Crypto Wallet Security: 7 need to know safety tips
How to Keep Your Crypto Wallet Secure
It is vital that you keep your cryptocurrency secure but, how do you do that? At BitPrime, we often get questions from customers asking how to backup wallets, what wallet is the safest to use, and why is it so important not to store backups/seed phrases digitally.
In this article, I cover seven top tips for ensuring the security of your wallet app and the digital assets within. I also touch on the differences between cold and hot wallets and hosted and personal wallets, so you know which you should be using.
Finally, at the end of the article, I’ll provide my personal recommendations for four brilliant crypto wallet options.
Theft of Cryptocurrency
How exactly can cryptocurrencies be stolen? Well, it generally boils down to one vital thing, private keys. Anybody can access a wallet’s coins if they have the private key belonging to the said wallet.
The majority of cryptocurrency stolen since the inception of the digital assets has been taken from cryptocurrency exchange wallets when cybercriminals hacked an exchange, or there was an exit scam. According to a report by InsideBitcoins, it’s estimated that over NZD16,000,000,000 worth of cryptocurrency has been stolen between 2011 and late 2019.
InsideBitcoins has an infographic displaying a timeline of significant crypto exchange hacks should you wish to learn more about the billions stolen. Unfortunately, it was such a hack that led to the demise of New Zealand’s very own crypto exchange, Cryptopia, who had over NZD15,000,000 stolen in January 2019.
It is for this reason that we recommend you always store your digital assets in a wallet where you are in control of the private keys and not a third-party. We cover this idea more in the section below on hosted wallets versus personal wallets.
Crypto isn’t only stolen from exchanges though; one also needs to be aware of phishing, scamming, a wallet provider’s reputation and malware.
Sadly, fraudsters are rampant in the cryptoverse, and you can never be too cautious when it comes to mining or investment schemes. There have been many incidents of Ponzi/pyramid schemes involving or promoting crypto where innocent people have lost hard-earned money.
Remember the old adage “if it seems too good to be true, it probably is”.
When it comes to malware stealing, again, there are many different methods. Some malware (a type of virus) programmes log keystrokes to record passwords used when logging into sites and wallets. Others install themselves in the background and search your computer, looking for digital copies of seed phrases or private keys. Yet others detect when a bitcoin wallet address has been copied to a clipboard and replace what was copied with a different version to trick you into sending straight to them. Some malware covertly uses your CPU or GPU to mine in the background without you even knowing. With that last example, bear in mind that while the average home computer is virtually useless for mining these days, if the malware was installed on thousands of different computers, it is more likely to produce results.
Phishing is another form used to steal crypto. Websites are set up to mirror popular exchanges or other crypto-related sites so when you attempt to log in to an account, they capture your username and password. Only recently, Jaxx Liberty was subjected to a phishing app that prompted users to enter their backup phrase to “recover” their wallet but instead was capturing this information for fraudulent purposes.
If this section of the article has you concerned, then okay, I’m pleased. You first need to be aware of how criminals are operating to ensure you can take the appropriate measures to protect yourself from them. Keep on reading as we soon cover some fundamental methods to use to keep yourself safe from cryptocurrency theft.
Cold Wallets Versus Hot Wallets
The term cold wallet or cold storage refers to any digital currency wallet that is not connected to the internet. Two different types of cold wallet include hardware wallets and paper wallets. Conversely, a hot wallet is one that is connected to the internet. Both cold and hot wallets come with different pros and cons.
Perhaps the biggest drawcard for a cold wallet is that you are in complete control of when it goes online. This significantly boosts the level of security for these wallets and makes them less susceptible to being accessed by someone else without your knowledge.
So, what exactly is a paper wallet? Essentially, it’s a print out of public and private key pairs on, you guessed it, a piece of paper. We have an article that covers paper wallets in more detail if you are interested. For the purpose of this article, we focus more on hardware wallets.
Again, the name is relatively self-explanatory. A hardware wallet is a USB-type device that stores encrypts and decrypts your private keys, "unlocking" your blockchain wallet and providing access to the digital assets stored in the associated wallet address. Examples include Ledger and Trezor devices.
At BitPrime, we are big fans of hardware wallets. They are much easier to use than a paper wallet and much more secure than a hot wallet. One of the key security features is that to complete a transaction from one, you must have the device plugged into your computer and physically push a button on the device itself to confirm it. This security feature means that hackers can’t take control of your hardware wallet.
The only two (slight) downsides I can think of are that you have to pay for the device and you can’t access your crypto if you don’t have the device on you. Other than that, I only have praise for them.
Now let's take a quick look at hot wallets. They are far more common; they’re free after all. But, they do pose a higher risk than a cold wallet. As mentioned, a hot wallet is connected to the internet, which means malicious hackers can target them.
Hot wallets come in many types; software wallets, cloud wallets, browser extensions, and cryptocurrency exchange wallets. The specific benefits associated with a hot wallet do depend on the type they are, but most are relatively straightforward to use and are readily accessible.
Both hot and cold storage has its place. To decide which is best for you really does depend on how you’re planning to use your crypto. If you’re planning to buy large amounts to store for a rainy day, a cold wallet is an obvious choice. If you’re just dabbling in crypto or planning to use the coins shortly, a hot wallet makes more sense. Better yet, why not get the best of both worlds and use a combination of both cold and hot storage?
Hosted Wallets Versus Personal Wallets
Even more important than understanding the difference between hot and cold wallets is understanding that between a hosted wallet and a personal wallet.
A hosted wallet, also known as a custodial wallet, is one that provides key pair storage. Essentially, this means that the funds belonging to such a wallet are ultimately controlled by a third party - the host or custodian.
Hosted wallets include those provided by crypto exchanges, online cloud-based wallets, and larger-scale custody solutions utilised by institutional investors. To keep this article aimed towards everyday investors, we’ll look into exchange wallets and cloud wallets more.
Cryptocurrency exchanges provide you with a wallet service so that you’re able to trade on their platform easily. To get started, you simply send some starting funds (in crypto) to the provided wallet address or, in some cases, purchase crypto directly from the exchange using fiat. The downside for New Zealanders is that now Cryptopia is gone, there aren’t any other exchanges that accept NZD. This is where crypto retailers like us come in, providing an easy on- and off-ramp from NZD to your desired crypto asset or vice versa.
The issue with an exchange wallet is that they aren’t recommended for storing large amounts of crypto as they just aren’t safe enough. In the above section on crypto theft, the amount of funds stolen from hacked exchanges is eye-watering. With this type of wallet, your private keys (that allow full access to your funds) are located in a database central to said exchange. Remember this: Not your keys, not your coins. It is for this reason that I recommend you use an exchange wallet only for any crypto you’re planning on trading, and use a personal wallet for storage of your assets.
A personal or non-custodial wallet is one where YOU have the private and public key pairs and, as such, you have control of the assets stored in it. The whole reason Satoshi Nakamoto developed bitcoin was for decentralisation, after all. Most wallets fall into this category, including hardware wallets, software wallets and the like.
For more in-depth detail on the various types of personal wallet and to learn which one is best for you, see our Beginner’s Guide to Cryptocurrency Wallets.
In the remaining sections of this article, I provide recommendations for four different personal wallets and some advice on how you can keep your crypto safe.
7 Top Tips for Crypto Wallet Security
1. Use a secure internet network
Whenever you are accessing your wallet and sending crypto transactions, always use a secure internet connection. Don’t use public WiFi which can be compromised by malicious actors. I strongly advise you to refrain from checking your cryptocurrency accounts using your local library’s or Macca’s WiFi, just in case.
2. Always backup your wallets
Creating a backup of your wallet is one of the most crucial steps you can take to ensure the safety of your crypto wallet. If anything ever happens to the device your wallet is installed on, or the software it’s running, then this is the only way you are going to regain access to your wallet.
Never, ever store your backups as a file on your computer and don’t take a photo of them to keep on your phone; it isn’t secure enough. Not to mention, should you lose your phone or your computer breaks, there goes your phrases!
I strongly recommend keeping one copy of your phrase somewhere safe (and where you won’t forget about it) at home and keeping another copy in your will, with your lawyer. This way, if the copy at home is destroyed by something terrible like a fire, you can use the copy in your will. And, when you die, your family/beneficiaries can recover your assets.
3. Secure storage of backup phrases is essential
DO NOT LOSE YOUR BACKUP PHRASE!
You are the only person in the world who can generate this and nobody can help you retrieve it if you lose it.
This is why we suggest writing out two copies on paper and keeping one somewhere safe where you won’t forget it, and keeping another copy in your will with your lawyer. The other benefit to this is that if one copy of your phrase is lost, damaged or destroyed through wear and tear, fire or water, you have another you can fall back on.
Using something such as a Cryptosteel makes your backup phrase virtually indestructible - your only worry is not losing it.
FYI, sometimes these are referred to as mnemonic phrases.
4. Use unique, strong passwords
Please don’t use the same password with your wallet app that you use for everything else. A study found that up to three-quarters of people interviewed were using the same password for more than ten different accounts - don’t be one of them!
You should always set a unique, strong, long password comprised of both lower and upper case letters, number and symbols. If you’re worried about forgetting your passwords, then look into using a password manager such as Dashlane or LastPass. Wallet updates - always keep your wallet updated to the latest version. Wallet providers are continually updating, fixing bugs and improving their apps security features so, the best way to ensure you have your app as secure as possible is to update whenever a new version is released.
5. Use multiple wallets
Don’t keep all your eggs in one basket. There is no limit on how many wallets one person can create, so why not make the most of this? Obviously, you’ll then need to create backups and record multiple recovery phrases, but if you’re following all of our other safety tips, this won’t be an issue for you.
You may like to have one or two wallets for your long-term storage, only connecting them to the internet when absolutely necessary, and another wallet or two for your more short-term needs, such as for purchases or regular trading. Use these wallets in a similar way to how you would use traditional bank accounts. Most people don’t go wandering around with their life’s savings in their back pocket, but instead, store their wealth in a bank account (or in some cases, gold bars 😉) and only carry around a fraction of it daily.
Oh, and don’t forget what we said about using a personal wallet versus a custodial wallet for storing crypto too!
6. Watch out for phishing
Always check the URL (web address) of the pages you are visiting and be on the lookout for fake ones. Some malicious websites make near-identical copies of cryptocurrency exchanges and other such sites with URLs that differ only in the domain used or an odd symbol in the address. Additionally, there have been fake apps set up to mimic popular wallet apps to capture people’s backup phrases and private key. Always download your apps and updates front he official provider’s website to be sure it’s genuine. Remember, if you’re being asked for your backup phrase by another person, website or app and you haven’t been the one to initiate this process, don’t trust it. If you are unsure of something, feel free to email us and check. We’re more than happy to take a look and offer our advice.
7. Use extra security measures
Most wallet apps and cryptocurrency exchanges allow you to turn on additional security features such as 2FA (two-factor authentication). Usually, in addition to entering your password, this involves entering a code sent to your phone, email address or from a separate app such as Authy.
Think about using a VPN when connecting to your hardware wallet or logging into your cryptocurrency-related accounts. Many browsers provide a free VPN option within them, or you can purchase a more premium VPN service from the likes of NordVPN. If you want to learn more, we have an article on strengthening your web security using VPNs.
Also, always keep your computer or mobile device’s security in mind. Regularly run scans for viruses and malware and never operate without a firewall. Make sure you keep your operating system and programmes up to date. Remember to clear cookies from your internet browser regularly too.
Cryptocurrency Wallet Recommendations
Ultimately, when it comes to choosing a crypto wallet, you need to know what features you’re looking for in one. What is most important to you? Cost? Device compatibility? Ease of use?
Suppose you're planning on buying a significant amount of cryptocurrency (and this is a term that YOU need to define for yourself). In that case, I strongly recommend investing in a hardware wallet. I believe you should choose between either a Ledger or a Trezor hardware wallet; these are the only hardware wallet manufacturers I recommend. And yes, we are affiliates of both companies for this reason.
Both Ledger and Trezor have stood the test of time since their creation; both support a range of different currencies (you can find lists of their supported coins on their official sites); both offer robust security features. While I don’t have a preference for either one, check them both out as they do differ in style and supported coins.
In my opinion, hardware wallets are the best way to store cryptocurrency long term. We have various setup guides and troubleshooting articles for them in the Knowledge Base section of our site.
Alternatively, for an excellent free software wallet option, check out Jaxx Liberty or Exodus. Both of these options are available a desktop wallet and a mobile wallet, and both support a wide range of currencies. Once again, you can check which coins they currently support on their official sites.
Bear in mind that one wallet can’t store every single token out there. After all, there are over 7,000 listed on CoinMarketCap alone. In some cases, you may need to download and install another wallet for a specific coin you’re interested in buying.
If you’re unsure what wallet to use, try a quick Google search using “best wallet for” followed by the coin name; this is what I do. 😁 Then I look through the results, ignoring the paid adverts at the top of the page, and then do another Google search to look for reviews on a few of the options that come up.
The other way to find what wallet you could use to store a particular cryptocurrency is to visit that coin’s official site and see what recommendations they provide. After all, they know their coin best! A good tip for finding their web address is to look the coin up on CoinMarketCap and follow the link provided.
Here’s an example:
Finally, if you are interested in learning more, you can check out our Beginners Cryptocurrency Wallet Guide for a deeper dive into the different wallet types and how they work.
If you’ve found this article useful, please let me know in the comments section below. Or, if you have another safety tip to share, I’d love to hear that too!
The above references an opinion and is for informational purposes only. Do not take this as personalised financial advice or investment advice. The views expressed by the author do not necessarily represent the opinion of BitPrime.
Last updated: 26/10/2020