Unless you’ve been living under a rock, you’ll have heard all about the Bitfinex hack and its peculiar perpetrators.
The strangest part of the story? The fact that they’d managed to get away with a $3.6 billion exploit (or played a role in the handling of the funds), only to get caught by failing to adhere to the most basic tenets of crypto storage.
Crypto and blockchain is a new and fast-developing technology, and the very notion of self-custody is one of its greatest features, but this is also the thing which puts off would-be-investors.
Hopefully, you’re not as dimwitted as “Dutch Lichtenstein”, one half of the Bitfinex duo, but it’s always worth remembering the foundational principles of good practice when it comes to crypto security!
- Risks of hot storage – mobile wallets have a higher chance of being hacked.
- Use a cold wallet such as Ledger or Trezor.
- Never give your private keys to ANYONE!
The alleged Bitfinex hackers got caught, and it wasn’t because of their activity on TikTok (even though some of those videos were criminally bad).
The actual reason they got caught is because they left themselves exposed.
The blacklisted stolen BTC was moved at the start of February 2022, triggering the alarm. And according to the Department of Justice (DOJ), the careless hackers had already left some “tracks.”
Dutch Lictenstein left his private key on the cloud
And it spelled disaster. Any cloud service provider (if centralized) can be subpoenaed and be forced to give unrestricted access to its data.
Law enforcement were then able to decrypt the keys, and connect the Bitfinex hacks to the perpetrators, in spite of the fact the keys were encrypted.
Do not be like them.
DON’T STORE YOUR PRIVATE KEYS ON THE CLOUD!
Of all people, Dutch should have known better. Just check out his LinkedIn!
Not your keys, not your coins!
Okay, we’ve established what not to do. But what can you do?
We sat down with a cybersecurity guru to run through the best ways to protect your crypto (from thieves or unwanted attention!)
The advantages of using a custodian service
Custodian companies are third parties that store and protect your private keys. They’re ideal for both individuals and companies. Most companies use 3rd party custodians because they offer a level of security in case of a breach. To improve their value proposition, custodians implement a multi-layered authorization process that further enhances their security levels.
The disadvantages of using a custodian service
Even though they ensure safe key storage, custodians are contrary to the idea of private key ownership. Because the custodians own your private keys, that means they also own your asset. This makes your assets vulnerable to third parties – especially if the custodian is centralized.
Because most custodians cater to businesses, they require Know-Your-Customer (KYC), contrary to the degen ethos!
Cold vs hot wallets
Cold storage means keeping your private keys on a device not connected to the internet. This might seem a no-brainer to some, but some users – especially the newly converted – overlook the security threats associated with a hot wallet (which works in your browser, or as an app).
We advocate using a hardware wallet (cold storage), with Trezor and Ledger being popular examples.
Trezor uses open-source code, which adds an additional layer of security. On the other hand, Ledger is equally valuable because it has a bigger storage capacity and supports a wider range of assets. So, for the sake of simplicity, let’s imagine you’re using the latter.
- Best Ledger practices!
A Ledger is the one of the best, and safest ways to store your crypto. Nevertheless, there are still things to watch out for.
Here are a few tips to ensure you are entirely protected:
Always order the Ledger from their official website, because wallets bought from third parties could be compromised. The Ledger Nano X has a bigger storing capacity than the Nano S, allowing you to add more different tokens.
Upon receiving the box, always check that the package hasn’t been tampered with (or is missing any of its contents). If you have any doubt, return the package immediately because the Ledger device could be compromised.
Set it up by generating the 24-word seed phrase and generating a backup code to restore the device. Creating a new security layer is advised by adding another seed word for extra protection. If that’s too confusing, stick with a single seed phrase. But store it well! Very well. Don’t take a photo of it (and upload it to the cloud!). Don’t keep it on a device connected to the internet. We suggest storing your seed phrase both digitally (offline on a USB stick) and (or) writing it on a piece of paper before storing it in a place that is completely safe from prying eyes.
- Storing your seed phrase
For extra protection, especially if you are storing large sums of money, you can split the 24 words into three groups of 8 words. The first eight letters are group A, then B and C. Decide on three people you trust (with your life)! First, give one person words from groups A and B. Next, give the second person you trust words from groups B and C. Finally, give the last person words from groups A and C.
If someone runs off with your keys, they would still need another person to gain full access – and frankly, they’re not your friend. Therefore, you need only 2 out of the three people to regain control of your wallet. And those friends would need to collude to gain access.
Even if you are a crypto millionaire or just starting on your journey, asset security is paramount! Poor security could leave you REKT. We suggest always using cold wallets for storing your tokens and never giving out your private keys to strangers (or close friends, unless you’ve followed the A, B and C approach). Unlike the Bitfinex hackers, using best practices is a prerequisite as far as we’re concerned. Failure to do so could have potentially disastrous consequences!