Cryptocurrency has taken off this year faster than almost anything I have ever seen before. The market was at $20 billion earlier this year and as of the time of writing is over $129 billion. That's well over 6x in a matter of months. From my perspective, the trend is growing into the mainstream faster than smartphones, faster than apps, and faster than the internet itself.
With this kind of rapid growth and more millionaires being made monthly than anything I've seen before, it draws out some bad apples too. In this case, the bad apples are hackers and other individuals looking to literally steal from people.
By the end of this article, you will know 3 strong ways to protect your cryptocurrency against hackers.
There have been countless stories of hackers going after both individuals and companies to steal in some cases up to $460+ million dollars with a single hack.
I decided that the only way to get the best information would be to go directly to the hackers themselves to find out how people can protect themselves. Not all hackers are are evil criminals, in fact most aren't. There are "whitehat" hackers that basically test vulnerabilities for people and companies as a service.
My network pointed me to two individuals, Hartej Sawhney and Bryan Larkin. Hartej's firm Hosho is a smart contract auditing firm. That basically means they test vulnerabilities in smart contracts so the ICOs that are raising millions don't get hacked. These smart contracts hold 10s of millions of dollar (sometimes hundreds of millions) and need to be vulnerability tested. Hartej is a well put together business man that speaks around the word about security and cryptocurrency, amongst other things. He runs a team of these smart contract auditors and has a deep understanding of smart contracts and how to properly audit them, as well as digital security in general.
Next was Bryan Larkin. Bryan, who works with the titans of the cryptocurrency and blockchain space like Brock Pierce through Faction One, literally embodies the word hacker in every way imaginable. If I were casting a movie and had to select a "hacker" Bryan Larkin would be the guy I would pick. He goes to all the hacker conventions like DEFCON, has been at it since he was literally a kid, and is the last person you would ever want upset at you or your digital business. Fortunately, Bryan has taken more of the whitehat hacker approach, which means he uses his abilities and skills for good rather than stealing or evil.
I sat down with both of them to validate my ideas on the topic. Here are the 3 ways takeaways I got from them. If you hold cryptocurrency you are going to want to read and understand these things.
1. Cold storage devices locked up at a secure location
One great way to protect cryptocurrency vs hackers is to put the crypto on cold storage and lock it up at a bank safety deposit box or another secure location. This takes it off of exchanges and out of the cloud, so it can't be hacked online.
Cold storage basically means a device or drive that is not connected to the internet. Cold storage is secure because then it is almost impossible to remotely hack it, unless it is connected to a network. You would have to physically control the device or drive to hack or access it.
Ledger Nano S and Trezor are two of the more commonly used drives to store cryptocurrency on. They are supported by a lot of supplementary platforms. However, you could literally just use a thumb drive with a strong encryption as well.
It may seem paradoxical to lock up cryptocurrency at a bank, so you could also get a storage locker, casino safe deposit box, or any number of other secure locations instead, if you are anti-banks.
2. Don't leave crypto on the exchanges for more than is necessary for trading
If you aren't actively trading cryptocurrency, all of the experts recommend taking it off of the exchanges immediately.
Even if your personal account is secure, as we saw with the Mt. Gox hack, even the exchanges can be hacked. If they lose all of the crypto that they are holding on your behalf, and they are not insured (none of them are) then you will likely never see it again.
The best bet is to control your own crypto. Keep it secure in cold storage at safe locations when you aren't actively trading.
3. Two factor authentication is a must
If you must keep your crypto on exchanges for active trading or whatever reason then you need to understand what this is and how to use it.
Bryan emphasized strongly, "If you are not using a 2 factor authenticator then you are a target."
What he's describing are various systems that most of the cryptocurrency exchanges now support that generate a random code every time you try to access the platform. This is in addition to a regular strong password.
There are several but Google Authenticator is one of the more popular ones, and is extremely easy to setup. This is all setup on your phone on their app. There is no account to register just the app. The pro is that there is no Google Authenticator account to hack or get access to it, they would have to have physical access to your phone. The con is that if you lose your phone it could be quite hard to get back into your account.
After it's setup you will then have to enter the random code generated on the app every time you login. This doesn't make hacking impossible, it just makes it harder.
One thing that Hartej and Bryan both explained to me was that text message based two factor authentication was not secure enough. There have been some hackers going around calling up phone companies and trying to reset peoples SIM cards. They would get a SIM card reset and sent to a different address, then access your text messages. You can safeguard against this by not using text message based two factor. If you do have to use it for some reason then call up your phone provider and tell them that no changes shall be allowed over the phone for your account, only in person at a branch after showing valid ID. Tell them to lock your account down, most will oblige.
At the end of the day, just about anything can be hacked. These safeguards will help deter people from going after you. Most hackers will go after the easy targets that are making it dead obvious how and where to hack them, and store all their cryptocurrency in one easy to hack location. If you make it hard, or really hard, they will likely target someone easier to hack.
You should do your own research before getting involved in any cryptocurrency. Nothing stated here should be considered investment advice.