The Bullet No.14 Best Not F*** With Security
TL;DR Protect yourself online by adopting the same principles as offline
Up until the age of 16, I never swore. I think I saw it as some kind of moral crusade, that got entrenched though secondary school teasing. I’ve made up for lost time since and was using all the colourful language I could muster last week, when I managed to accidently snap a USB stick that I’d been using for far too long without backing up the data saved on it. The documents on the stick are gone forever, but happily it’s more annoying than terminal, as most of the information I can source another way and the rest is a matter of redoing some of the work. That’ll cost me a bit of time, the most precious of all commodities, but nothing more. However, it was a good reminder of the importance of keeping information secure and safe in a digital world, which clearly applies to Bitcoin and crypto too. 4 bullets should cover the different methods and challenges when safeguarding your digital assets:
1. Exchanges
When someone first dips their toes into acquiring a crypto/digital asset, they typically buy it from an exchange, unless they have been given it directly by someone else or received it through mining. There are many exchanges available, some better than others, and some of the leading ones you may have heard of are Coinbase, Kraken, Crypto.com, Bitstamp, Binance and CoinCorner. All you have to do is register some basic personal information, so it’s definitely not an anonymous method, and you can be up and running in less than 10 mins. I’ve often described exchanges as similar to banks, because once you’ve purchased, you can choose to leave your asset on the exchange and in your personal account. There are risks associated with this though because you’re trusting the exchange to hold your assets safe for you and your deposits are not underwritten in the same way that traditional bank deposits are. There have been examples in the past where exchanges have been hacked and people have lost their funds, Mt Gox in 2014 being the most famous example. Exchange security is improving these days and it is big business with established companies that have been operating now for several years. Coinbase itself is valued at $57Bn, at time of writing, so they clearly have sizeable resources to protect the assets they hold on behalf of their customers. However, you also have to be careful that your individual account isn’t hacked through poor password management or having your identity stolen. Due to this, some people seek greater security and self-determination by choosing to store their assets off the exchanges, which can be done through hot or cold wallets.
2. Hot Wallets
A hot wallet is where the asset is accessed in a more direct way, either with an app on your phone/desktop or via a device similar to a USB stick. If an exchange is like a bank, a hot wallet is like keeping notes or coins in your physical wallet that you keep in your pocket. If you lose your wallet or have it stolen, it’s gone forever, so you’d be unwise to keep all your stuff in it, just as you would in the physical world. Hot wallets are useful and convenient for simple, quick, and easy access to your assets but because of that, they’re the most open to being lost or stolen. For example, there have been a few recent cases where people have lost everything that they own on Metamask wallets, simply by clicking on a link sent by a scammer, so you need to be careful.
3. Cold Wallets or Hardware Wallets
The analogy here is like a safe deposit box, where you are the only person who knows the combination or has the keys to open it. There’s a phrase in the crypto community that goes “not your keys, not your coins”. Remember, your assets aren’t real in a physical sense, they’re a record of what a specific address on a blockchain owns and whoever has the keys to access that address can control how those assets are used. Cold Wallets enable you to hold the keys to a blockchain address offline by using a cold wallet device similar to a USB that you can store in a safe place, and which only you control the passwords to access. If you lose the device or it is damaged, you can buy a new one and access the assets by simply remembering the address code and a set of pass phrases. Ledger and Trezor hardware wallets are some of the most popular and if you buy one, you should be careful that it’s not been used before or tampered with in any way. Buy direct from these companies and don’t buy second hand. While it is more inconvenient and slower to access your assets this way, many people believe it is more secure and ultimately puts the responsibility into your own hands, while also being better protected against confiscation or loss.
4. Advanced Self-Custody
More recently, services are starting to pop up like Casa to provide even greater security by offering multiple keys, where the majority of them need to be used to authorise any transaction. This limits any single point of failure. Casa do a good job of explaining how it works on their website, so I recommend going there if you’re keen to find out more.
As with everything in crypto, things are advancing fast and security services should improve. However, thieves will also use technology to become more sophisticated too. If you choose to play in this digital asset world, the best advice is to exercise the same caution as you do in the physical world. Be wary, use backups and understand the risks. Then hopefully you won’t feel the need to turn the air blue.
Peace, love and Bitcoin, you f***ers
Rob