How To Protect Your Private Keys
Market Recap
A Good Week For Digital Assets
How To Protect Your Private Keys
We recently wrote about the different types of crypto wallets that exist in the blockchain space. As a recap, crypto wallets store your private keys and are, therefore, the way you interact in the world of blockchain. A wallet allows you to have a unique identity, use different blockchain networks, and they are where you 'store' your assets.
What is important to remember is that, unlike a regular wallet where you can hold cash, a crypto wallet doesn't technically store your crypto, your crypto or assets live on the blockchain. Your wallet contains the private keys that allow you to prove ownership or 'unlock' those assets and make transactions.
This week we will explore the best approaches to storing your private keys and protecting your crypto.
Exchange Wallets
Exchange wallets are slightly different from hot and hardware wallets as you don't actually store the private key yourself; this responsibility falls on the exchange. When you transfer your assets to them, you are giving them the ability to make transactions on your behalf.
As one imagines, this gives them a lot of power over your assets. If someone hacks your exchange account, they can make unauthorised transfers as an exchange doesn't have the ability to verify that you are instructing them to do something, beyond the password you use to log into the account in order to prove you are who you say you are.
Therefore, when using an exchange wallet, it is always recommended that you use some form of Two Factor Authentication.
Two Factor Authentication
Two Factor Authentication (2FA) is an electronic authentication method that needs you as a user to present two or more pieces of evidence to gain access to a particular website or application.
Each exchange will have its own version of 2FA; generally, it involves receiving an SMS, email or using an authentication app like Google Authenticator.
Each has its own security risks; however, email and SMS are the most susceptible to hacking. Email is one of the most common ways for people to get into your account; if they manage to hack your email, they now can essentially access almost any website or application you use and quite easily reset your password. I am sure we have all hit the forgotten password option at some point. Once in your emails, they can now authorise the exchange to withdraw your crypto.
SMS is also vulnerable to hacking through SIM Swaps. SIM Swaps are when a hacker calls a mobile provider and impersonates their victim by saying they lost their phone or SIM card and need to move their old number over to a new SIM. Once the phone company permits this, they can now also authorise the 2FA authentication as it comes through and withdraw your crypto.
The safest method is using a combination of the three, including the Google Authenticator App.
Setting up an authenticator app requires a few more steps than SMS or email, but it is worth it. The first step is downloading the authenticator app from Google Play or iStore. Each exchange will have its own process for enabling the Google Authenticator, but generally, you will find it under the security settings. Follow the step by step guide that the exchange provides. The most crucial step here is saving the backup key that you receive during the setup process on a piece of paper. This key will allow you to recover your Google Authenticator in the situation you lose your phone or it gets damaged. Store this key in a safe place and ensure that no one else has access. You can follow the tips we give when storing your seed phrase which we will get into below.
Using this combination of safety measures is the most effective way to protect 'your' private keys when it comes to using an exchange wallet.
Hot Wallets and Hardware Wallets
Hot wallets and hardware wallets have a very similar setup process, and therefore the way you protect your private keys is the same. Protecting your private keys comes down to securely safeguarding your seed or recovery phrase.
What is a Seed or Recovery Phrase?
A seed, recovery or mnemonic phrase is a series of words that give you access to the crypto connected with that wallet; it is also, therefore, how you regain access to your crypto wallet if you lose it, delete it, or something else happens to it. You can think of it as the 'master key' to your wallet and funds. Therefore, it is essential to record and store it securely.
How is a Seed Phrase Created?
Seed phrases were introduced with BIP39 (Bitcoin Improvement Proposal 39). The idea behind this proposal was that it would make it easier to back up your wallet and leave less room for human error. Before this, you had to store the private key itself, which consisted of a long string of letters and numbers. Here is an example below:
E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
This wasn't an ideal solution, and even one number or letter out of place would result in you losing access to your assets.
There are 2048 unique words on the BIP39 wordlist where either 12 or 24 words are used when creating your seed phrase. This means that if you have a string of 12 words, you would have 128 bits of security; while this doesn't sound like a lot, an attacker would need to perform 2128 operations to potentially guess the seed phrase, which is practically infeasible to do. As you increase the number of words in the seed phrase, so does the security of the wallet itself. Another significant benefit that you get from using a seed phrase is that they are capable of generating a large number of keys from the one master key, which increases privacy and also allows you to create a large number of receiving addresses.
The implementation of BIP39 really created a superior way for humans to interact with their private keys.
How Do you Protect Your Seed Phrase?
Protecting your seed phrase can be done in many different ways, depending on the security level you require and the effort you as an individual want to put in. There are a couple of best practices that should be followed when setting up your own wallet, both hot and hardware.
The first step is to get your seed phrase. This will be given to you at some point during the process of setting up your wallet. As stated before, it is usually a list of 12 or 24 words. Write down these words on a piece of paper, take great care to ensure that you have copied them down in the correct order and that the first four letters of every word are eligible, and you can read it (each word from the list of 2048 can be identified by the first four letters). However, to make your life easier, make sure the whole word is readable.
Now that you have your 12 or 24 words down on a piece of paper, you have a few decisions to make. The first should always be to write down the words on another piece of paper, so you have two copies. These copies should always be stored separately.
The most effective way to store them is to take the two copies and put them in separate safe-deposit boxes; however, for most people, this isn't possible for obvious reasons. Therefore if you can store at least one in a safe-deposit box, that is great; the other, you can find a secure place at home. If this isn't possible, you can give one copy of the seed phrase to a trusted friend or family member. Remember that now they have your phrase, they, or someone who finds it, can withdraw your crypto, so make sure they understand the importance of looking after it.
There are also other more durable ways to record your key phrase than paper; these are specialised metal devices made with stainless, shockproof, acid-resistant metal that is fireproof up to 1400C/2500F. You either engrave the words into the steel or have several letters to choose from to make up a word. You can look at an example of these devices here.
The biggest takeaway is that you should always have at least two copies stored in a secure location. That way, if anything happened to your house or the place it was being held, you have another to recover that crypto.
Additional Tips
Email address - a great way to protect yourself is to set up a dedicated address you use for crypto only. In that way, if someone gains access to your main email, they may not be able to access or have signing rights when using an exchange.
Writing down your seed phrase - make sure that you do it eligibly and in a pen that will not fade over time. The last thing you want is to open up your page a few years down the line, and you cannot read what it says.
Always write it down - never store a copy of it on your computer. If someone gains access to it, they may be able to steal your seed phrase.
SIM Swaps - this is just a general tip for SIM Swaps. If you suddenly lose signal on your mobile for an unexpected reason, even after restarting your phone. Call your mobile provider immediately as this is your earliest sign of a problem.
Protecting your assets comes down to protecting your private keys. Everyone has heard the stories of people who have lost access to millions of dollars worth of assets, don't let that story be about you. By being diligent and putting in a bit of extra effort, the assets you own will be safe.
Notable Articles and News Stories This Week:
US Officials Seize $3.6B in Bitcoin From 2016 Bitfinex Hack
Federal officials seized some $3.6 billion worth of bitcoin tied to the 2016 hack of the crypto exchange Bitfinex.
Agents arrested two individuals in New York on Tuesday on charges they conspired to launder proceeds from the Bitfinex hack in 2016. The married couple, Ilya "Dutch" Lichtenstein and Heather Morgan, will appear in court at 3:00 p.m. ET in New York, according to a U.S. Department of Justice press release.
Some 120,000 BTC was stolen in the 2016 hack, then worth around $60 million and representing nearly one-sixth of the total trading volume at the time. At today's prices, the total amount of bitcoin stolen is valued at $4.5 billion, but the DOJ only seized about 94,000 BTC valued at $3.6 billion.
Read more about the seizure here
Crypto M&A Surged Nearly 5,000% in 2021, PwC Report Says
The total value of crypto-related mergers and acquisitions (M&A) rose to $55 billion in 2021 versus $1.1 billion a year earlier, according to a report from PricewaterhouseCoopers (PwC).
The U.S. led in absolute numbers of deals, with 51% of all transactions last year, up from 41% in 2020. Europe, Middle East, and Africa (EMEA) garnered 33% of all deals, with Asia Pacific (APAC) netting 16%. Looking at deal dollar values, EMEA led the way at $25.5 billion versus $24.5 billion for the U.S. and $5 billion for APAC. Behind the rise in average deal size to $179.7 million from $52.7 million was 2021’s U.S.-centered special purpose acquisition company (SPAC) boom, which featured a number of $1 billion+ mergers.
PwC also tracked crypto fundraising deals, finding a 645% year-over-year rise in 2021 to a total value of $34.3 billion. The average deal size was up 143% to $26.3 million.
Read more of the report here
BlackRock Planning to Offer Crypto Trading, Sources Say
BlackRock, the world’s largest asset manager, is preparing to offer a cryptocurrency trading service to its investor clients, according to three people with knowledge of the plans.
The New York-based company, which manages over $10 trillion in assets for institutions, plans to enter the cryptocurrency space with “client support trading and then with their own credit facility,” one of the people said. In other words, clients would be able to borrow from BlackRock by pledging crypto assets as collateral.
Read more here
Forbes Receives $200M From Binance as It Eyes NYSE Listing
Digital publisher Forbes and Magnum Opus Acquisition Limited received a $200 million investment from cryptocurrency exchange Binance.
Forbes is looking to list on the New York Stock Exchange through a merger with Magnum Opus, which is a special purpose acquisition company (SPAC), under the ticker symbol “FRBS."
The publisher will use the funds to accelerate its digital growth, the company said in a press release on Thursday.
Binance will assume half of the $400 million commitments from institutional investors, which was announced in August, effectively making it one of the two biggest owners of the publication.
Read more about the investment here
Whilst we all have the option to look, to seek to understand, it’s often easier not to. Bitcoin, Ethereum and distributed ledger technology are complex systems that require significant due diligence. At Etherbridge, we aim to lower the barriers to understanding this fast-growing digital economy.
If you are interested in staying up to date, please subscribe to our newsletter at etherbridge.co
This is not financial advice. All opinions expressed here are our own. We encourage investors to do their own research before making any investments.
