Rise in Bitcoin prices has attracted thousands of new users and investors who want to share the profits. With that comes the temptation to use cheap and insecure methods to attain and deal with tokens, at a time when hackers are on the rise.
For instance, it was recently reported that 90 percent of cryptocurrency apps on Google play have loopholes, 66 of which are very popular.
Here are the three biggest risks to your tokens and simple mistakes that can see you lose them, and what you should do to minimize those risks.
This is by far the biggest risk for your tokens. Human error is very real because of the nature of tech that is cryptocurrencies today, which is unknown to newbies and also the fact that some unusual actions on the side of the user are necessary in order to assure good security for the tokens.
Some of the errors relate to copying and pasting addresses, which relate to sending to the wrong address, which is unrecoverable. You might have heard of malwares that replace your addresses with their own as you copy them into areas, but even as you write the address instead of copy pasting, confirm twice that the number is indeed the intended. Errors of confusing “0” as an uppercase “O” might also occur.
Errors such as sending Bitcoin to an Ethereum address could also see you loose completely. Avoid sending coins to the wrong crypto choice on exchanges and confirm that indeed the service for that transaction is working before proceeding. Don't assume anything.
The other error is sharing private keys with other parties.
Again, if participating in an ICO, ensure to send coins from a wallet like MyEtherWallet instead of from an exchange because they might not credit the tokens when they release them: they usually send back the tokens to the address you used to send your investment.
Using hardware wallets and offline platforms that allow signing of transactions can also minimize chances of human errors because, for instance, they do not need significant work to keep them secure like do software wallets and online wallets (hot wallets).
Threat of "external errors"
As we talk, $280 million Ether were locked in the Parity wallet recently when a single user changed some code. Parity, a cryptocurrency wallet provider reported that they discovered a "accidentally" in its wallet, which allows users to change code and become owners of wallets that do not belong to them.
The user is said to have changed the code "accidentally" via the bug.
While good people are working behind the scenes to build platforms and services that are convenient and secure for everyone, there is still change for errors from external source. It has also been reported recently by High-Tech Bridge web security company, that 90 percent of mobile cryptocurrency apps on Google Play are not secure, and the vulnerabilities are as a result of failure by the developers and owners to not take the apps through security procedures.
The company found out that 77 percent of the most popular app has at least two high-risk vulnerabilities.
These vulnerabilities arise due to insufficient cryptography such as a predictable randomize or weak hashing algorithms like SHA-1, or insecure data storage.
Minimize your dependence on external platforms might help with that. But that said, ensure to use platforms such as MyEtherWallet that you have complete control of if participating in ICOs. Particularly, be wary of platforms that could store your private keys for you. Bear in mind that anyone with your private key has power over your Bitcoins or whatever altcoins.
Risk diversification is proven good business strategy. It implies spreading your holdings over multiple platforms. For instance, if you have $20,000 worth of holdings on an exchange wallet, you could minimize risks by not holding all in an exchange wallet but instead, keep some in a hardware wallet.
Blockchain is almost impenetrable because it is built using cryptography. However, vulnerabilities exist on exchanges and wallet platforms and the many news about hacks should act as a warning.
For instance, exchange phishing scam are many. They form nearly identical sites to those of official owner websites and trick you to sign up with sensitive login data. They could then infect your computer with malware. In addition to bookmarking your exchange site, typing website and addresses directly instead of copy pasting and confirming, use two-factor authentication (2FA). You can also use Google authenticator instead of SMS, strong passwords and secure email accounts.
Recently, it was reported that CryptoShuffler malware waits for an infected user to paste the recipient address and thn swaps it out with the hacker's wallet address. Check your address always and type it in manually.
Hardware wallets are also advisable because they are offline and allow signing of transactions offline.
Lack of information
Most of vulnerabilities can be avoided by double-checking who and what you are dealing with. For instance, many say that you shouldn't trust emails and IMs on platforms just because they appear to come from the company or project you have been dealing with. Ensure to double check before clicking links on these emails and IMs.
Besides, investing in bad projects and dealings can largely be dealt with by doing some research on the project and owners to ascertain that they are real people and not scammers. For instance, by joining crypto forums and social pages, you can also get to know some scams before it is too late and you are in.
Also, get familiar with security procedures for end users for various cryptocurrency platforms.