Digital lock
Basics of Crypto Security

Why should you care about Cryptocurrency Security?

The five categories of risk to cryptocurrency investors that everyone should know, a few stories of staggering losses, and valuable recommendations that could protect your digital assets.




TL;DR (concentrated takeaways)

If you trust any institution to protect your seed phrase for you, you are not taking advantage of the greatest feature of cryptocurrency: independence.

If you lose your seed phrase, and you don't have a backup, your crypto is gone.

If someone steals your seed phrase and takes your crypto, you will probably never get it back.

If you don't share access to your seed phrase with anyone at all, your heirs will not be able to access it.

There are solutions and best practices that can help you protect your crypto.

Risks with Cryptocurrency.


To be brutally honest - and this goes for all kinds of valuables - if you don't care about security, hackers and accidents could take your hard-earned assets from you.This article will show you some critical risks, recommendations, and options that surround cryptocurrency, NFTs, and other digital assets.

There is a big difference between the use of traditional financial institutions to trade in stocks and manage your bank accounts, and the world of buying and selling digital currency. The key difference is highlighted in the following scenario:

If you forget the password to your bank account, you can obtain a password reset from the bank, but with native crypto, there is no one who can give you access to your funds.

Why? Because crypto is protected with digital key, a list of words, known as a seed phrase, and without this key, you cannot access your funds. This means that protecting your seed phrase is the same as protecting your funds.

You could avoid the responsibility of protecting your seed phrase by relying on a centralized exchange like Coinbase or Gemini to hold your crypto wallet for you as your custodian. When a custodial exchange controls your wallet, they are responsible for protecting the keys, and they can give you access to your cryptocurrency again if you forget your exchange password. Although this is very convenient, whatever entity controls your keys or codes also controls access to your cryptocurrency, and that comes with downsides. In uncertain times, a primary benefit of owning cryptocurrency is the ability to be your own bank and to control your own funds - this is the very promise of the Blockchain and cryptocurrency. To realize this benefit, you must control your own keys, and thus, your own security.

The risks to your seed phrase, and hence to your cryptocurrency, range from hackers attacking centralized exchanges and stealing millions of dollars worth of cryptocurrency, to fraud by the owners or employees of less well-known exchanges, to the theft of USB and other types of storage drives with seed phrases on them. However, the most likely risk is simply that you will lose access to the seed phrase because you lost the paper that you wrote it on. (9 out of 10 wallets tell you to only back up your seed phrase onto a piece of paper.)

Additional risks include the seed phrase being lost in some kind of accident (e.g., the floods and fires that plague certain regions like California), or even - despite your diligent efforts to religiously back everything up - you could simply forget the password to the encrypted drive where you stored your seed phrase.

Understanding the vectors of loss

Let's expand on each to understand clearly which solutions might be best for each situation. None of this is "rocket science," and moreover this kind of knowledge (known as "key management" - popup/glossary) is not unique to Bitcoin or cryptocurrencies, but is essential for your future security on the Internet in general. The worldwide web is now being rebuilt on decentralized principles and cryptographic technologies that help it to scale further and deeper with enforced requirements to protect our data and sovereignty.

These five risks affect everyone, and the best way to reduce them is to make sure that you carefully back up your seed phrase. The Vault12 site describes for you the most common options available. Supplementing this guidance, the crypto Wallet Guides show you how to create wallets in a secure and safe manner, highlight where you have options, and suggest when you should follow default instructions.

We hope that these articles, written by security experts, help you to navigate crypto security in a practical way so that you can enjoy participating in the exciting and empowering world of crypto.

Let's explore in a little more detail, and point you to the right resources to protect yourself.

"Safeguarding money is necessary for the crypto economy to flourish."

Cameron Winklevoss, Winklevoss Capital

What "owning your own money" really entails.

In a traditional banking scenario, clients don't have to worry about the theft of their account funds, or incorrect transactions. This is because banks work with consumers to block potentially fraudulent transactions, and to issue chargebacks for unintentional transactions. The role of the traditional bank is to provide and ensure such security.

A distributed database on a blockchain network is also extraordinarily secure and resilient. When cryptocurrency advocates explain blockchain technology, they highlight the fact that blockchains have no single point of failure. By this, they mean that there is no single place where an attacker could maliciously halt or modify the network. From a technical standpoint, blockchain transactions are extremely secure in the validation, resilience, and integrity that they provide.

However, points of failure associated with a decentralized blockchain database migrate towards the user's end of the spectrum: by managing your own money, you become the potential single point of failure in protecting your funds. How? As a cryptocurrency owner, your access to this resilient network is through your crypto wallet, and that access is granted through a digital private key that is stored in your wallet. Your seed phrase was used to generate this private key, and your seed phrase can also restore your private key if your wallet is damaged. Your careful storage and use of this private key - and your seed phrase backup - determines whether your crypto funds remain secure, or are exposed to loss or theft. In this way, as the guardian of your wallet and seed phrase, you are fully responsible for the safety of your funds.

Blockchain transactions are fast, and permanent.

The decentralized finance (DeFi) movement introduces a new paradigm in which owning your own money and participating in a decentralized financial network creates a whole new form of economic mechanics. The main concept is that instead of central authorities solely determining an economy's fate through monetary policies, monetary policy is also greatly affected by how blockchain software evolves, and by how people interact with it.

How a blockchain network settles and records transactions for a cryptocurrency is determined through the exercise of its operational protocols. Transactions, once completed, remain immutable forever. The part of that last sentence to pay close attention to is "immutable." Immutability is a characteristic that offers great security to monetary transactions since once a transaction is completed, it is committed permanently, and can not be reversed for any reason.

Settlement is very fast compared to traditional banking, where charges may be reversed long after the transaction has been completed. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.

The challenges of crypto key management.

Taking control of your own crypto keys puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. If this happened, your funds would be abandoned on the blockchain forever, since no one would be able to guess or restore that lost digital key.

Poor key management is by far the most common way that cryptocurrencies are lost. Consider that, given that many of us need to rely on "forgot password" functions to recover simple 9-character passwords, it's unrealistic to believe that we can be trusted to casually maintain a 48-character string of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days, storing his private key on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $352 million at today's (quickly-changing) coin price of $47,000. Ouch.

Key management is difficult for those that are technology-savvy — and even harder for those who aren't. Because of this predictable difficulty, estimates show that between 17 and 23 percent of all bitcoins have been lost as a result of losing a private key.

Hostile actors.

Hackers pose one of the most serious threats to cryptocurrency holders. In 2017, 13.7% of the entire world's population reported a hack of some type digital asset — including both bank account balance and cryptocurrency. This indicates two key and important points: One, hackers are rampant, and will relentlessly continue to steal from consumers. Two, consumers are not effective at personal digital security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this could be far greater of a threat than it is right now.

Hacking attacks are possible through targeted malware or virus attacks, and through other deliberate compromises. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a Chrome browser VPN extension was hacked and used to retrieve private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2 million from average consumers. In 2018, a MyEtherWallet browser plugin DNS hack let hackers steal over US$365,000 from users.

Exchanges have also not been left out of the fun — see Risk 1 below - numerous major exchanges have seen thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.

Risks and Recommendations.

Below is a summary of risks and some poignant examples, together with some common-sense recommendations. More details on how to implement security are found throughout the Vault12 site.

Risk 1 - Leaving cryptocurrency on an exchange.

When they first start trading cryptocurrency, many people end up leaving their crypto on the exchange. It's convenient, the funds and the coins are on hand to easily do transactions, but unfortunately, hackers love the fact that so much crypto is in one central place, ready for the taking.

According to to Inside Bitcoin, more than $11 billion (and counting) has been stolen not only from supposedly secure crypto exchanges but also other custodial wallets and mining platforms since 2011, mostly due to hacking incidents.

However, the number of exchange hacks is not declining. In fact, you can find up-to-date lists of cryptocurrency exchange hacks on the internet. According to NASDAQ, Cyber-attacks and hacking incidents on digital assets netted $1.8 billion in the first 10 months of 2020 alone.

Most recently, a large hack happened on the KuCoin centralized exchange in September 2020, with hackers stealing $275 million from the Singaporean exchange.

Hackers have gotten their hands on $11 billion in stolen cryptocurrency since 2011. More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets, and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed. - July 2020

Exchange hacks are not just limited to third parties - employees, and even founders of exchanges have perpetrated massive fraud.

In addition to the famous QuadrigaCX case in 2019, another top10 exchange, OKEx suffered an outrageous hack by a founder who went missing, absconding with exclusive access to users' private keys, this led to the exchange to freeze withdrawals on all users' assets for more than five weeks.

This is why it is essential that you not leave your crypto assets on exchanges, regardless of assurances to the contrary.

Recommendations:

Exchanges are the main target for hackers. Those are the biggest honeypots. So the number one rule in Crypto is, do not keep your money on an exchange, and if you're going to custody that money, you need to do it off of the exchange..."

Joe DiPasquale, BitBull Capital

Risk 2 - Storing Cryptocurrency locally.

There are many, many stories of seed phrases being backed up onto local devices and then getting lost or stolen, or the PIN/Password being forgotten - in contrast with leaving seed phrases in centralized cloud storage. The trouble with local storage is that it's easy to lose, or even for someone to target you and steal the storage device.

Recommendations:

Risk 3 - Being targeted by criminals.

With so much of our personal information available to anyone who wants to target us, the risk of your crypto being targeted is very real. Personal attacks include email phishing attacks, SIM Swap attacks that can sidestep 2-factor authentication, and various other ingenious social engineering attempts. The majority (50%) of crypto thefts in 2020 occurred on Defi protocols.

"We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting "nearly $3.78 billion" in 2020," according to a report from Atlas VPN. - Jan 2021

Recommendations:

Risk 4 - Accidental loss and natural disasters.

Data on cryptocurrency lost due to accidents and natural disasters is hard to come by, but estimates indicate it is north of $10 Billion. Accidents - losing your hardware wallet, or leaving your paper seed phrases behind because you had to evacuate California wildfires and earthquakes, have contributed. Many believe that the biggest loss comes from simply forgetting PINs and passwords - something that can happen even if you take precautions.

Tens of billions worth of Bitcoin has been locked by people who forgot their key. Of the existing 18.5 million Bitcoin, around 20 percent — currently worth around $140 billion — appear to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis. - Jan 2021

James Howells, a Welsh I.T. worker, began mining Bitcoin on a personal computer in 2009. By 2013 he had mined 7,500 Bitcoin which is worth about $270 million in Jan 2021. In 2013 he stopped mining and sold the computer he was using for parts on eBay. He kept the hard drive with the hope that Bitcoin would rise in value. In 2013 when cleaning his house he accidentally threw the drive away and it, along with the rest of his trash was taken to the local landfill in Newport, South Wales and buried. Asked how it ended up in landfill, he explained that it was "thrown out into a bin bag during a clear-out in a case of 'mistaken (hdd) identity' in summer 2013. There were two HDDs in the same drawer, the wrong one got binned? s*** happens."

The landfill reportedly contains about 350,000 tons of waste and 50,000 more tons are added every year. An article reported that "a council spokesperson said their offices have been "contacted in the past about the possibility of retrieving a piece of IT hardware said to contain bitcoins," but digging up, storing and treating the waste could cause a "huge environmental impact on the surrounding area."


Recommendations:

Risk 5 - Loss of Generational wealth.

We usually don't think of death or incapacitation while contemplating how to enter the brave new world of crypto, yet the consequences of how crypto is secured means that to ensure the accessibility of funds by future generations, specific protective steps must be taken. This starts with talking to a trust and estate lawyer to draw up a will and a plan for how beneficiaries can access assets. This can be a convoluted process. As a result, companies like Vault12 have identified solutions to provide simple and easy-to-use solutions for digital inheritance.

There is a steady drumbeat of these stories happening with worrisome regularity:

In December 2018, Gerald Cotten, the founder of the bitcoin trading exchange QuadrigaCX, died (under somewhat mysterious circumstances) resulting in the loss of $250M and the exchange going bankrupt. Gerald was only 30 years old and had not created an inheritance plan, nor were instructions of how to access the centralized assets ever found.

In April 2018, Matthew Mellon, heir to Mellon family banking fortune and former chairman of the NY Republican Party finance committee, and cryptocurrency proponent, died. Prior to his death, he held an estimated $1B in Ripple (XRP) - all of this remains were inaccessible as he left no instructions, even though he protected the cryptocurrency via cold storage in multiple locations around the US in different people's names.

In 2017, an unidentified young crypto investor in Colorado died with a small fortune in cryptocurrency held in a coinbase account. The family, however, had no access to the account and eventually had to petition Coinbase directly. Eventually the assets were released after a lengthy process. If the account holder had not been a U.S. Citizen, this would have been a much more complicated process.

Recommendations:

https://linkedin.com/in/wasima
https://twitter.com/wasima
https://startag.xyz/wasima

Featured Articles

avatar-icon

Wasim Ahmad

Wasim is a serial entrepreneur with five exits, and an advisor in the fields of AI, blockchain, cryptocurrency, and encryption solutions. At Vault12, he led the private and public fundraising efforts, and focuses today on expanding the Vault12 ecosystem. His crypto experience began with AlphaPoint, where he worked with the founding team to launch the world's first crypto trading exchanges.

Previously he was a founding member of Voltage Security, a spinout from Stanford University, that launched Identity-Based Encryption (IBE), a breakthrough in Public Key Cryptography, and pioneered the use of sophisticated data encryption to protect sensitive data across the world's payment systems. Wasim serves on the board of non-profit, StartOut, and is a Seedcamp and WeWork Labs global mentor.

Wasim graduated with a Bachelor of Science degree in Physics and French from the University of Sussex.

avatar-icon

Vault12

Social Recovery Vault for Digital Asset Security + Digital Inheritance for protecting the future of money.

star-background

Backup and Inheritance for Bitcoin

vault12-guard
Vault12 Guard Explainer
Get the Vault12 Guard app onto your phone
QR code Vault12 Crypto/NFT InheritanceDownload Vault12 on App StoreDownload Vault12 on Google Play
Vault12 app mockup
Scroll down
Close

Vault12 Product Demo

Get The Vault12 App Onto Your Phone

Download Vault12 on App StoreDownload Vault12 on Google Play
Decorative Background

Get started now.

Vault12 Guard is now available from the iOS and Android App Stores.
Download Vault12 on App StoreDownload Vault12 on Google Play
Close
Start protecting your digital assets: Free 30-day trial available today.