Avoid falling prey to malicious actors with some of these basic tips when it comes to securing your crypto.
Cyber security threats have been in existence since the dawn of the internet and occur on a daily basis using increasingly sophisticated means. According to Cointelegraph — as of October 28, 2019, the amount of crypto stolen by hackers equates to the money Disney spent on acquiring Star Wars, Marvel and Pixar. A not-so-cool $15.6 billion. This harsh reality is not crypto-specific either. Traditional finance firms saw an average of $241 billon stolen as a result of cybercrime in 2018 alone. Ouch.
In the same report Cointelegraph found that over 48% of crypto exchange hackers prefer to exploit fraudulent exchanges and those without verification requirements. This is the fastest and easiest way to cash out stolen money as it enables hackers to bypass two major obstacles — KYC (know-your-customer) procedures and withdrawal limits.
It is therefore recommended, as a starting point, to make use of legitimate exchanges that implement stringent KYC and AML (anti-money-laundering) protocols.
Verifying your cryptocurrency trading account on exchanges like OVEX may seem cumbersome — but it is HUGE red flag 🚩 if your chosen exchange does not implement these procedures as a standard. These measures make it difficult for hackers to escape with your funds as their identities are exposed.
Beyond the exchange’s compliance with basic regulatory requirements — it is also imperative you research how your cryptocurrency is stored.
Your cryptocurrency is only as safe as the method you employ to store it.
Therefore, it is also crucial you do your due diligence and find a ‘storage solution’ you can trust and rely on — one that protects your private data and funds with the latest security standards and a professional security team.
When users store their cryptocurrencies on a platform like an exchange, this is considered custodial. Users hand over all security measures to the exchange — aka the custodian. But when a user holds their funds in a crypto wallet that only they can access, it is non-custodial and therefore free from platform risks. Why? Because here the user himself (or herself) is the custodian. This means they themselves hold the private keys to access their cryptocurrency and do not have to place their trust in a custodian to keep these private keys safe on their behalf.
People generally tend to hold their crypto on exchanges to generate yield from their otherwise idle digital assets. OVEX — for example offers crypto savings accounts where users can earn interest of up to 14%p/a dependent on deposit size.
But if you are going to use a custodial exchange — it is crucial you first ensure your funds remain in safe custody.
OVEX, for example, is well known for servicing institutions looking for a more sophisticated trading experience. Our industrial-grade security standards protect the high volumes of crypto processed on a daily basis. We will use our exchange as an example of what one should look out for when exploring crypto custody solutions.
To verify the safety of your chosen custodian you must investigate both the user-facing and non-user-facing security measures.
Some of the basic non-user-facing security features of your chosen exchange should include:
(1) XSS
Cross-Site Scripting (XSS) is the most popular vulnerability that allows attackers to use other users’ browsers as their own. OVEX implements a cross-site scripting prevention protocol that ensures this form of attack never materialises.
(2) Configuration vulnerabilities
Web terminals may be missing HTTP (Hypertext transfer protocol) headers. This increases vulnerability to certain types of data-interception hacker attacks. HTTP is the primary protocol used to send data between a web browser and a website. Even more crucial is to have the secured HTTP protocol.
Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP. HTTPS encrypts data inputs — which means your private information remains protected. Look at the exchanges full website address and take note of the protocol configuration.
For example |OVEX: https://www.ovex.io
Beware though. Even illegitimate platforms may have HTTPS config.
(3) Anti-DDoS module
A DDoS attack involves overflowing a targeted server or network by flooding it with fake internet traffic to interrupt its normal functioning. OVEX has an array of measures in place to prevent DDoS attacks.
(4) reCAPTCHA
CAPCTHA stands for (Completely Automated Public Turing test to tell Computers and Humans Apart) and the tech does pretty much exactly that.
reCAPTCHA is a service offered by Google that prevents websites from spam and abuse by distinguishing human users from automated bots. This is important as it inhibits bots from coordinating a brute-force attack by spamming your login with multiple password attempts.
(5) Cold storage
A cold wallet means users funds are not available on the ‘cloud’ — instead they remain securely stored on offline hardware. Stealing from a cold wallet would require physical possession of the cold wallet itself, as well as knowledge of associated PINs or passwords used to access the funds locked inside. This means even if an exchange were to be hacked, the assets stored in a cold wallet are invulnerable to theft. Popular exchanges like OVEX makes use of cold storage for this exact reason.
(6) Multi-sig + MPC (multi party computation)
As the name clearly implies, multi-sig are crypto wallets that need multiple signatures. What type of signatures are we talking about here? In simple words, you would need two or more private keys for signing and sending a transaction with multi-sig wallets. This ensures there is no single point of failure. It is a massive red flag if your chosen exchange does not implement some form of multi-sig. Remember QuadrigaCX? The infamous exchange that misappropriated clients funds and now has an entire Netflix documentary on its demise? Well they did not have multi-sig. This meant founder Gerald Cotten had full autonomy to do what he pleased without any QuadrigaCX employees or partners even knowing.
OVEX has taken this feature a step further with the MPC (multi party computation) approach to securing users funds. This revolutionary feature was made possible through the exchange’s partnership with world leading blockchain security service provider — Fireblocks.
With MPC, private keys and other forms of sensitive information no longer need to be stored in one single place.
Okay — but how is MPC better than multi-sig? Multi-sig is not protocol-agnostic (meaning it’s not compatible with all blockchains), and lacks the operational flexibility to support growing teams. This can cause major issues down the line — especially as a business scales.
With MPC, the private key is broken up into shares, encrypted, and divided among multiple parties. This means a potential hacker now has a much harder task ahead of them. To gain control over a user’s wallet, they now need to attack multiple parties across different operating platforms at different locations — simultaneously.
OVEX’s user facing security features are a prime example of what one should look for when evaluating their chosen exchange and these include:
- Email confirmations for withdrawals and deposits
- Anti-phishing email code to discern real emails from phishing emails
- Account lock for incorrect password attempts
- Sensitive data is fully encrypted at rest and in transit
- Constant, real-time monitoring for suspicious activity
- Configurable account timeout for another layer of protection
- Two Factor Authentication integration to shield clients from password hacks
Knowing what to look out for when charting your cryptocurrency journey is so important and often overlooked. You are responsible for doing your own due diligence. Be thorough and you will avoid falling prey to bad actors.
