Cybersecurity Tips: Cryptocurrency

October is Cybersecurity Awareness Month so it’s a great time to talk about securing your hard earned cryptocurrency.

Cryptocurrencies are a prime target for scammers and hackers, and can net some pretty hefty payouts for the perpetrators. Just last week we saw a security incident where it is estimated that upwards of $200m in crypto was stolen from the cryptocurrency exchange, Kucoin. 

This quick guide takes you through the steps you can take to keep your crypto safe.

  • Two-Factor Authentication (2FA)

    For obvious reasons this is the first on our list, but it is also one of the most basic steps you can take to secure your accounts (and not just crypto ones).

    Just about every exchange now offers the option of using 2FA and it should be the first thing you activate when creating a new account. It’s extremely simple to use and the only equipment you need is a smartphone.

    Check out our full 2FA guide: https://numio.one/defending-your-online-world/
  • Not Your Keys, Not your Crypto

    Yes we hear this shouted from the rooftops whenever there is an exchange hack or exit scam, but for good reason. If someone else is in custody of your cryptocurrency then they, or a hacker that gains entry to their database, can do what they want with it.

    Don’t store any crypto you can’t afford to lose on an exchange. Instead, withdraw it to a wallet for which you own the private keys and, if you can afford it, buy a hardware wallet like a Ledger or Trezor – until Numio Vault is released anyway.

  • Celebrities don’t give away money

    These scams that prey on the greed of a victim have been going on for thousands of years, with the celebrity crypto giveaway being just the latest variation. It generally goes something like this. A tweet goes out from a famous person, it could be a fake account or even from a real account, saying something along the lines of “I am giving back to the community – send 1BTC to get 3BTC back”.
    This is a sure fire way to be parted from your crypto, so remember – if it sounds too good to be true it probably is.
  • Private keys are private

    Not much more to say other than never give anyone your private key and never enter it into any websites.

    As soon as you do that someone else has access to all of your crypto.

  • Your identity is precious

    It is common practice for any platform dealing with money and securities to undertake Know Your Customer and Anti Money Laundering checks. This is so they can keep within government regulations. Before sending in all your personal data and photos of your passport, you have to ask yourself, ‘how trustworthy is this company?’, ‘who has access?’, ‘how is it being stored?’ and ‘is it encrypted?’.

    Identity theft is a very real and very serious problem. So if you are in any way unsure about any of these things then maybe you should reconsider sending them your data.

  • Beware of links

    -Always check official project websites for social media links.

    -Go directly to exchanges and find the coin/token you want to trade – don’t trust links.

    -Don’t trust any links sent to you online.

    -Don’t trust links posted on social media.

    -Check for the SSL padlock in the address bar to make sure you are on a secure https connection and not an unsecured http connection.

    A secure website (shown below) will have a closed padlock, which may be green, and display https:// in the address.

    Hovering over the padlock will confirm the site is secure.

Webpage with the secure https padlock.
    An unsecure website (shown below) will have an open padlock or a warning sign over it and display http:// in the address.Hovering over the padlock will confirm that the site is not secure.
Website without the secure https padlock.
  • Wallets and downloads

    If using a web wallet (e.g. myetherwallet) always make sure you are on the official website and not a clone. Google ads have been known to direct unsuspecting victims to fake sites. Metamask is a great wallet to use and interact with decentralized apps but always make sure you download the app from a trusted source linked from the MetaMask website.

    When downloading any cryptocurrency wallet always make sure you are on the official project page, and even then use checksums to make sure it’s legitimate – fake ones designed to steal your crypto do exist.
  • Contacted by an admin

    If you have been working in crypto for any length of time you will have had a scammer make a clone social media account with your profile. Everyone here at Numio has been cloned at some point.

    A common method that scammers use to appear legitimate is to create similar looking usernames where a single character is changed, e.g. substituting capital I (i) for lowercase l (L).

    These scammers pretend to be admins and official project representatives, using this to contact victims directly with promises such as personal reward offers.

    These are always scams and no admin from a reputable project will ever contact people first, especially with offers – the advice is to report it, block it and move on.

That was your short guide to keeping your cryptocurrency safe – be vigilant and stay safe out there.

Want to learn more?

If you are interested in integrating Numio tech into your platform, having a demo, or simply want a chat with our devs, then please contact us at hello@numio.one or via one of the following channels.