How to ensure the security of personal encrypted assets?

This article from Blue Fox notes (ID: lanhubiji) , the original author: Edward Iftody, translation: iGreedMind

If Facebook’s rumors of creating new stable coins are true, then I think it’s time for the average person to start learning how to use cryptocurrencies responsibly. (Translator's Note: Facebook's Libra has not been released before the original writing, it is not a rumor, but a fact.)

Electronic payment platforms such as WeChat Pay and Alipay are already very common in China. It seems inevitable now that the trend of using electronic cash will soon spread throughout the world, and it seems that some cryptocurrencies will fill this niche market.

However, if you are like me, a newcomer to the cryptocurrency world, you may be very concerned about sensational news stories, such as news: hacking attacks on cryptocurrency exchanges, and millions of dollars of bitcoin from exchanges or The investor account disappeared.

This way you naturally think: "How to use this new electronic currency without risk of loss, or how to prevent stolen cash from being stolen?".

Potential problems with the exchange

If we want to understand how best to protect the security of cryptographic assets, the first step is to understand how investors lose their tokens because of theft, fraud or misplacement. The cryptocurrency has only officially appeared in 2009, but we have some historical cases that can help us better understand how to protect our investments.

Mt. Gox (April 2014)

At the height of Mt. Gox, it handled about 70% of the global bitcoin transactions. In 2014, 850,000 bitcoins either disappeared or were stolen. These bitcoins were worth more than $450 million at the time. Although it is unclear how these bitcoins were stolen or lost according to Wikipedia, we know that these tokens were taken from Mt. Gox's hot wallet for a while.

Quadriga CX (December 2018)

Quadriga's Canadian founder, Gerald Cotton, died suddenly on December 9 in India with complications related to Inkeren's disease. A loss of about $180 million, although no one is completely certain, these funds are placed in a cold wallet that only the company's founders can access. More mysteriously, Quadriga had a liquidity problem as early as January 2018, which led to many conspiracy theories about the disappearance of funds. —— BBC News

These cases clearly show that hackers are attracted to the hot wallet of cryptocurrency exchanges. A cryptocurrency exchange is a good target because there are many digital cryptocurrencies and private keys stored in one place. And transactions also need to be connected to the Internet frequently, so it is theoretically vulnerable to hacking.

To keep cryptographic assets secure, Quadriga's case raises a new question: Even if the funds are stored in a cold wallet controlled by a cryptocurrency transaction, what if the person holding the encryption key suffers from an accident?

In order to eliminate the possibility of asset loss caused by the theft or loss of the private key in the encrypted exchange, the cryptocurrency asset should be transferred to the device that controls the private key.

Understanding public and private keys

Each wallet has two keys: one is the public key. It is similar to "address", the public key can be emailed to others, or a QR code that can appear in the wallet application to receive cryptocurrencies sent by others. The public key does not allow people to remove the cryptocurrency from the wallet. If you want to send cryptocurrencies to others, they must send you their public key or have you scan their address QR code.

The second key is the private key. The private key is created the first time you set up your wallet and create a recovery phrase. The recovery phrase is a series of 12-24 words that you need to back up when you first install the wallet and set up your account. If you lose your device, you must use these secret phrases (note: these recovery phrases, which we often hear about mnemonics, must pay attention to restoring the spelling and order of the phrases, not a slight mistake) to recover the account. Never save your recovery mnemonics electronically (note: including networking). Write the mnemonic on paper and keep it in a safe place. If the device is lost, stolen or damaged, simply download the wallet app to another smartphone and enter the mnemonic to immediately access your encrypted assets again.

However, there are drawbacks to dealing with your own private key. If the mnemonic and mobile phone are lost, the funds cannot be recovered. If others can access your private key, they can't stop them from setting up their wallet and using mnemonics to access your funds.

Therefore, please be sure to carefully and rigorously and carefully protect your mnemonics, don't forget to update your wills, and inform the executors and beneficiaries about where to find and how to use mnemonics.

Are you afraid to buy cryptocurrency?

I do not think so. Until six years ago, I also operated a financial technology company that combined customer financial data with the price of securities to create a financial analysis report that was accessible online. Sometimes new customers will ask me if there is a risk in storing investor data in the “cloud”? I always answer this way: "Nothing is 100% safe, but our platform is safer than paper documents in your office."

Similar to online stock trading accounts, cryptocurrency transactions use a combination of security protocols and procedures to ensure the security of customer assets. As can be seen from the above example, the personal account encryption asset that has been kept in the cryptocurrency exchange is always at a certain level of risk because the private key of the cryptocurrency in the personal account is stored in the exchange. As mentioned earlier, having many private keys in the same place is an attractive target for hackers. If the hacker can use these private keys, the account is vulnerable to attack and cannot be retrieved once it is stolen.

Although the risk of stolen funds in an online account may be very low, don't leave large sums of money in your online trading account.

Some basic rules for keeping cryptocurrency safe

Rule 1 – If you do not conduct cryptocurrency transactions, please develop the habit of transferring money to the wallet of the individual controlling the private key.

How do you know if you control your private key? Simple, is there a mnemonic with 12 or 24 words? If there is a setting, you can control the private key of the wallet. If not, then the other person is controlling the private key of the wallet.

Rule 2 – Do not store cryptocurrencies on your PC. Windows PCs are more susceptible to viruses than smartphone operating systems

Smartphone operating systems are simpler than PC operating systems. This leaves the hacker with fewer opportunities to enter the phone. In general, the simpler the system, the less opportunities a hacker can take advantage of. (Andreas Antonopoulos)

Rule 3 – If you do not need to trade tokens, store the cryptocurrency in a cold wallet

A cold storage (or cold wallet) is a device for storing cryptocurrencies that are disconnected from the Internet. If your device is disconnected from the Internet, hackers will not be able to attack.

An old smartphone with a private key installed, disconnected from the Internet or at least turned off. If you have a mobile phone, this may be a simple and inexpensive option, but some people think this may not be the safest option.

For added security, consider buying a dedicated cold wallet like Trezor or Ledger. (Translator's Note: This is a hardware device, but don't think that buying this cold wallet is a great thing to use. As a user, you need to understand Learn specialized knowledge to achieve the goal of being truly responsible for your own assets!).

These special thumb drive-like devices are designed for cold storage of cryptocurrency. Some experts suggest that new products should be purchased from manufacturers, and that used equipment may have been changed by hackers. As with the software wallet, if the cold wallet device is lost or damaged, you can recover the funds as long as you still have mnemonics.

Use common sense when dealing with cryptocurrencies

Hot wallets, cold wallets, online wallets, offline wallets – this sounds a lot of information and may be confusing for security. So, review the list of common sense suggestions that you can use and modify.

1. If you do not trade frequently, how many assets should you retain in your personal online account? May not be reserved. When the transaction is completed, the cryptocurrency withdrawal is transferred to the device controlled by the personal private key.

2. For daily shopping, just keep a certain amount of money in the hot wallet, similar to the amount retained by the physical wallet. If you are uncomfortable with carrying more than a few hundred dollars in a physical wallet, why do you want to carry more cryptocurrencies in the hot wallet of the cryptocurrency?

3. Will you leave thousands of dollars in cash at home? Maybe put it in your home safe, right? Most of the personal cryptocurrency should be stored on the smartphone (requires disconnection from the Internet).

4. tens of thousands of dollars of gold coins? Put these things in the safe at home? Maybe it would be better to put it in a safe vault. If there is a large amount of cryptocurrency assets, once lost, it will lead to bankruptcy. At this time, you can consider purchasing at least one dedicated cold wallet device and then storing it in a fireproof safe or a safer vault at home.

According to experts, if you manage cryptocurrency responsibly, it will be as safe as a person handling cash. Will I accidentally lose my cryptocurrency? Of course, just as most people will accidentally lose cash on the street. Will cryptocurrencies be stolen? In the same way, cash is stolen every day, whether on the streets or in a huge pyramid scam like Bernie Madoff.

Just like dealing with cash, cryptocurrencies must be handled with great care. If a person treats cryptocurrencies like a cash and learns and uses some common sense, there is less trouble in protecting assets.