Given the security vulnerabilities with the bitcoin cryptocurrency — or any cryptocurrency for that matter — it is extremely important for users to minimize or eliminate the risk of getting their bitcoin stolen. The following tips will allow you to take advantage of the wonderful features of the cryptocurrency with greater safety and peace of mind.
Keep Your Private Key
A bitcoin wallet, simply, has two important parts: a public and private key. The public key is your public address for receiving or sending funds and the private key is proof of ownership of the address. The public address can be generated from the private key, since it is a short-hand of it, but with the public address alone the private key cannot be ascertained. For this reason, if a user loses his or her private key with funds stored in its associated public address, the coins will be lost forever.
Thus, the most important safety tip about bitcoin is safely storing the private key. A private key will allow anyone to withdraw funds from its associated wallet address. So, whenever you create a bitcoin wallet or account, make sure you immediately print or write down your private key. If you are writing it, make sure to double or triple check that it is correct. You must then keep the private key in a safe place where no one else can find it who might want to take possession of your bitcoin.
One option for those with a significant amount of funds in cryptocurrencies is to use a hardware wallet, which encrypts and stores a user’s private key, offering users an additional layer of security. Hardware wallets can vary in price, with some costing over $100. These wallets are essentially thumb drives offering advanced encryption. Many users find these convenient for safely accessing a number of cryptocurrencies with one device.
Beware of Exchanges
Exchanges such as Poloniex, Bitfinex, Bittrex, and others can be vulnerable to hacking, given that they are prime targets among cyber thieves. These exchanges, as of today, are reputable and reportedly store most of their clients’ coins in “cold storage” — away from the reach of hackers — though their vulnerability to a significant hacking attack is ever-present. Additionally, these exchanges control your private keys, so you will not have true possession of your coins until you send them to your own wallet away from the exchange. While skepticism is warranted toward the above reputable exchanges, even more skepticism is warranted toward smaller ones lacking an established track-record and lacking transparency of ownership or control.
Besides the risk of hackers targeting exchanges, there is the risk of funds getting stolen by those operating within exchanges. Two noteworthy examples are Mt.Gox and Cryptsy, two formerly large cryptocurrency exchanges. At one point Mt.Gox handled up to 70 percent of bitcoin transactions. Mt.Gox filed for bankruptcy in February 2014 due to an alleged hack of a massive number of customer funds, and it is widely believed that the CEO Mark Karpelès embezzled funds from the exchange, for which he was found guilty and sentenced to prison in Japan. In the case of Cryptsy, the company claimed it was hacked and lost a massive number of bitcoins as a result. Users were complaining at Bitcointalk.org and other online forums of being locked out of their accounts and repeatedly lied to by representatives of the company. Following the company’s declared insolvency in early 2016, the founder of Cryptsy, Paul Vernon (“Big Vern”), vanished, with reports that he fled to China with millions of dollars of customer funds. At the time of insolvency, the company reportedly had well over 100,000 registered users.
Use Two-Factor Authentication
Two-factor authentication, which requires an additional confirmation besides a password to gaining access to an account, presents an additional hurdle for hackers. Two-factor authentication can be set up on reputable exchanges to send you a code via text or SMS, via email, or via an app such as Google Authenticator to provide access to a website after the account password has been provided. So, if a hacker obtains your password, the two-factor authentication can prevent him or her from accessing your account and funds. It is essential that two-factor authentication be set up at exchanges, as funds are commonly stolen from customers who were too lazy to set this up. Hackers have numerous vectors for getting passwords, from hacking into exchanges to injecting malicious code into a bitcoin owner’s computer, giving the hacker all of the websites and passwords used by the victim.
Use Complex Passwords and Change Them
It is also important to use passwords that are hard for software programs to crack. Statistically, a large percentage of internet users use simple passwords that can be obtained by brute force software that simply tries commonly used passwords from a dictionary until the account is compromised. Use unique names and phrases, and add unique numbers and special characters for added security.
Make sure you use different passwords for different accounts or websites. By using different passwords, you keep a hacker who has obtained your username and password of one account from accessing other accounts. Also, regularly change your passwords, assuming that one of your accounts has been breached at some point, since breaches are inevitable, especially of big and reputable companies that pride themselves on their security.
Keep Your Antivirus Software Updated
Make sure you use a good antivirus program and keep it continually updated to protect the devices you use. Antivirus programs should be installed on all devices used to access email and financial services, including your mobile phone. While hackers can bypass antivirus programs, they present yet another hurdle for them. Make sure you continually scan your devices to ensure they are not infected with malicious code.
Summing It Up
By following these tips, you and other owners of cryptocurrency will minimize the risk of theft or loss when interacting online. You should never underestimate the lengths hackers will go through to compromise you and others, nor their skills in achieving their ends. You must always be alert and proactive to protect your money.