- CoinGecko reported that $2.77 billion was lost to crypto hacks and exploits in 2022 alone, the highest in the past decade.
- BitPinas has listed the six essential security tips to protect your crypto assets: Store Your Seed Phrases Properly, Use Unique Password, Use Two-Factor Authentication (2FA), Be Wary of Phishing Attempts, Use Hardware Wallets, and Make Sure to Use the Right Website/Apps.
- There are bad actors that are trying to steal funds because they can. If we have tighter security measures, then the time will come when they cannot execute their dirty plays anymore, as there will be no victims left.
Despite having a strong community, we cannot deny the fact that there are still bad players in the crypto, stealing funds that others have worked hard for.
CoinGecko reported that $2.77 billion was lost to crypto hacks and exploits in 2022 alone, the highest in the past decade.47% of this $2.77 billion exploited were stolen using a diverse range of hacking and exploitation methods such as bypassing verification processes, market manipulation, crowd looting, and taking advantage of smart contract errors or loopholes.
Some of the exploits involved happened in 2022 include:
- Wormhole Hack: Wormhole, the main bridge connecting Solana to other blockchains, was exploited when it failed to validate ‘guardian’ accounts, which allowed hackers to bypass verifications with a forged signature. The hackers minted and stole $326 million worth of crypto, without needing the equivalent collateral.
- Axie Infinity Hack: Axie Infinity, one of the pioneers of the play-to-earn model, had suffered an exploit on its systems, which led to the shutdown of its sidechain Ronin bridge and decentralized exchange Katana. The FBI reported that the North Korean hacking group Lazarus was behind the attack on the Ronin Network.
- Nomad Bridge Exploit: Exploiting the crypto ‘crowd looting’ event, the attacker targeted the insecure configuration in Nomad’s smart contract which allowed users to withdraw any amount of funds, without having to prove the transaction’s validity. The looting exploited a total of $190 million.
- Mango Markets Exploit: The attacker, Avraham Eisenberg, utilized two accounts and created artificial inflation within the platform. He sold a large number of perpetual contracts of Mango’s crypto token MNGO from one of his accounts to the other which made the price increase by 1,300 percent in under an hour. After that, Eisenberg used the now-high-priced token as collateral to have a massive loan from Mango Markets for $110 million in other cryptocurrencies and then quickly withdrew the funds.
With this, here are the six essential security tips to protect your crypto assets:
Store Your Seed Phrases Properly
One of the most common security features for a crypto wallet is through having seed phrases, or what others call recovery phrases.
I remember when I became a scholar of Axie Infinity: Classic, one of the tips that my manager told me was to write my seed phrase in a notebook. Today, I still have the notebook with the seed phrase written on it.
If you consider doing it, write down your seed phrase on paper, in a notebook, or on a notepad. When you do this, make sure to have two copies and store them in separate locations. Example: One inside your closet and one in your wallet
Please take note that seed phrases on your computer or even on phones will bring you additional risk. If you just took a screenshot on your computer, then anyone who has access to it can steal your crypto. Most commonly, those who are victims of phishing incidents are the ones who experience it.
Use Unique Password
Most exchanges will require you to just create a username and a password to be able to access their app or website more easily in the future.
Create strong, complex passwords for all your crypto accounts and avoid reusing them. The longer the password is, the more difficult it is for hackers to guess it. Also, if a password has both capital and lowercase letters, and numbers and special characters, then it would be even harder for them to guess it.
The trick is to avoid having patterns, including names, birthdays, street addresses, and even song lyrics.
Use Two-Factor Authentication (2FA)
Aside from having a unique password, you can enable 2FA, which adds an extra layer of security by requiring a second verification step through a mobile app or SMS.
This makes your account and funds more safe because if someone possesses your password, they would still need access to your second-factor device to gain entry. It is because an attacker may be able to steal your password and use the “reset password” feature to take control of your account.
Be Wary of Phishing Attempts
Phishing is an online attack that steals user data, including login credentials. Most commonly, attackers bait their potential victims by sending them links or files that look like they are from legitimate companies, where victims are required to supply their personal information. such as passwords, account IDs, and more.
Through phishing attacks, bad actors could control your account if you supply the necessary details to log in to the crypto wallet or exchange that you are using.
Thus, be cautious of unsolicited emails, messages, or links asking for your details. Always verify the authenticity of the source before giving them the information they want.
Use Hardware Wallets
Hardware wallets offer the highest level of security, as these are physical devices that are designed to store your cryptocurrencies offline.
Thus, consider using a hardware wallet, which is a physical device that securely stores your private keys offline.
Some of the benefits that storing your crypto in a hardware wallet can offer include:
- The Private Key Remains Unexposed: Since your password is in the hardware wallet and not in the computer, the possible security risk of it being hacked is merely low.
- Increased Access Security: Since most hardware wallets are encrypted with pin protection or even biometric login, the possible security risk of it being hacked is merely low.
- No Vulnerability To Computer Viruses: The other thing that it brings as offline storage, is being safe from computer viruses. Most computer viruses, especially phishing attacks, are designed to collect basic information and data, including passwords.
Make Sure to Use the Right Website/Apps
Make sure that you go to the right website, as bad actors can also create a fake website that looks just like a legitimate one but has a slightly different spelling in its URL.
Always check if you are using only the official website for an app. In most cases, it will be the first site in the organic search results in Google, Bing, etc.
For mobile apps, regularly update the software and firmware of your crypto wallets, apps, and devices. Updates often include important security patches that fix vulnerabilities and protect against emerging threats.
Use only mobile apps you trust. Do not download those apps that are not yet known, or do not have an established security. Do not also download an app because it promises you a high yield, because it can be another way of phishing attacks.
Apparently, our choice in securing our crypto assets is not just for use, but also for our community.
There are bad actors that are trying to steal funds because they can.
If we have tighter security measures, then the time will come when they cannot execute their dirty plays anymore, as there will be no victims left.
So start having a more secure wallet, password, and identity. Start sharing your security measures with others.
Because the only way to eliminate bad deeds is the good ones.
This article is published on BitPinas: 6 Essential Security Tips for Protecting Your Crypto Assets
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.