In this day and age of social media and targeted ads, no one is safe from scams and online theft. Even the most prominent platforms are continually dealing with scam giveaway videos and clickbait aimed at the novice crypto traders. Learning how to protect your crypto becomes a top priority!
As scammers and hackers work to advance the way they conduct illicit activities, users must take action to upgrade their security. When trying to understand how to protect your crypto, remember that the best offence is a great defence!
Sim Port Attack
The first step that the user must take is understanding that nothing is as secure as it seems. Many boast that they don’t need to worry about hackers because they have their assets on a reputable exchange and have activated 2-Factor Authentication. Having 2-Factor Authentication enabled is not enough. Take the case of Sean Coonce, a typical crypto trader who lost around 100,000$ in a SIM port attack while having 2-Factor Authentication switched on!
Activating 2-Factor Authentication and linking it to a phone number is doing yourself a disservice. Currently, almost all online services ask to link a phone number for recovery purposes. While this seems beneficial, it gives the phone number access to every account owned. By connecting one’s online footprint to a phone number, whoever gets access to one’s phone number now has access to email, Facebook, and a load of other accounts.
Hackers have advanced. They no longer only look to gain access to your emails by cracking the passwords. They have upgraded to a new strategy, the Sim Port attack, or Sim Swap. Believe it or not, this attack doesn’t even require extensive coding. A sim port attack occurs when the hacker contacts one’s service provider and asks them to issue a new Simcard for your existing phone number. Now think back to your last call with your service provider, was the information that they asked to verify your identity that difficult to obtain? Your date of birth, address, and name of your favorite pet. All standard information that someone can get by merely stalking your social media.
Once the new sim card is issued and in their possession, they will proceed to activate it, which will simultaneously deactivate the sim in your phone without your knowledge, and begin the process of password reset flow. Typically, they will start with your email and make their way to each account tied to your email. Then, they will proceed to empty all your funds on every exchange. Knowing how to protect your crypto has never been a more urgent need.
Preventing Simport Attacks
Now all this can be avoided if the proper precautions are in place. Using 2-Factor Authentication is vital, but having it linked to your phone number is the problem. Alternatively, most of the websites that offer this service will also allow you to use an Authenticator App, such as Google Authenticator or Authy. Authenticator apps will be linked to your handset and not your number, meaning that if someone gained access to your phone number, they would not be able to use it for 2-Factor Authentication.
Beware Of Scams
Scammers have other tricks up their sleeves, the first and the most common would be giveaway scams. These scams target the novice crypto user looking to quickly increase his crypto holdings by offering them a quick opportunity to “double their money,” and all the user would have to do is just send them some crypto. Never send crypto to people that you do not know, many will promise that if you send them any amount they can double it, beware this is always a scam. Once they receive your funds, they are gone forever. Remember, your security is only as strong as its weakest link, usually the user themselves.
In the image below, you see that scammers have launched a website with the same handle as Uniswap, it is always vital to double and triple check the address of the site you are clicking on. A great tip would be to have these websites bookmarked.
Another common weakness when protecting your crypto that can lead to a security breach is your password; having a strong password goes without saying. But the password storage is the issue, using password managers that are permanently online is risky. These services are hackable; the best way to tackle this is a good old piece of pen and paper. Passwords should all be written down on paper and not stored electronically. Having passwords on pen and paper will strengthen your security more than you know.
Another important aspect for finding ways how to protect your crypto is storage. Where you store your crypto is as essential as keeping your passwords safe. The best practice is to use a hardware wallet to store a large portion of your crypto. By doing so, most of your assets are stored offline on the device: this means they cannot get hacked into.
Like diversification in finance, splitting up your holding across different wallets can prove to be efficient, especially for day traders who need frequent access to their funds. An optimal division would be to have the majority of funds stored on a hardware wallet and the portion used to trade on a secure but convenient wallet such as MetaMask. Doing so mitigates the risk if only one wallet is breached. In that case the rest of the holdings are not compromised and your crypto remains protected.
Being Safe on the Exchange
For Coinrule traders who need to have funds on the exchange but want to be secure, there are a few easy steps:
- Use an authenticator app for 2-Factor Authentication.
- Use a specific email for Crypto trading, do not link a phone number to the email, alternatively set another email as the recovery address.
- Write down your passwords on paper and do not store them online.
These steps will mitigate the risks on the user’s end, on the side of the exchange, there are massive security teams always working to keep the exchange secure. Also, many have insurance funds that reimburse the clients for theft that occurs as a result of a website hack. Binance’s famous SAFU comes to mind.
Overall, security in the world of crypto might be a long and challenging journey, but it is one that is essential. Having precaution in place does not seem like a necessity until a data breach occurs, and funds are lost. Once this happens, it is typically close to impossible to retrieve funds. Thus it is pivotal to have preventative measures to protect your crypto.