will relentlessly continue to steal from consumers. Two: consumers are not effective at personal digital security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this will be a far greater threat than it is today.

Hacking attacks are possible through targeted malware or virus attacks, and through other deliberate compromises. In 2017, a virus attack named "WannaCry" yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a Chrome browser VPN extension was hacked and used to retrieve private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2 million from average consumers. In 2018, a MyEtherWallet browser plugin DNS hack let hackers steal over US$365,000 from users.

Exchanges have also not been left out of the fun — see Risk 1 below, showing that numerous major exchanges have seen thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges covered the losses that exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.

How to secure your crypto: Risks and recommendations

Below are some poignant examples of loss, a summary of risks, and some common-sense recommendations.

Risk 1 - Leaving cryptocurrency on an exchange

When many people first start trading cryptocurrency, they end up leaving their crypto on an exchange. It's convenient, and the coins are conveniently available to use in transactions — but unfortunately, hackers love the fact that so much crypto is in one central place, ready for the taking.

According to to Inside Bitcoin, more than $11 billion (and counting) has been stolen not only from supposedly secure crypto exchanges, but also from other custodial wallets and mining platforms, mostly due to hacking incidents.

The number of exchange hacks is not declining over time. According to NASDAQ, Cyber-attacks and hacking incidents on digital assets netted $1.8 billion in the first 10 months of 2020 alone.

A large hack happened on the KuCoin centralized exchange in September 2020, with hackers stealing $275 million from the Singaporean exchange.

Hackers have gotten their hands on $11 billion in stolen cryptocurrency since 2011. More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets, and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed. - July 2020

Exchange hacks are not just limited to third parties - employees, and even founders of exchanges have perpetrated massive frauds, as demonstrated by the now-infamous FTX exchange fiasco.

In addition to the famous QuadrigaCX case in 2019, another top10 exchange, OKEx, suffered an outrageous hack by a founder who went missing, absconding with exclusive access to users' private keys. This led the exchange to freeze withdrawals on all users' assets for more than five weeks.

This is why it is essential that you not leave your crypto assets on exchanges, regardless of assurances to the contrary.

Recommendations:

Exchanges are the main target for hackers. Those are the biggest honeypots. So the number one rule in Crypto is, do not keep your money on an exchange, and if you're going to custody that money, you need to do it off of the exchange..."

Joe DiPasquale, BitBull Capital

Risk 2 - Storing Cryptocurrency locally

There are many, many stories of seed phrases being backed up onto local devices and then getting lost or stolen, or the PIN/Password being forgotten. The trouble with local storage is that it's easy to lose, or even for someone to target and steal the storage device.

Recommendations:

Risk 3 - Being targeted by criminals

With so much of our personal information available to anyone who wants to target us, the risk of your crypto being targeted is very real. Personal attacks include email phishing attacks, SIM Swap attacks that can sidestep 2-factor authentication, and various other ingenious social engineering attempts. The majority (50%) of crypto thefts in 2020 occurred on Defi protocols.

"We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting "nearly $3.78 billion" in 2020," according to a report from Atlas VPN. - Jan 2021

Recommendations:

Risk 4 - Accidental loss and natural disasters

Data on cryptocurrency lost due to accidents and natural disasters is hard to come by, but estimates indicate it is north of $10 Billion. Accidents - whether losing your hardware wallet, or leaving your paper seed phrases behind because you had to evacuate California wildfires and earthquakes, have contributed. Many believe that the biggest loss comes from simply forgetting PINs and passwords - something that can happen even if you take precautions.

Tens of billions worth of Bitcoin has been locked and effectively lost by people who lost or forgot their key. Of the existing 18.5 million Bitcoin, around 20 percent appears to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis. - Jan 2021.

James Howells, a Welsh I.T. worker, began mining Bitcoin on a personal computer in 2009. By 2013 he had mined 7,500 Bitcoin which is worth about $270 million in Jan 2021. In 2013 he stopped mining and sold the computer he was using for parts on eBay. He kept the hard drive with the hope that Bitcoin would rise in value. In 2013 when cleaning his house he accidentally threw the drive away and it, along with the rest of his trash was taken to the local landfill in Newport, South Wales and buried. Asked how it ended up in landfill, he explained that it was "thrown out into a bin bag during a clear-out in a case of 'mistaken (hdd) identity' in summer 2013. There were two HDDs in the same drawer, the wrong one got binned? s*** happens."

The landfill reportedly contains about 350,000 tons of waste and 50,000 more tons are added every year. An article reported that "a council spokesperson said their offices have been "contacted in the past about the possibility of retrieving a piece of IT hardware said to contain bitcoins," but digging up, storing and treating the waste could cause a "huge environmental impact on the surrounding area."


Recommendations:

Risk 5 - Loss of Generational wealth

We usually don't think of death or incapacitation while contemplating how to enter the brave new world of crypto, yet the consequences of how crypto is secured means that to ensure the accessibility of funds by future generations, specific protective steps must be taken. This starts with talking to a trust and estate lawyer to draw up a will and a plan for how beneficiaries can access assets. This can be a convoluted process. As a result, companies like Vault12 have identified solutions to provide simple and easy-to-use solutions for digital inheritance.

There is a steady drumbeat of these stories happening with worrisome regularity:

In December 2018, Gerald Cotten, the founder of the bitcoin trading exchange QuadrigaCX, died (under somewhat mysterious circumstances) resulting in the loss of $250M and the exchange going bankrupt. Gerald was only 30 years old and had not created an inheritance plan, nor were instructions of how to access the centralized assets ever found.

In April 2018, Matthew Mellon, heir to Mellon family banking fortune and former chairman of the NY Republican Party finance committee, and cryptocurrency proponent, died. Prior to his death, he held an estimated $1B in Ripple (XRP) - all of this remains were inaccessible as he left no instructions, even though he protected the cryptocurrency via cold storage in multiple locations around the US in different people's names.

In 2017, an unidentified young crypto investor in Colorado died with a small fortune in cryptocurrency held in a coinbase account. The family, however, had no access to the account and eventually had to petition Coinbase directly. Eventually the assets were released after a lengthy process. If the account holder had not been a U.S. Citizen, this would have been a much more complicated process.

Recommendations:

https://linkedin.com/in/wasima
https://twitter.com/wasima
https://startag.xyz/wasima
Basics of Crypto Security

Why should you care about Cryptocurrency Security?

Five categories of risk to cryptocurrency investors that everyone should know, some stories of staggering losses, and recommendations to protect your digital assets.

Discover More
avatar-icon

Wasim Ahmad

Wasim is a serial entrepreneur and an advisor in the fields of AI, blockchain, cryptocurrency, and encryption solutions. At Vault12, he led the private and public fundraising efforts and focuses today on expanding the Vault12 ecosystem. His crypto experience began with AlphaPoint, where he worked with the founding team to launch the world's first crypto trading exchanges. Previously he was a founding member of Voltage Security, a spinout from Stanford University, that launched Identity-Based Encryption (IBE), a breakthrough in Public Key Cryptography, and pioneered the use of sophisticated data encryption to protect sensitive data across the world's payment systems. Wasim serves on the board of non-profit, StartOut, and is a Seedcamp and WeWork Labs global mentor.

Wasim graduated with a Bachelor of Science in Physics and French from the University of Sussex.

avatar-icon

Vault12

Vault12 is the pioneer in crypto inheritance and backup. The company was founded in 2015 to provide a way to enable everyday crypto customers to add a legacy contact to their cry[to wallets. The Vault12 Guard solution is blockchain-independent, runs on any mobile device with biometric security, and is available in Apple and Google app stores.

star-background

Backup and Inheritance for Bitcoin

vault12-guard
Get the Vault12 app onto your phone
QR code Vault12 Crypto/NFT InheritanceDownload Vault12 on App StoreDownload Vault12 on Google Play
Vault12 app mockup
Scroll down
Close

Vault12 Product Demo

Get The Vault12 App Onto Your Phone

Download Vault12 on App StoreDownload Vault12 on Google Play
You will lose your Bitcoin and other crypto when you die...

You will lose your Bitcoin and other crypto when you die...

...unless you set up Crypto Inheritance Management today.

It's simple — if you don't worry about crypto inheritance, nobody else will — not your software or hardware wallet vendors, not your exchanges, and not your wealth managers. So it's up to you to think about how to protect the generational wealth you have created, and reduce the risks around passing that wealth on to your family and heirs. What are the challenges with crypto inheritance?

  • Crypto Wallets are difficult to use and do not offer crypto inheritance management. In fact, most of them tell you to write down your seed phrase on a piece of paper, which is practically useless.
  • Some people back up their wallet seed phrases or private keys on paper, local devices like hardware wallets or USBs, or in the cloud. All of these options have severe drawbacks that range from hacking to accidental loss to disrupted cloud services.
  • Software wallets operate onspecific blockchains, yet your crypto assets span multiple blockchains. For inheritance to work, you must be able to manage inheritance across every blockchain — now and forever.
Vault12 is the pioneer in crypto inheritance management. Watch our explainer video above, or our inheritance demo today.
Screenshot of Vault12 Guard apps - Add an Asset screen

Crypto Inheritance Management: Get ready today

Vault12 is the pioneer in Crypto Inheritance Management, and offers an easy-to-use and secure method for assigning a legacy contact to your crypto wallets. Vault12 Guard enables you to pass on your wallet seed phrases and private keys for any cryptos including Bitcoin (BTC) and Ethereum (ETH) to future generations. It's designed for everyday people, yet strong enough for Crypto OGs.

This innovative, decentralized system uses a hybrid approach of software fused with the Secure Element of phone devices (the Secure Enclave for iOS devices, and Strongbox for Google devices).

Vault12 Guard enables users to appoint one or more people or mobile devices as Guardians. The designated Guardians are entrusted to collectively protect the user's comprehensive collection of wallet seed phrases and private keys, which are safely stored within a decentralized digital Vault. Nothing is stored on cloud servers or Vault12 servers, and no assets are stored on local devices, making them less of a target.

The decentralized approach reduces points of failure and removes the necessity for regularly revising wallet inventories or modifying instructions for your lawyers (which could lead to privacy breaches). Simply put, Vault12 Guard is the best way to preserve crypto generational wealth.

Screenshot of Vault12 Guard app - Adding data into the Vault

Take the first step and back up your crypto wallets.

Designed to be used alongside traditional hardware and software crypto wallets, Vault12 Guard helps cryptocurrency owners back up their wallet seed phrases and private keys (assets) without storing anything in the cloud or any single location. This increases protection and decreases the risks of loss. Making sure you have an up to date back up is the first step in crypto inheritance management.

The Vault12 Guard app enables secure decentralized backups and provides inheritance for all your seed phrases and private keys across any blockchain, including Bitcoin, Ethereum, ERC-20, and other crypto wallets.

Note: For anyone unfamiliar with cryptocurrencies, Vault12 refers to wallet seed phrases and private keys as assets, crypto assets, and digital assets. The Vault12 Guard app includes a software wallet that works alongside your digital Vault. The primary purpose of this is to guard your Bitcoin (BTC) or Ethereum (ETH) wallet seed phrases, private keys, and other essential data, now and for future generations.