Why should you care about digital asset security?

he five categories of risk to cryptocurrency investors that everyone should know, some high profile stories of staggering losses, and some recommendations that may protect your digital assets.

TL;DR If you trust any institution to protect your seed phrase for you, you are not taking advantage of the greatest feature of cryptocurrency: independence. If you lose your seed phrase, and you don't have a backup, your crypto is gone. If someone steals your seed phrase and takes your crypto, you will probably never get it back. If you don't share access to your seed phrase with anyone at all, your heirs will not be able to access it. There are solutions and best practices that can help you protect your crypto.

To take this a step further, I created a Personal Information security GPT to answer questions using our collected mix of expert articles. Try it here:?Personal Info Security Wizard.

Risks with Cryptocurrency.

To be brutally honest, and this goes for all kinds of valuables, if you don't care about security, then hackers and accidents could take your hard-earned assets from you. This site is designed to show you options available from the industry, and this article outlines the risks and makes recommendations.

There is a big difference between using traditional financial institutions to trade in stocks and manage your bank accounts and the world of buying and selling digital currency. This key difference is highlighted in the following scenario:

If you forget the password to your bank account, you can obtain a password reset from the bank, but with native crypto, there is no one who can give you access to your funds.

Why? Because crypto is protected with a digital key, a list of words known as a seed phrase, and without this key, you cannot access your funds. This means protecting your seed phrase is the same as protecting your funds.

You could avoid the responsibility of protecting your seed phrase if you were to rely on a centralized exchange like Coinbase or Gemini to hold your crypto wallet for you as a custodian. When a custodial exchange controls your wallet, they are responsible for protecting the keys, and they can give you access to your cryptocurrency again if you forget your password to the exchange. Although this is super-convenient, you must keep in mind that whatever entity controls your keys or codes also controls access to your cryptocurrency, and that comes with downsides as well as the upside of convenience. In uncertain times, a primary benefit of owning cryptocurrency is the ability to be your own bank and to control your own funds - this is the very promise of the Blockchain and cryptocurrency - but to realize this benefit, you must control your own keys, and thus, your own security.

Understanding the vectors of loss

https://vimeo.com/509354748

Let's expand on each to understand clearly which solutions might be best for each situation. None of this is "rocket science," moreover, this kind of knowledge (known as "key management" - popup/glossary) is not unique to Bitcoin or cryptocurrencies but is essential for your future security on the Internet in general. The worldwide web is now being rebuilt on decentralized principles and cryptographic technologies that help it to scale further and deeper with enforced requirements to protect our data and sovereignty.

• Risk 1 - Leaving cryptocurrency on an exchange.
• Risk 2 - Storing Cryptocurrency locally.
• Risk 3 - Being targeted by criminals.
• Risk 4 - Accidental loss and natural disasters.
• Risk 5 - Loss of Generational wealth.

These risks affect everyone, and the best way to reduce them is to make sure that you carefully back up your seed phrase. This site describes for you the most common options available. Supplementing this guidance, the crypto Wallet Guides show you how to create wallets in a secure and safe manner, highlight where you have options, and suggest when you should follow default instructions.

We hope that these articles, written by security experts, help you to navigate crypto security in a practical way so that you can enjoy participating in the exciting and empowering world of crypto.

Let's explore in a little more detail and point you to the right resources to protect yourself.

"Safeguarding money is necessary for the crypto economy to flourish."

Cameron Winklevoss, Winklevoss Capital

What "owning your own money" really entails.

In a traditional banking scenario, clients don't have to worry about the theft of their account funds or incorrect transactions. This is because banks work with consumers to block potentially fraudulent transactions and to issue chargebacks for unintentional transactions. The role of the traditional bank is to provide and ensure such security.

A distributed database on a blockchain network is also extraordinarily secure and resilient. When cryptocurrency advocates explain blockchain technology, they highlight the fact that blockchains have no single point of failure. By this, they mean that there is no single place where an attacker could maliciously halt or modify the network. From a technical standpoint, blockchain transactions are extremely secure in the validation, resilience, and integrity that they provide.

However, points of failure associated with a decentralized blockchain database migrate towards the user's end of the spectrum: by managing your own money, you become the potential single point of failure in protecting your funds. How? As a cryptocurrency owner, your access to this resilient network is through your crypto wallet, and that access is granted through a digital private key that is stored in your wallet. Your seed phrase was used to generate this private key, and your seed phrase can also restore your private key if your wallet is damaged. Your careful storage and use of this private key - and your seed phrase backup - determines whether your crypto funds remain secure, or are exposed to loss or theft. In this way, as the guardian of your wallet and seed phrase, you are fully responsible for the safety of your funds.

Blockchain transactions are fast and permanent.

The decentralized finance (DeFi) movement introduces a new paradigm in which owning your own money and participating in a decentralized financial network creates a whole new form of economic mechanics. The main concept is that instead of central authorities solely determining an economy's fate through monetary policies, monetary policy is also greatly affected by how blockchain software evolves and by how people interact with it.

How a blockchain network settles and records transactions for a cryptocurrency is determined through the exercise of its operational protocols. Transactions, once completed, remain immutable forever. The part of that last sentence to pay close attention to is "immutable." Immutability is a characteristic that offers great security to monetary transactions since once a transaction is completed, it is committed permanently and can not be reversed for any reason.

Settlement is very fast compared to traditional banking, where charges may be reversed long after the transaction has been completed. However, because a blockchain is immutable, any losses as a result of a security breach or accident are irreversible. This opens digital asset finance up to a whole new array of security threats.

The challenges of crypto key management.

Taking control of your own crypto keys puts your funds at risk of environmental disaster. Should an earthquake demolish your home and crush your hardware wallet or hard drive with your paper wallet stored in it, it most likely will not be recoverable. If this happened, your funds would be abandoned on the blockchain forever, since no one would be able to guess or restore that lost digital key.

Poor key management is by far the most common way that cryptocurrencies are lost. Consider that, given that many of us need to rely on "forgot password" functions to recover simple 9-character passwords; it's unrealistic to believe that we can be trusted to casually maintain a 48-character string of ciphertext. One U.K. resident, James Howell, mined Bitcoin in the early days, storing his private key on his hard drive. At one point, he accidentally threw that hard drive away. That hard drive held 7,500 Bitcoins, which amounts to over $352 million at today's (quickly-changing) coin price of $47,000. Ouch.

Key management is difficult for those who are technology-savvy — and even harder for those who aren't. Because of this predictable difficulty, estimates show that between 17 and 23 percent of all bitcoins have been lost as a result of losing a private key.

Hostile actors.

Hackers pose one of the most serious threats to cryptocurrency holders. In 2017, 13.7% of the entire world's population reported a hack of some type digital asset — including both bank account balance and cryptocurrency. This indicates two key and important points: One, hackers are rampant, and will relentlessly continue to steal from consumers. Two, consumers are not effective at personal digital security. Should the world switch over to blockchain-based finance — where transactions are irreversible — this could be far greater of a threat than it is right now.

Hacking attacks are possible through targeted malware or virus attacks, and through other deliberate compromises. In 2017, a WannaCry virus attack yielded a loss of over 108,000 Euros from everyday consumers using applications compromised by the virus. In July 2018, a Chrome browser VPN extension was hacked and used to retrieve private keys entered into a MyEtherWallet browser tab — leading to a loss of over US$1.2 million from average consumers. In 2018, a MyEtherWallet browser plugin DNS hack let hackers steal over US$365,000 from users.

Exchanges have also not been left out of the fun — see Risk 1 below - numerous major exchanges have seen thefts through security breaches. Some of these include Mt. Gox, BitInstant, CoinCheck, and BitGrail. Hundreds of millions have been lost, and not all of these exchanges went on to cover the losses exchange users faced. This all goes to show that hackers indeed pose a risk to both cryptocurrency holders and cryptocurrency custody handlers.

Risks and Recommendations.

Below is a short summary of risks and some poignant examples, together with some common-sense recommendations. More details on how to implement security are found throughout this site.

https://vimeo.com/509984978

Risk 1 - Leaving cryptocurrency on an exchange.

When they first start trading cryptocurrency, many people end up leaving their crypto on the exchange. It's convenient; the funds and the coins are on hand to make transactions easy, but unfortunately, hackers love the fact that so much crypto is in one central place, ready for the taking.

According to to Inside Bitcoin, more than $11 billion (and counting) has been stolen not only from supposedly secure crypto exchanges but also other custodial wallets and mining platforms since 2011, mostly due to hacking incidents.

However, the number of exchange hacks is not declining. In fact, you can find up-to-date lists of cryptocurrency exchange hacks on the internet. According to NASDAQ, Cyber-attacks and hacking incidents on digital assets netted $1.8 billion in the first 10 months of 2020 alone.

Most recently, a large hack happened on the KuCoin centralized exchange in September 2020, with hackers stealing $275 million from the Singaporean exchange.

Hackers have gotten their hands on $11 billion in stolen cryptocurrency since 2011. More than US$11 billion has been stolen from supposedly secure crypto exchanges, wallets, and mining platforms since 2011, mostly due to hacking incidents, research from Inside Bitcoins has revealed. - July 2020

Exchange hacks are not just limited to third parties - employees and even founders of exchanges have perpetrated massive fraud.

In addition to the famous QuadrigaCX case in 2019, another top10 exchange, OKEx, suffered an outrageous hack by a founder who went missing, absconding with exclusive access to users' private keys; this led to the exchange to freeze withdrawals on all users' assets for more than five weeks.

This is why it is essential that you not leave your crypto assets on exchanges, regardless of assurances to the contrary.

Recommendations:

• Move your crypto funds off the exchange into a wallet that you control.
• Get familiar in advance with security options that fit your circumstance
• Create a secure backup of your seed phrase - not on paper but through some other mechanism.
• Don't leave any casual paper backups lying around.

"Exchanges are the main target for hackers. Those are the biggest honeypots. So the number one rule in Crypto is, do not keep your money on an exchange, and if you're going to custody that money, you need to do it off of the exchange..."

Joe DiPasquale, BitBull Capital

Risk 2 - Storing Cryptocurrency locally.

There are many, many stories of seed phrases being backed up onto local devices and then getting lost or stolen, or the PIN/Password being forgotten - in contrast with leaving seed phrases in centralized cloud storage. The trouble with local storage is that it's easy to lose, or even for someone to target you and steal the storage device.

Recommendations:

• Consider storing your personal storage device somewhere safer, like a safety deposit box. Just remember safety deposit boxes are not impervious to risks.
• Crreate a secure backup of your seed phrase - not on paper but through some other mechanism.
• Don't leave any casual paper backups lying around.

Risk 3 - Being targeted by criminals.

With so much of our personal information available to anyone who wants to target us, the risk of your crypto being targeted is very real. Personal attacks include email phishing attacks, SIM Swap attacks that can sidestep 2-factor authentication, and various other ingenious social engineering attempts. The majority (50%) of crypto thefts in 2020 occurred on Defi protocols.

"We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting "nearly $3.78 billion" in 2020," according to a report from Atlas VPN. - Jan 2021

Recommendations:

• Use an authentication app to thwart people trying to take over your phone
• Create a secure backup of your seed phrase - not on paper but through some other mechanism.
• Don't leave any casual paper backups lying around.

Risk 4 - Accidental loss and natural disasters.

Data on cryptocurrency lost due to accidents and natural disasters is hard to come by, but estimates indicate it is north of $10 Billion. Accidents - losing your hardware wallet or leaving your paper seed phrases behind because you had to evacuate California wildfires and earthquakes, have contributed. Many believe that the biggest loss comes from simply forgetting PINs and passwords - something that can happen even if you take precautions.

Tens of billions worth of Bitcoin has been locked by people who forgot their key. Of the existing 18.5 million Bitcoins, around 20 percent — currently worth around $140 billion — appear to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis. - Jan 2021

James Howells, a Welsh I.T. worker, began mining Bitcoin on a personal computer in 2009. By 2013 he had mined 7,500 Bitcoin which is worth about $270 million in Jan 2021. In 2013 he stopped mining and sold the computer he was using for parts on eBay. He kept the hard drive with the hope that Bitcoin would rise in value. In 2013 when cleaning his house he accidentally threw the drive away and it, along with the rest of his trash was taken to the local landfill in Newport, South Wales and buried. Asked how it ended up in landfill, he explained that it was "thrown out into a bin bag during a clear-out in a case of 'mistaken (hdd) identity' in summer 2013. There were two HDDs in the same drawer, the wrong one got binned? s*** happens." The landfill reportedly contains about 350,000 tons of waste and 50,000 more tons are added every year. An article reported that "a council spokesperson said their offices have been "contacted in the past about the possibility of retrieving a piece of IT hardware said to contain bitcoins," but digging up, storing and treating the waste could cause a "huge environmental impact on the surrounding area."

Recommendations:

• Move your crypto into a wallet that you control and use a password manager.
• Create a secure backup of your seed phrase - not on paper but through some other mechanism.
• Don't leave any casual paper backups lying around.

Risk 5 - Loss of Generational wealth.

We usually don't think of death or incapacitation while contemplating how to enter the brave new world of crypto, yet the consequences of how crypto is secured means that to ensure the accessibility of funds by future generations, specific protective steps must be taken. This starts with talking to a trust and estate lawyer to draw up a will and a plan for how beneficiaries can access assets. This can be a convoluted process. As a result, companies like Vault12 have identified solutions to provide simple and easy-to-use solutions for digital inheritance.

There is a steady drumbeat of these stories happening with worrisome regularity: In December 2018, Gerald Cotten, the founder of the bitcoin trading exchange QuadrigaCX, died (under somewhat mysterious circumstances) resulting in the loss of $250M and the exchange going bankrupt. Gerald was only 30 years old and had not created an inheritance plan, nor were instructions of how to access the centralized assets ever found. In April 2018, Matthew Mellon, heir to Mellon family banking fortune and former chairman of the NY Republican Party finance committee, and cryptocurrency proponent, died. Prior to his death, he held an estimated $1B in Ripple (XRP) - all of this remains were inaccessible as he left no instructions, even though he protected the cryptocurrency via cold storage in multiple locations around the US in different people's names. In 2017, an unidentified young crypto investor in Colorado died with a small fortune in cryptocurrency held in a coinbase account. The family, however, had no access to the account and eventually had to petition Coinbase directly. Eventually the assets were released after a lengthy process. If the account holder had not been a U.S. Citizen, this would have been a much more complicated process.

Recommendations:

• Talk to a crypto-savvy lawyer or Trust and Estate attorney and write a will or other legal document with their help.
• Create a secure backup of your seed phrase - not on paper but through some other mechanism.
• Look at Digital Inheritance solutions.