Crypto Privacy and Security Basics
Here at Void, we’re obviously quite big on privacy. That’s why we’ve put together this list of some of the best ways to keep your crypto stash private and secure. Let’s get into it!
Passwords
We’ve heard the password rules a million times before, but we can’t stress enough how important it is to strictly follow the rules when it comes to crypto assets. When creating passwords for wallets, exchanges, or anything else crypto related, always follow these rules:
- NEVER reuse a password.
- Make your passwords extra strong. They should be long, random and contain a combination of numbers, symbols and uppercase and lowercase letters. They should not: have any relation to you or anyone else; contain dates of any kind; contain names of anyone you know or your pets. There are strong random password generators you can use online.
- Don’t save passwords into your browser.
Password storage is very important, especially when following the above rules, as it quickly becomes difficult to remember more than a few. Password storage can be approached in two ways and depends on each user as to the practicality of each. Password managers can be very handy, but it is recommended to use a very strong password as this can act as a potential single point of failure for your database. Many users who choose this method opt to keep this manager on an offline only device to avoid any exposure to malicious viruses. Some password managers trusted by the community are: KeePass, LastPass &1Password.
Others may find it is more practical to keep a password diary, again this can act as a single point of failure if discovered by a malicious individual, but it keeps the point of failure in the physical world. It is strongly advised to store this in a secure location such as a safe or lockbox.
Practice Safe Computer Use
It’s worth noting that 98% of hacks involve some sort of social engineering, which is the act of coercing somebody into doing something for you. Whether it be a phishing email asking you to change your password or a phone call from your “internet service provider”, hackers and scammers use a myriad of different ways to get you to help them access your computer and accounts.
It might seem easier said than done, but here are a few things you can do to (hopefully) avoid malicious access to your computer and accounts:
- Have a reliable antivirus installed on your computer and runs scans regularly.
- Be extra cautious when opening or downloading unknown links from the internet. You can run and antivirus scan on downloaded files before opening.
- Don’t fall for phishing emails! 96% of phishing attacks use email, so always type official URLs into the html bar and never click website links from emails.
Here’s a great link on how to spot a phishing email courtesy of reddit user u/xCryptoPandax; Phishing emails, tips and tricks.
- Never give any personal details or access to your computer to cold callers. If you receive a call from someone from your bank, ISP or anyone who asks for those details, hang up the phone and call the official phone number (not the number you received the call from) to verify whether it is legitimate.
- Be careful downloading and using wallets and wallet updates, and entering any wallet information online. There was a fake Metamask App on Google Play that had crypto-stealing malware on it and a man lost 1,400BTC downloading a fake wallet update. Always use the official URL and do not search on Google or App stores or click on Google ads.
Two-Factor Authentication (2FA)
Always use 2FA wherever possible. A lot of exchanges and online wallets make this mandatory already, but always choose it if you have the option. This includes bank accounts, crypto wallets, exchanges, social media etc.
There are a few ways to use 2FA. Firstly, stay away from email and SMS-based authentication. Emails are very easily compromised, and hackers can easily redirect SMS authentication texts via SIM-swap, thus giving them the ability to access accounts and change passwords.
Mobile app-based authenticators such as Google Authenticator and Microsoft Authenticator are the most readily used and generally considered a safe option.
When you activate 2FA on any account you should have the ability to generate backup codes, these are used in the event you lose access to your authenticator, treat these as important as your passwords.
If you want to get super secure, a physical security key is the way to go. It is basically a USB stick synced with your online accounts that you must insert into the computer to access your accounts. This is pretty much the most secure you can get, but you’ll need to invest a bit of money into it!
Use a Virtual Private Network
A VPN can often be overlooked, its a tool which allows you to create a secure connection to a private network, this becomes extremely important while using public internet as it allows you to shield your activity from potential breaches on that specific network.
Having control over your data is something you should always have on your mind as you can never really know what people/organisations plan on doing with it, whether this be selling data or worse it’s best to have no loose ends when talking privacy.
A VPN can help achieve;
- Data privacy from your internet provider
- Data privacy from apps and services you use
- Data privacy from the government
A VPN is also a great way to grant yourself a layer of privacy in many avenues. While using a VPN, your true location is never shown, this is achieved via re-routing your connection through severs located elsewhere in the world.
Keep Control of your Crypto
Cryptocurrency exchanges are another potential single point of failure when it comes to your crypto security. It seems like a day doesn’t pass that we don’t hear about another exchange or platform being hacked and hundreds or thousands of users losing millions of dollars in various cryptocurrencies. The best way to avoid this is called crypto self-custody.
This involves keeping the bulk of your crypto off exchanges and in your own personal crypto wallets. I say wallets here, with an ‘s’, because we should also stick to the old adage, “Don’t put all your eggs in one basket”. The best way to lose all of your crypto fortune is to lock everything behind one door, and then lose the keys to that door. That is to say that, if you have one wallet for all of your crypto, and you lose the login details or have them stolen, you can say goodbye to all of your hard work and gains.
Remember; Not your Keys, Not your Crypto
There are multiple free wallets that you can get access to online, but the gold standard (once again) is a physical cold storage wallet, or hardware wallet. These are connected to your computer by USB and are never exposed to the internet. Even if your computer is infected with malware, your private key and cryptocurrency are safe from hackers. And even if someone gets access to your hardware wallet, it is encrypted with a PIN which needs to be entered every time you want to make a transaction.
After the bulk of your crypto is stored in a cold wallet for long term storage, it would make sense to use a hot wallet for more frequent crypto transactions. This way your cold wallet can remain offline and is only transferred out of during secure moments. Here’s a great article on the difference between hot and cold wallets written by Alex Lielacher; Hot Wallets vs Cold Wallets: What’s the Difference?
Now, all of this doesn’t mean that you can’t keep any funds on exchanges. Depending on each user, it can be a good idea to keep a small amount of coins on exchanges so you can quickly buy or sell when an opportunity arises. It is worth always investigating any exchange you plan to use, to try to ensure they are trusted by the community and there are no reports of locking user funds.
Consider Multiple Email Addresses
What? It’s already annoying enough to manage all these wallets, exchange accounts and passwords! Now I need multiple email addresses too?
In short, yes. At the very minimum, you should have separate email addresses for your crypto and your socials. The email address you use for Facebook, Instagram, online shopping, newsletters etc. is at pretty high risk of a breach, so you should always keep your crypto accounts separate from these things. I personally use a secure Protonmail account for my crypto and a Gmail for everything else, it’s simple and secure. This also goes along way to avoid associating your physical identity with your cryptocurrency holdings.
If you want to step up to the next level of security, you can even create separate email addresses for each of your crypto accounts. You can then have each of these addresses auto-forward all emails to a central account where you can read them. This way, if an account is breached, the hackers can’t access the other accounts.
Transaction Safety
- Using multiple different wallet addresses for your transactions can help you keep a low profile. The more you use a single wallet, the more likely it is that someone will create a profile of who you are, and what crypto you hold. If they are able to link your transactions to you as a person, that could potentially make you a target.
- Double check the addresses you are sending to. If it is a large transaction, consider sending a test transaction of a smaller amount first to ensure the address is correct.
- DO NOT sign a transaction unless you are sure of what it is and where it is from.
Use an on-chain privacy solution
An on-chain privacy solution is a service you can use to obscure the origin of certain funds. One such solution allows your funds to be deposited into a pool and mixed with the funds of other users, then withdrawn into a new wallet address which is untraceable to the original wallet.
This can be used as an addition to your transaction safety. If a profile of your crypto dealings/history has been created, running your funds through a solution like the above stops the tracks and gives you a fresh start with a new wallet.
Void Protocol is an opt-in privacy solution releasing on the Terra Network in Q2 2022, follow the links below to check them out.
Don’t Tell People About Your Crypto!
As much as it might be tempting to brag about your gains or how much BTC you got in the dip, don’t! All of the advice above is great to hinder access to your accounts by hackers and internet thieves, but it won’t stop someone from breaking down your front door and threatening you into giving up your passwords and account details.
Buy the dip, make your gains, but stay quiet about it!
-Gretskies
Void Protocol Links
🌑 Docs: protocolvoid.gitbook.io/void-protocol/
🌑 Twitter: https://twitter.com/ProtocolVoid
🌑 Discord: discord.gg/U9MXyT6a7K
🌑 Medium: https://voidprotocol.medium.com/
