Did you hear that OpenSea’s list of user emails was compromised this week? Did you hear that North Korea appears to be out there stealing crypto still?
So… What are we supposed to do about it?
Well, let’s go back to basics for a moment: If a hacker can’t access your assets online, they can’t get them. To steal your crypto or NFT from the blockchain, a thief needs its individual “key” first. And since that’s basically just an encrypted password, you can keep that data anywhere you want. You don’t have to use the wallet within MetaMask, Coinbase (NASDAQ:COIN), or however you obtained the crypto/NFT.
What I’m saying is: This is just the kind of time when plenty of people start moving digital assets from those “hot wallets” to “cold storage.”
And there’s a lot going on in this area of the New Digital World lately – so we’ll get caught up here today.
How to Guard Your Keys While You Trade & Invest
If you haven’t already, consider taking the long weekend to move your private keys offline. That way, if a thief wants them, they’ll have to physically steal them.
If you’re willing to literally jot down the keys on a piece of paper or in a flash drive – some people even etch them into a piece of wood or metal – you can easily do so by following these steps.
However! Hardware wallets are easy to find these days, Ledger and Trezor being the big brands. And they’re expressly designed for cold storage. Jordan Spence of MyCrypto/MetaMask makes the case here that “real” wallets are better even than encrypted flash drives.
With Ledger or Trezor, you can recover crypto from a lost wallet: The device can generate a seed phrase offline that you can use to regain access in a new wallet.
Now you can even “stake” that crypto to earn yield and get NFTs using the Ledger Live app, which can communicate with your hardware wallet. Your private keys stay inside the wallet; you simply sign off on every transaction using the wallet device.
Cold storage puts you so in control of your crypto that…
Governments Are Starting to Dislike “Un-hosted Wallets”
Officials and bankers in Russia would like to outlaw cold storage, a.k.a. “non-custodial wallets” or “un-hosted wallets.” And while Russia is, shall we say, a unique country… At least one EU nation is banning them, too: Lithuania.
As for the rest of them… The European Union reached a final deal yesterday on its big Markets in Crypto Assets (MiCA) bill.
“Consumer protection and environmental safeguards” in MiCA got more focus in the press coverage. But un-hosted wallets are also in there – with a know-your-customer (KYC) provision:
“In case a customer sends or receives more than 1000 euros to or from their own un-hosted wallet, the crypto-assets service provider (CASP) will need to verify whether the un-hosted wallet is effectively owned or controlled by this customer,” said the European Parliament in announcing the MiCA deal.
“The rules do not apply to person-to-person transfers conducted without a provider such as bitcoin trading platforms, or among providers acting on their own behalf” – just the CASPs, namely: crypto exchanges.
As for outright bans on unhosted wallets sweeping the world… SatoshiLabs (which makes Trezor wallets) is not too worried:
After all, cold storage is the crypto equivalent of storing dollar bills in your house. The government might scrutinize if you have a whole lot of bills – but in typical amounts, it’s normal, fine, and none of their business. And hardware wallets are no more of a “financial service” (ripe for regulation) than, you know, leather wallets for your dollar bills.
Hardware Wallets are Also Booming – and Innovating
The liquidity troubles at Celsius Network (CEL-USD) and friends happened right before a crypto conference: NFT.NYC.
Last week, during the conference, Ledger executive Ian Rogers was able to brag to Blockworks that its wallet sales “jumped 4.5x day-over-day on the Celsius news and continue to be strong to this day.”
Ledger’s CEO, Pascal Gauthier, was at NFT.NYC to announce the new NFT offering through Ledger Live.
“Ledger Market will simply be the only safe place to mint and buy NFTs while safely interacting with this ever-expanding world,” promises Ledger’s press release.
On stage at NFT.NYC, Gauthier made Ledger sound popular among NFT aficionados. “Nearly a third of NFT marketplace OpenSea’s trading volume involves a Ledger customer as a buyer, seller or both. And 45% of the top 100 transactions ever on OpenSea involved a Ledger-secured Ethereum wallet.”
NFTs are a part of Ledger’s education strategy, in which it’s partnering with projects like World of Women. “The more people get educated, the more they come to value security and self-custody as a result,” Ledger told Blockworks.
The other big release lately was Ledger Connect, which will let you use a browser extension to communicate with your hardware wallet. That way, you can skip Ledger Live and do stuff directly in a crypto app – while keeping your private keys…private.
One Last Caveat About Security
With Ledger Connect, the company seems to be saying: “Just skip the MetaMask browser extension… Try ours, instead!” But MetaMask and OpenSea users are frequent targets for cybercrime – other than just outright hacks.
And that email leak from OpenSea could invite more scams of the most common variety: Phishing.
In fact, phishing Axie Infinity (AXS-USD) employees was North Korea’s first step in stealing $625 million in March, according to the U.S. Department of Homeland Security. The employees were enticed with a fake job opening to download malware.
“Only open links and attachments from trusted senders,” says the government (and every I.T. worker you know!)
For example, if a message tries to get you to urgently click a link to an important message from your bank… Even if it looks extremely legit… Just go directly to their site or call up the bank on the phone instead.
But if all else fails:
- Use unique credentials for your crypto accounts. (That way, if someone does get into your Google account, social media, etc, they can’t also get into your crypto.) This can even include a separate email address.
- Double-check the wallet address before you transfer any crypto. A common tactic is to hit you with a virus that replaces the wallet address with the thief’s address.
- Use a separate device (like a Chromebook) or a VPN for trading crypto. So, if your more commonly used devices get compromised, the hacker can’t use it to get your crypto.
If some of these tips sounded familiar already…then great! You’re a step ahead of the game, and a much more difficult target for cybercrime. Either way, crypto wallets are looking like a strong focus in this wild world we’re living in – and worthy of attention.
On the date of publication, Ashley Cassell did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines. To have more news from The New Digital World sent to your inbox, click here to sign up for the newsletter.