Download the Vault12 app today.

Digital lock
Basics of Crypto Security

Why should you care about Cryptocurrency Security?

The five categories of risk to cryptocurrency investors that everyone should know, some high profile stories of staggering losses, and some recommendations that may protect your digital assets.




TL;DR

If you trust any institution to protect your seed phrase for you, you are not taking advantage of the greatest feature of cryptocurrency: independence.

If you lose your seed phrase, and you don't have a backup, your crypto is gone.

If someone steals your seed phrase and takes your crypto, you will probably never get it back.

If you don't share access to your seed phrase with anyone at all, your heirs will not be able to access it.

There are solutions and best practices that can help you protect your crypto.

Risks with Cryptocurrency.


To be brutally honest, and this goes for all kinds of valuables, if you don't care about security, then hackers and accidents could take your hard earned assets from you. This site is designed to show you options available from the industry, and this article outlines the risks and makes recommendations.

There is a big difference between using traditional financial institutions to trade in stocks and manage your bank accounts, and the world of buying and selling digital currency. This key difference is highlighted in the following scenario:

If you forget the password to your bank account, you can obtain a password reset from the bank, but with native crypto, there is no one who can give you access to your funds.

Why? Because crypto is protected with digital key, a list of words, known as a seed phrase, and without this key, you cannot access your funds. This means that protecting your seed phrase is the same as protecting your funds.

You could avoid the responsibility of protecting your seed phrase if you were to rely on a centralized exchange like Coinbase or Gemini to hold your crypto wallet for you as a custodian. When a custodial exchange controls your wallet, they are responsible for protecting the keys, and they can give you access to your cryptocurrency again if you forget your password to the exchange. Although this is super-convenient, you must keep in mind that whatever entity controls your keys or codes also controls access to your cryptocurrency, and that comes with downsides as well as the upside of convenience.

In uncertain times, a primary benefit of owning cryptocurrency is the ability to be your own bank and to control your own funds - this is the very promise of the Blockchain and cryptocurrency - but to realize this benefit, you must control your own keys, and thus, your own security.

The risks to your seed phrase, and hence to your cryptocurrency, range from hackers attacking centralized exchanges and stealing millions of dollars worth of cryptocurrency, to fraud by the owners or employees of less well-known exchanges, to the theft of USB and other types of storage drives with seed phrases on them. However, the most likely risk is simply that you will lose access to the seed phrase because you lost the paper that you wrote it on. (9 out of 10 wallets tell you to only back up your seed phrase onto a piece of paper.)

Additional risks include the seed phrase being lost in some kind of accident (e.g., the floods and fires that plague certain regions like California), or even - despite your diligent efforts to religiously back everything up - you could simply forget the password to the encrypted drive where you stored your seed phrase.

Understanding the vectors of loss

Let's expand on each to understand clearly which solutions might be best for each situation. None of this is "rocket science," moreover this kind of knowledge (known as "key management" - popup/glossary) is not unique to Bitcoin or cryptocurrencies, but is essential for your future security on the Internet in general. The worldwide web is now being rebuilt on decentralized principles and cryptographic technologies that help it to scale further and deeper with enforced requirements to protect our data and sovereignty.

These risks affect everyone, and the best way to reduce them is to make sure that you carefully back up your seed phrase. This site describes for you the most common options available. Supplementing this guidance, the crypto Wallet Guides show you how to create wallets in a secure and safe manner, highlight where you have options, and suggest when you should follow default instructions.

We hope that these articles, written by security experts, help you to navigate crypto security in a practical way so that you can enjoy participating in the exciting and empowering world of crypto.

Let's explore in a little more detail, and point you to the right resources to protect yourself.

Safeguarding money is necessary for the crypto economy to flourish."

Cameron Winklevoss, Winklevoss Capital

What "owning your own money" really entails.

In a traditional banking scenario, clients don't have to worry about the theft of their account funds, or incorrect transactions. This is because banks work with consumers to block potentially fraudulent transactions, and to issue chargebacks for unintentional transactions. The role of the traditional bank is to provide and ensure such security.

A distributed database on a blockchain network is also extraordinarily secure and resilient. When cryptocurrency advocates explain blockchain technology, they highlight the fact that blockchains have no single point of failure. By this, they mean that there is no single place where an attacker could maliciously halt or modify the network. From a technical standpoint, blockchain transactions are extremely secure in the validation, resilience, and integrity that they provide.

However, points of failure associated with a decentralized blockchain database migrate towards the user's end of the spectrum: by managing your own money, you become the potential single point of failure in protecting your funds. How? As a cryptocurrency owner, your access to this resilient network is through your crypto wallet, and that access is granted through a digital private key that is stored in your wallet. Your seed phrase was used to generate this private key, and your seed phrase can also restore your private key if your wallet is damaged. Your careful storage and use of this private key - and your seed phrase backup - determines whether your crypto funds remain secure, or are exposed to loss or theft. In this way, as the guardian of your wallet and seed phrase, you are fully responsible for the safety of your funds.

Blockchain transactions are fast, and permanent.

The decentralized finance (DeFi) movement introduces a new paradigm in which owning your own money and participating in a decentralized financial network creates a whole new form of economic mechanics. The main concept is that instead of central authorities solely determining an economy's fate through monetary policies, monetary policy is also greatly affected by how blockchain software evolves, and by how people interact with it.

How a blockchain network settles and records transactions for a cryptocurrency is determined through the exercise of its operational protocols. Transactions, once completed, remain immutable forever. The part of that last sentence to pay close attention to is "immutable." Immutability is a characteristic that offers great security to monetary transactions since once a transaction is completed, it is committed permanently, and can not be reversed for any reason.

Settlement is very fast compared to traditional banking, where charges may be reversed long after the transaction has been completed. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.

The challenges of crypto key management.

Taking control of your own crypto keys puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. If this happened, your funds would be abandoned on the blockchain forever, since no one would be able to guess or restore that lost digital key.

Poor key management is by far the most common way that cryptocurrencies are lost. Consider that, given that many of us need to rely on "forgot password" functions to recover simple 9-character passwords, it's unrealistic to believe that we can be trusted to casually maintain a 48-character string of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days, storing his private key on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $352 million at today's (quickly-changing) coin price of $47,000. Ouch.

Key management is difficult for those that are technology-savvy — and even harder for those who aren't. Because of this predictable difficulty, estimates show that between 17 and 23 percent of all bitcoins have been lost as a result of losing a private key.

Hostile actors.

Hackers pose one of the most serious threats to cryptocurrency holders. In 2017, 13.7% of the entire world's population reported a hack of some type digital asset — including both bank account balance and cryptocurrency. This indicates two key and important points: One, hackers are rampant, and will relentlessly continue to steal from consumers. Two, consumers are not effective at personal digital security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this could be far greater of a threat than it is right now.

Hacking attacks are possible through targeted malware or virus attacks, and through other deliberate compromises. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a Chrome browser VPN extension was hacked and used to retrieve private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2 million from average consumers. In 2018, a MyEtherWallet browser plugin DNS hack let hackers steal over US$365,000 from users.

Exchanges have also not been left out of the fun — see Risk 1 below - numerous major exchanges have seen thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.

Risks and Recommendations.

Below is a short summary of risks and some poignant examples, together with some common-sense recommendations. More details on how to implement security are found throughout this site.

Risk 1 - Leaving cryptocurrency on an exchange.

When they first start trading cryptocurrency, many people end up leaving their crypto on the exchange. It's convenient, the funds and the coins are on hand to easily do transactions, but unfortunately, hackers love the fact that so much crypto is in one central place, ready for the taking.

According to to Inside Bitcoin, more than $11 billion (and counting) has been stolen not only from supposedly secure crypto exchanges but also other custodial wallets and mining platforms since 2011, mostly due to hacking incidents.

However, the number of exchange hacks is not declining. In fact, you can find up-to-date lists of cryptocurrency exchange hacks on the internet. According to NASDAQ, Cyber-attacks and hacking incidents on digital assets netted $1.8 billion in the first 10 months of 2020 alone.

Most recently, a large hack happened on the KuCoin centralized exchange in September 2020, with hackers stealing $275 million from the Singaporean exchange.

Hackers have gotten their hands on $11 billion in stolen cryptocurrency since 2011. More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets, and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed. - July 2020

Exchange hacks are not just limited to third parties - employees, and even founders of exchanges have perpetrated massive fraud.

In addition to the famous QuadrigaCX case in 2019, another top10 exchange, OKEx suffered an outrageous hack by a founder who went missing, absconding with exclusive access to users' private keys, this led to the exchange to freeze withdrawals on all users' assets for more than five weeks.

This is why it is essential that you not leave your crypto assets on exchanges, regardless of assurances to the contrary.

Recommendations:

Exchanges are the main target for hackers. Those are the biggest honeypots. So the number one rule in Crypto is, do not keep your money on an exchange, and if you're going to custody that money, you need to do it off of the exchange..."

Joe DiPasquale, BitBull Capital

Risk 2 - Storing Cryptocurrency locally.

There are many, many stories of seed phrases being backed up onto local devices and then getting lost or stolen, or the PIN/Password being forgotten - in contrast with leaving seed phrases in centralized cloud storage. The trouble with local storage is that it's easy to lose, or even for someone to target you and steal the storage device.

Recommendations:

Risk 3 - Being targeted by criminals.

With so much of our personal information available to anyone who wants to target us, the risk of your crypto being targeted is very real. Personal attacks include email phishing attacks, SIM Swap attacks that can sidestep 2-factor authentication, and various other ingenious social engineering attempts. The majority (50%) of crypto thefts in 2020 occurred on Defi protocols.

"We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting "nearly $3.78 billion" in 2020," according to a report from Atlas VPN. - Jan 2021

Recommendations:

Risk 4 - Accidental loss and natural disasters.

Data on cryptocurrency lost due to accidents and natural disasters is hard to come by, but estimates indicate it is north of $10 Billion. Accidents - losing your hardware wallet, or leaving your paper seed phrases behind because you had to evacuate California wildfires and earthquakes, have contributed. Many believe that the biggest loss comes from simply forgetting PINs and passwords - something that can happen even if you take precautions.

Tens of billions worth of Bitcoin has been locked by people who forgot their key. Of the existing 18.5 million Bitcoin, around 20 percent — currently worth around $140 billion — appear to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis. - Jan 2021

James Howells, a Welsh I.T. worker, began mining Bitcoin on a personal computer in 2009. By 2013 he had mined 7,500 Bitcoin which is worth about $270 million in Jan 2021. In 2013 he stopped mining and sold the computer he was using for parts on eBay. He kept the hard drive with the hope that Bitcoin would rise in value. In 2013 when cleaning his house he accidentally threw the drive away and it, along with the rest of his trash was taken to the local landfill in Newport, South Wales and buried. Asked how it ended up in landfill, he explained that it was "thrown out into a bin bag during a clear-out in a case of 'mistaken (hdd) identity' in summer 2013. There were two HDDs in the same drawer, the wrong one got binned? s*** happens."

The landfill reportedly contains about 350,000 tons of waste and 50,000 more tons are added every year. An article reported that "a council spokesperson said their offices have been "contacted in the past about the possibility of retrieving a piece of IT hardware said to contain bitcoins," but digging up, storing and treating the waste could cause a "huge environmental impact on the surrounding area."


Recommendations:

Risk 5 - Loss of Generational wealth.

We usually don't think of death or incapacitation while contemplating how to enter the brave new world of crypto, yet the consequences of how crypto is secured means that to ensure the accessibility of funds by future generations, specific protective steps must be taken. This starts with talking to a trust and estate lawyer to draw up a will and a plan for how beneficiaries can access assets. This can be a convoluted process. As a result, companies like Vault12 have identified solutions to provide simple and easy-to-use solutions for digital inheritance.

There is a steady drumbeat of these stories happening with worrisome regularity:

In December 2018, Gerald Cotten, the founder of the bitcoin trading exchange QuadrigaCX, died (under somewhat mysterious circumstances) resulting in the loss of $250M and the exchange going bankrupt. Gerald was only 30 years old and had not created an inheritance plan, nor were instructions of how to access the centralized assets ever found.

In April 2018, Matthew Mellon, heir to Mellon family banking fortune and former chairman of the NY Republican Party finance committee, and cryptocurrency proponent, died. Prior to his death, he held an estimated $1B in Ripple (XRP) - all of this remains were inaccessible as he left no instructions, even though he protected the cryptocurrency via cold storage in multiple locations around the US in different people's names.

In 2017, an unidentified young crypto investor in Colorado died with a small fortune in cryptocurrency held in a coinbase account. The family, however, had no access to the account and eventually had to petition Coinbase directly. Eventually the assets were released after a lengthy process. If the account holder had not been a U.S. Citizen, this would have been a much more complicated process.

Recommendations:

Basics of Crypto Security

Why should you care about Cryptocurrency Security?

The five categories of risk to cryptocurrency investors that everyone should know, some high profile stories of staggering losses, and some recommendations that may protect your digital assets.

Discover More

Featured Articles

Inheritance and long term storage for Cryptocurrency

Vault12 Explainer
Get the Vault12 app onto your phone
QR code Vault12 Crypto/NFT InheritanceDownload Vault12 on App StoreDownload Vault12 on Google Play
Vault12 app mockup
Scroll down
Close

Vault12 Product Demo

Get The Vault12 App Onto Your Phone

Download Vault12 on App StoreDownload Vault12 on Google Play
Screenshots of Vault12 app showing successful inheritance activation

Digital Inheritance: Get ready today.

Vault12 Digital Inheritance is the first solution to offer a simple, direct, and secure way to ensure cryptocurrency, NFTs and other Web3 digital assets can be inherited by future generations.

Digital Inheritance enables investors to designate an individual or a mobile device as a guardian that will inherit their entire portfolio of digital assets stored in a secure digital Vault once the time comes, eliminating undue risk and the need to continually update an inventory or issue updated instructions which result in privacy leakage.

screenshot of Vault12 app showing how to create a vault and how to select a wallet to secure

Securely store Cryptocurrency, NFTs and Secrets.

Designed to be used alongside traditional hardware, software, and online wallets, Vault12 helps cryptocurrency owners, professional crypto traders, and high net worth investors safeguard their digital assets without storing anything in the cloud or in fact any one single location. This increases the protection and decreases the risks of loss.

The Vault12 app helps you store, back up, and provide legacy inheritance for all your digital assets, including Bitcoin, Ethereum, NFTs, other cryptocurrencies, secrets like keys, seed phrases, PIN codes, DAO project keys, digital art, and of course, your crypto wallets.

Screenshot of Banksy Love is in the Air NFT from Particle Collection in Digital Vault

Collectors, ensure your Art is protected for the future

Whether your digital art is suitable for a phone, or represents much higher resolution multimedia, make sure that you have backed up a copy in case the resource link is disrupted in the future. Digital art can easily be added to the Vault either via the mobile app or via the desktop utility. Once you have stored your artwork in your Vault, it will also benefit from inheritance once you activate that in your app.

Illustration of creator with NFT in their digital Vault and collectors looking on

Creators, protect your Projects.

As a creator you can use Vault12 to safeguard not just your NFT and crypto wallets, but also original digital artwork. Project creators will always have to deal with multiple wallets - inventory, treasury as well as future royalty wallets.

Vault12 safeguards your project assets, increasing protection and decreasing the risks of loss, whilst ensuring that everything is ready to go to be passed onto future generations, when the need arises.

Learn

Step-by-step guides for setting up your digital Vault and adding assets, recovering assets, inheriting and restoring Vaults. Vault12 Web3 personal security helps you recover, back up, and inherit all assets stored in your Vault including Bitcoin, Ethereum, crypto, private keys, seed phrases, wallets, NFTs and digital art.

Teacher explaining how to to use Vault12

With the latest release of Vault12, now available in both iOS App Store and Google Play we have streamlined how you can use VGT to upgrade your Vault or fund your Vault for future. Right now there is a 50% discount on all plans if you fund your Vault with VGT.

Two people opening a large Vault with digital assets

How to get the Vault12 app, create your own Digital Vault, and assign trusted Guardians to guard your Vault.

Decorative Background

Get started now.

The Vault12 app is now available from iOS and Android app stores.
Download Vault12 on App StoreDownload Vault12 on Google Play
Close
Start protecting your digital assets: Free 30-day trial available today.