Special Report

3 Ways to Protect Your Cryptocurrency

Ashley Cassell

Here at InvestorPlace, we like to think of blockchain, fintech, and virtual reality as a whole New Digital World. And just like in the original “New World”- the American frontier – you’ve got to keep your wits about you.

Just as the American frontier would erupt into battles for land and resources… Blockchains are becoming the new battleground for cyberwarfare. In March and April, the U.S. Treasury Department put out alerts on potential crypto attacks by Russia – and particularly, North Korea.

In fact, North Korea has been credited with the largest crypto attack ever – stealing $625 million worth of crypto from the popular play-to-earn game Axie Infinity (AXS-USD) in March.

While the size of the theft was breathtaking… It felt a bit odd at the time. Why steal so much at once – attracting worldwide media attention to the attacker’s crypto wallet – that it becomes practically impossible to launder and access all the funds?

Well, if you’re North Korea, you don’t only have economic goals in mind (funding its military and nuclear program in the face of sanctions)… You’ve got political goals, too: striking fear into capitalist nations.

However, this free report is not about fear. It is about practical advice to secure your accounts – and keep out of the crossfire of cyberwarfare.

In the case of Axie Infinity, whose Ronin (RON-USD) blockchain was the site of March’s hack: “There is not much that anyone could’ve done to prevent that hack specifically because someone actually used the features of the chain, the ability to vote on things, against itself,” notes Charlie Shrem, Senior Investment Analyst of our Crypto Investor Network. “We do a lot of the auditing and checking for this type of thing” in crafting our crypto portfolios in the first place.

As one of the O.G.s of Bitcoin (BTC-USD), Charlie got his start over a decade ago, and Bitcoin has still never been hacked. But even the most loyal Bitcoiners know the importance of personal security. After all, theft can always happen the old-fashioned way: through human error and trickery. So, here are some tips for staying safe in the New Digital World.

Guard Your Keys

Keeping your crypto in a “hot wallet” – on a crypto exchange or in a wallet app like MetaMask – is most convenient. But if you intend to hold and grow that crypto over time, moving it into “cold storage” is more secure. That way, even if someone does manage to compromise your account, your crypto will already be safely off the exchange – and even off the internet.

Hardware wallets are easy to find these days. The private keys (passwords) to your crypto will basically be on an encrypted flash drive, so if a thief wants them, they’ll have to steal the physical device.

Either way: “My other recommendation is to not save screenshots or text files of your passwords and private keys on your computer because the hackers know how to scan for it without you even knowing,” says Charlie.

Password managers are a better option for your accounts on crypto exchanges, etc. That way, you can create as many randomized passwords as you want… and not have to remember them all! And it’s best to use unique passwords – then change them frequently – as stolen crypto passwords are in hot demand on the dark web.

Also, if you make sure to enable two-factor authentication (2FA) on your accounts, it’ll make your crypto harder to steal.

In the most basic form of 2FA that we all probably use for our bank accounts, etc., you get a text message with a special access code. So, the thief would need not just your password – but also access to your cell phone.

However, hackers can gain control of your phone number by impersonating you to the telecom company and executing a SIM card swap… or simply through a phishing text.

So, instead of receiving the access code as a text message, you can download an app like Authy or even use a Yubikey, which is a hardware key designed for 2FA. The idea is to keep your 2FA codes off your phone, either on another internet device (like an iPad) or on the Yubikey.

Source: Yubico

Spot Phishing Tactics (They’re Getting More Sophisticated!)

If you’re like me, you get phishing messages practically every day – and most of them are easy to spot, trying to get you to click obviously sketchy links! One I got was a “citizen’s alert” that someone was trying to use my Zelle account to make payments.

But I’ve also recently fallen for a much more personalized email… one that sounded very harmless – and only a great I.T. system saved me!

The victims of North Korea weren’t so lucky.

On April 18, the U.S. government revealed that “North Korean cyber actors [are] targeting a variety of organizations in the blockchain technology and cryptocurrency industry.” The list includes exchanges, trading and investing companies, large investors in crypto and NFTs… and “play-to-earn cryptocurrency video games.” Like, you know, Axie Infinity!

The hacks start with phishing messages to employees “on a variety of communication platforms” that “offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications.”

The Feds have nicknamed this malware “TraderTraitor” and say that the “campaigns feature websites with modern design” to provide legitimacy to the (fake) app.

Other cybercriminals will spoof actual websites that you know and use every day. Keeping this in mind… “Only open links and attachments from trusted senders,” says the government (and every I.T. worker you know!)

For example, if a message tries to get you to urgently click a link to an important message from your bank… Even if it looks extremely legit… Just go directly to their site, or call up the bank on the phone instead.

Stay a Step Ahead of the Thief

If all else fails… and you do get tricked (there’s no shame in it)… It’s best to be using unique credentials for your crypto accounts. That way, if someone does get into your Google account, social media, etc., they can’t also get into your crypto.

“I recommend using a Gmail or Protonmail account [and] setting up an unique email account for each exchange you use, and make it hard to guess,” advises Binance CEO Changpeng Zhao.

“This way, if another exchange has a breach, your account on Binance isn’t impacted. This will also reduce the amount of phishing or targeted email scams you get.”

Two more ways to keep your crypto safe from malware:

  • Double-check the wallet address before you transfer any crypto. A common tactic is to hit you with a virus that replaces the wallet address with the thief’s address.
  • Keep your crypto trades off your most commonly used devices. That way, if your other device gets compromised, the hacker can’t use it to get your crypto. Use a separate device (like a Chromebook) or a VPN for trading crypto.

If some of these tips sounded familiar already… then great! You’re a step ahead of the game – and a much more difficult target for cybercrime.

You can be sure that blockchain developers have an extra eye on their security these days, too… especially the team behind Axie Infinity that got hit so hard last month.

And it seems they’ll have the cash to raise their game: DappRadar reported on April 20 that investment in crypto gaming totaled $2.5 billion in Q1 – versus $4 billion in all of 2021! As for users actually playing the games… “Blockchain gaming activity has grown a whopping 2,000% from Q1 last year.” So, the good news is, the best days may still lie ahead.

Signature:Ashley Cassell

Ashley Cassell
Contributing Editor, The New Digital World