Do Crypto Wallets Get Hacked?
A simple answer to the question is yes. Crypto wallets can be hacked. The increasing popularity of the crypto market has led to a proportional increase in security threats and scams. Crypto users are not only at risk of being hacked but are equally vulnerable to falling prey to crypto scams. Our research suggests that there have been at least twelve attacks in the last 2+ years, especially since the beginning of the pandemic in 2020.
Stealing private keys continues to be the most common method used by hackers. Other ways include hacking the exchange platform, phishing, guessing passwords, etc. However, this doesn’t mean people shouldn’t invest in crypto. Instead, investors must know more and practice digital hygiene to keep their cryptocurrency secure. This involves constantly learning new information and staying alert. Though the methods cannot guarantee 100% safety, investors can still minimize the risk of losing their crypto investment to cybercriminals.
18 Ways to Safeguard Cryptocurrency
The following tips can help protect investors’ cryptocurrency and investments from cyber criminals. Investors may not have to follow all the methods, but it’s important to determine the measures that should be taken to safeguard funds.
1. Trade Only on Reputed Exchanges
The crypto market is similar to the stock market, where assets are bought, sold, and traded through specific exchanges. However, the rise in crypto’s popularity led to the entry of various platforms. There is a high risk of losing cryptocurrency if investors trade on an exchange with fewer security controls or dubious/shady background.
Thus, we recommend using regulated and approved crypto exchanges for trading. Platforms like Binance, Kraken, Crypto.com, Coinbase, and Gemini are considered some of the safest exchanges in the crypto market. These exchanges were transparent when they suffered breaches, and took adequate measures to increase their security infrastructure. The companies also have dedicated facilities for remote crypto storage in different locations.
2. Two-Factor Authentication
All crypto transactions occur through user accounts on the exchange. Thus, if a hacker can access a trader’s account, they can withdraw all their funds and take ownership of the wallet. This is one of the easiest methods to steal cryptocurrency.
A trader can prevent this by setting up another security layer through two-factor authentication (2FA) for all withdrawals from the account. When 2FA is enabled, the trader has to enter an additional code sent to their phone number to complete the withdrawal. Thus, we recommend traders choose one of the crypto exchanges that offer a 2FA security feature.
3. Offline Storage - Hardware/ Cold Wallets
Cryptocurrency can be stored in two types of crypto wallets – hot (online or software wallet)) and cold (offline or hardware wallet). A hardware wallet is a physical device that stores private keys. A trader has to connect (wired or wireless) the wallet to their computer to perform a transaction. The cold wallet is further protected by a PIN that prevents others from opening it.
Hot wallets are always connected to the internet, making it easy for hackers to compromise their accounts, and withdraw funds. Cold wallets are not connected to an online source or cannot be accessed through malware attacks. Though hardware wallets are expensive, they are highly secure and offer almost zero possibility of a breach. If the cold wallet is stolen, transfer the funds right away to another crypto address. However, stolen wallets are rarely compromised.
Buy cold wallets from reputed manufacturers and beware of fake software updates. Hackers can steal crypto funds by sending a fake software alert to the cold wallet. Trezor Model T, Ledger Nano X, Nano S, and ELLIPAL Titan Mini are among the leading cold wallets used by crypto traders.
4. Authenticator App
Authenticator apps like Google Authenticator work similarly to two-factor authentication. The difference is that the app belongs to a trusted third party and doesn’t require SMS messaging to send the code. The hacker has to gain access to the wallet owner’s phone to know the code if they use the authenticator app.
It is more secure than 2FA as some hackers can bypass SMS security (or transfer the phone services to their number) to access the account. This isn’t possible with an authenticator app. Another advantage is that the crypto funds will be secure even if the exchange itself is attacked by cybercriminals.
5. Backup Seed Words
Seed words are the master key or secret recovery phase code used to recover an account, and crypto funds, if the hardware wallet crashes. When a trader uses the cold wallet for the first time, they will be prompted to back up the seed words. It might seem unnecessary, but is a crucial step to add one more layer of security to protect the crypto funds.
Write down the seed words and save a physical copy somewhere safe. Some manufacturers offer special material to back up seed words. Use it to ensure that the code cannot be erased or torn by mistake. Keep this in a safe, or somewhere it is not accessible to others. Don’t ever take a screenshot of the seed words, as hackers can get a copy of the screenshot, which makes it the easiest way to hand over crypto funds to hackers.
6. Websites Don’t Ask for Seed Words
Crypto wallets are also available as browser extensions. These are hot/warm wallets that don’t have a physical presence. A trader has to enter the password every time they access the wallet to transfer funds. However, the wallet/website will not ask for seed words. Enter the seed words only the first time when installing the browser wallet.
If the wallet randomly asks for seed words, close the window immediately. It is a fake site created by hackers to gather information. Clear the cache to wipe away the traces of the malicious website. Then, uninstall and reinstall the browser wallet. A trader can also message customer support to inform them about a possible breach.
7. Complex and Secure Passwords
Cracking passwords is a daily job for hackers. A trader can make it difficult by creating a complex password that can be difficult to decode, even with software. A combination of upper case, lower case, numbers, and special symbols works best. Change the password regularly to stay one step ahead of cybercriminals. A trader can also use a reliable password manager app to save all the passwords in a single place. It is advisable to have a strong and complicated master password to keep the accounts safe.
But what if a user still forgets the password? The user can leverage the seed words to access their account, uninstall the wallet, reinstall it, and set another complex password.
8. Set a Different Wallet Password
The wallet password or PIN has to be different and unique from all other passwords that the user has created. It’s risky to use the same old password from the younger days for all the social media, banking, and crypto accounts. If a hacker gains access to one of the accounts of a user, it won’t take long to break into the crypto wallet and ‘withdraw’ the funds.
Hackers install malware (like Redline Stealer) on computers to track user activity and passwords. Since the browser wallet passwords are stored in plain text, they are easy to decode. A complex password can reduce the risk, though hackers can still get the data from the computer’s RAM.
9. Withdraw Crypto from Exchange
Traders and investors shouldn’t leave their crypto funds in the account on the exchange. Exchanges are a prime target as they have millions and billions of the best cryptocurrencies in one place. Thus, traders and investors must withdraw the amount and store it in a hardware wallet. Thus, even if the exchange is hacked, the funds will remain safe. The funds can be used by connecting the wallet to another exchange or account.
As we never know when a crypto exchange will be attacked, it is good to make this a regular practice. Leave the minimum required funds in the account, and transfer the rest to a software or hardware wallet that is not automatically linked with the exchange.
10. Beware of Fake Software
Scammers send links to download eWallets on the computers and move the crypto to a safe place. They create fake websites and applications resembling popular wallets like MetaMask, Ethereum wallet, etc. If traders don’t pay attention, they will end up handing over the crypto funds to the hacker.
The simplest method to avoid such scams is to download the eWallet only from the official website, as opposed to using forwarded links. Moreover, we suggest avoiding clicking on ads posted on social media.
11. Cross-Check the Web App URL
Similar to fake eWallets, cybercriminals create web apps that closely resemble crypto trading apps and exchanges. When traders use such an app, their accounts and wallet are compromised. Thus, hackers can steal funds with ease.
Traders can avoid this by double-checking the URL of the site. Don’t search for the website on Google. Bookmark the link to the original site. Developers can also check the code of Dapps if they can read the corresponding programming language. Trusted websites have a lock icon on the left side of the URL in the browser, which denotes the presence of an SSL license. Finally, the trader must check the contract address if they get a notification to ‘approve’ dApp to use the tokens for a transaction.
12. Don’t Download Suspicious Email Attachments
Email scams and phishing attacks continue to be a favorite method for hackers to target innocent users. The banner, domain, name, and just about everything in the email could be real, but the sender will be a scammer. Downloading the attachment results in installing malware on the computer. This allows hackers to track user activities and learn all the passwords. If the user’s crypto funds are stored on the exchange in a browser wallet, it becomes a simple task to steal the investment.
The safest way to avoid malware attacks is to use different devices for browsing and crypto trading. A trader doesn’t need to buy another smartphone or computer for this. Instead, they can simply log out of all accounts on one device and format it. Then, use it only for crypto transactions and disconnect the internet network when the device is not in use. However, it is still important to look up the sender’s email address and be careful before downloading attachments.
13. Don’t Use Public Wi-Fi
It’s easy for a trader to use public Wi-Fi to check their crypto account or make a transaction. But it is an unwanted risk to take with crypto funds. Hackers keep an eye on the internet traffic using tools like Wireshark. They pay special attention to devices that access banking and crypto websites using public Wi-Fi. While they may not immediately steal the funds, they do get one step closer by identifying and tracing the online activity.
Thus, a trader must use their mobile data to open a crypto app on a mobile phone. Also, make sure strangers can’t peep into the phone. For traders who carry passwords on paper, make it a point never to perform crypto transactions in public places.
14. Secure The Internet Connection
Securing an internet connection can go a long way in minimizing the risk of cyber attacks. For traders who conduct their crypto trading activities from home, it’s important to establish a secure infrastructure. The trader must check the firewalls of their computer and internet network. Upgrade the antivirus software and ensure it is constantly running in the background.
If using a wireless router for the internet, change the default password and set a new one. Enable network encryption to add another layer of security. Disable the router from broadcasting the network name. A trader needs to follow these precautions when setting up the router.
15. Use VPN for Crypto Transactions
Despite taking multiple security measures, traders might still be attacked by hackers when in the middle of a crypto transaction. It is called a MITM (man-in-the-middle) attack, where the hacker breaks the connection between the trader’s device and website to add their device as a middleman. All the information will be routed through the hacker’s device, thus allowing them to monitor every move.
To prevent such attacks, traders must use VPN (virtual private network) services for crypto trading. VPN will mask the original IP address, and use a fake one to help navigate the internet. Leading VPN service providers like NordVPN, ExpressVPN, and Surfshark offer additional features that further enhance the security of the network.
16. Install Device Updates
Be it a computer, laptop, or smartphone, turn on device updates to use the latest version of the software. This ensures that the device and the apps are up to date. Use antivirus software and regularly scan the device to detect and remove traces of malware. Even hardware wallets run on software. Run updates through the official mobile app or by connecting the wallet to the computer.
17. Identify Crypto Scams
Scammers target newbies and crypto enthusiasts with limited knowledge of the market. Since crypto transactions are irreversible, it is easy for them to loot funds and remain anonymous. The strength of blockchain is also its weakness. However, novices can protect themselves from scammers by being aware of how they operate.
If a novice is contacted by a person offering ‘risk-free’ rewards, ‘highest returns in a short time,’ or other such claims, it’s possible that they are running a scam. The crypto project should have a detailed and well-written whitepaper mentioning the names and experiences of team members. Tokenomics must be displayed on the website.
Still, we advise novices to ask around, especially before investing in a new crypto company. Follow crypto news platforms and experts to get the latest updates about the developments and scams in the crypto industry.
18. Keep Information Private
It’s exciting to share the crypto journey with others but refrain from doing so on social media. Many traders take advantage of anonymity on blockchain platforms to keep their identities secure. They don’t talk about their crypto investments or earnings. Since the crypto industry is not yet regulated, a trader will be at high risk if they make their details public. Hackers closely follow such users and attack their accounts. Finally, don’t ever reveal where the passwords are saved, for crypto accounts and wallets.
A flourishing crypto market is attracting new investors and cybercriminals. Crypto lovers should be vigilant and stay informed to avoid being duped by scammers, protect themselves from different types of cyberattacks, and safeguard their crypto funds from being stolen.
Hackers will constantly look for new ways to target crypto investors, but it’s up to the users to take care of their investment by using 2-factor authentication, storing funds in a hardware wallet, and using VPN for all crypto transactions. The more measures an investor can take, the higher the security for the crypto funds.
CCSS are ten security steps divided into three levels. These standards are followed by most crypto exchanges.
- Log audits
- Key storage
- Key usage
- Seed words generation
- Creating wallets
- Policy for key compromise
- Third-party audits
- Proof of reserve
- Data sanitization
- Keyholder grant
A private key is used by the wallet owner to secure the crypto funds in the wallet. No one except the wallet owner should know the private key as it is similar to a password that allows access to your funds. A public key is used to send cryptocurrency to wallets. It can be compared with a mailing address and is required to complete a transaction. The public key is shared with others to get crypto, but the private key should never be revealed.
The crypto market is not yet fully controlled or legalized by governments. Some countries like Switzerland have brought crypto to the mainstream financial market. Many other countries are yet to act on it. However, countries are working to take a stand and set up regulatory bodies to monitor crypto trading. It’s recommended to be cautious when investing in cryptocurrency, especially in newer tokens.
Stablecoins act as a bridge between fiat and cryptocurrency. These are pegged against stable assets like fiat currency, gold, etc. Stablecoins were introduced to reduce market volatility. They are cost-effective and offer greater security. However, stablecoins are also at risk of being stolen by hackers. The same safeguarding techniques apply to both.
This article discusses why every digital coin investor should consider…
This is a form of audit that allows users of…
Blockchain wallets (aka “crypto wallets”) can be compared to bank…
Whether someone is a trading expert or new to the…