Securing your crypto assets
Cryptocurrencies have been historically high-risk assets. However, in the measure that they are becoming mainstream an increasing number of security issues have been appearing and successfully exploited.
Bridges in particular are not very secure. As mentioned by Kimberly Grauer, director of research at Chainalysis “Bridge security is an unresolved technical challenge in the industry”.
At YmplePay we are aware of this kind of risk and we have implemented technical and non-technical measures to try to minimise such issues. However, no measures are 100% effective, and the users play an important part in securing their own crypto assets.
A few recommendations from our security team for cryptocurrency users:
Secure your wallet.
First, understand how wallets work. In a nutshell, your wallet is an interface to your assets in the blockchain. Your wallet doesn’t “contain” your assets. Rather, think of your wallet as a key to accessing your digital property. In consequence, protecting this key is fundamental.
This “key” is many times represented by twelve words. You need to protect these words, by printing them and storing them securely or, if you must, storing them in a password manager or any other encrypted secure location. Sharing these 12 words is rarely required at all.
If you use a mobile wallet, protecting the app with biometrics and using a mobile antivirus/antimalware will minimise the risk of some rogue application hijacking your mobile wallet.
When using any mobile wallet make sure to set a password, use 2-factor authentication and avoid using SMS as a second factor (ideally use 2FA using a dedicated app like Authy, Google Authenticator or similar).
Using a hardware wallet such as Ledger is one of the highest levels of security as those 12 words that represent your wallet is actually stored in a hardware device and not in your computer or mobile phone. Even in this case, you should back up your wallet elsewhere, like a piece of paper properly secured.
Be your own bank
There is now a famous saying “not your keys, not your crypto”. Although there is nothing inherently wrong in staking in DeFi or using some CeFi platforms, at the moment that you’re temporarily transferring your crypto (and someone else protecting it with their keys) you’re losing control. Differently from established banks or credit unions, the crypto world is rather unregulated and many of these platforms might even be overseas. Be smart and avoid sending all your assets to a single platform or at least distributing your assets across multiple platforms.
In any case, make your own research and don’t blindly trust “crypto gurus”, influencers or YouTube videos vouching for particular platforms.
The safer bet is being your bank and always keeping custody of your assets as much as possible.
Secure your devices
Is not enough to secure your wallet, you need to secure your entire devices and the network if possible. Baseline measures include:
- Keep your computer and/or mobile device up to date. Apply all security patches as they appear and keep all applications up to date.
- Use a reputable antivirus/malware scanner all the time. Remember, there is also “fake” antivirus which, cynically, are trojan horses.
- Don’t root your device or sideload applications.
- Try using a mobile device with guaranteed security updates for a few years. Major mobile device manufacturers have frequent security updates. However, smaller manufacturers might provide such updates, putting your applications at risk.
- Protect your device with biometrics and a strong PIN. Avoid using predictable PIN numbers such as birthdates, your office postcode or your house number.
- Configure your device to do a remote wipeout in case you lose it.
- Update the firmware of your Internet router regularly or get a router that auto-updates.
- Invest in reputable commercial VPN software so your Internet connection is always safe regardless of where you are. This also adds privacy as not even your internet provider will know you are using crypto.
Don’t fall for phishing and scam attempts
Major risk factors in crypto are phishing and scams. Many times both threats combine.
Phishing will attempt to trick you into visiting some malicious site or clicking some link to compromise your device. This could be in the form of a fake email, SMS, social media or even a phone call. Be cautious about any kind of notification and particularly any form of message that try to make you click without thinking. If you must, go to the website in question yourself and check that such notification is valid.
Scams are fake platforms or schemes that will try to convince you to send some crypto to a specific address. Nowadays, scams related to Elon Musk giving away crypto or some special promotion that will duplicate your assets are rampant. Don’t fall for it. Remember that scammers might try to make you believe you have limited time or use some important world event so you don’t do your research and fall for it.
Finally, ask for help
If you have family, friends or colleagues that are computer and security aware, ask them for help. Keeping a device up to date, securing your computer and being wary of all kinds of messages is complex. No shame in asking other people for their opinions. Likewise, help other people less aware of security issues and keep the community safe.
Feel free to share this article with people you think might need it!
If you have a crypto security question ask us via Twitter and we will do our best to reply and point you in the right direction.