The promise of blockchain technology and the power of cryptocurrencies is their security. Blockchain makes it impossible for someone to hack into your cryptocurrency and steal it since blockchain is that creates the chain.
While blockchain is the model of internet security, that doesn’t produce a fully secure system for users. There’s a surprising security risk regarding your digital wallet, and few cryptocurrency investors are aware of it.
Only As Secure As
The threat to your digital wallet is not through the blockchain but through the wallet or exchange provider. Information can be tracked and stored at the provider level, including your personal key, and can then be accessed by hackers in order to access your wallet without your permission.
Because of the competition for digital wallet usage is growing, companies are seeking more information about their customers. Whether through information provided or through tracking software, companies are learning about their customers more than ever before.
Wallet providers are tracking the information that you provide them. When you sign up for digital wallets with providers or exchanges, the company requires a certain level of information. Email address and name are all included in the data collected. While developers at wallet companies are kept under lock and key for security, the marketing information is not, and therefore can be accessed.
However, marketing managers are constantly seeking to track the online activity of their users. Search history, emails, and web activity all provide valuable information about what customers want and what would best be marketed to them.
Therefore, the by your provider includes web activity, searches, and even keystrokes. What’s more, some software used by marketing companies today includes services that allow the researcher to actually see . This means that secure private keys generated by wallet holders may not be such secure after all.
The data that is collected by your wallet provider, and the information that is possible to gain from your computer for marketing purposes, can be combined to allow hackers to sneak into your digital wallet. The possibility of revealing your secret key to your wallet provider is real, and that data can be accessed simply by hacking the wallet provider’s servers or through insider’s hacking.
What can be done?
There are a number of important safety and security practices that can help to protect your private keys and therefore protect your funds.
1. Secure Your Wallets
First, it is wise to find a wallet with security measures beyond the normal wallet providers. Some wallets are now using encryption to protect the private keys. Companies like have created a code package that encrypts the key data and protects it from insider hacking.
The above company offers a variety of services including a wallet and an exchange, all of which use encryption for private keys. Corion stands for capital online reward incentive optimized network – meaning that the company incentivizes consumers to use the platform by giving them rewards for activity. Corion has also shared the code for their Safety Look Solution so that other wallet providers can offer the same level of security. The details are available on their GitHub .
2. Separate Your Funds, Use Cold Storage
Users should always have at least two digital wallets (or even more, depends on the number of crypto funds). One wallet should be used for trading and transactional purposes, and the other wallet should be used to store savings and be kept in a secure location. This type of wallet must be a cold storage wallet. In any way, a backup of the private keys has to be stored safely offline (it’s a good idea to separate the private key into 2-3 parts and store them safely away from each other).
3. Wi-fi Wisdom
Be careful about where you go online when you’re using a device that has a wallet on it. Dangerous websites and risky wi-fi networks put your wallet at risk. At the same time, do not leave your device unattended, or lend it to anyone.
4. Service Safety
If your device holding your wallet needs service, be sure to move the funds from the wallet before having service done. Further, it is wise to change wallets every few months in order to not allow wallet security to grow thin over time.
5. Gone Phishing – Email and Web
Phishing scams through Google Ads and through email are rampant in the crypto world. Phishing scams are becoming more and more elaborate, make sure email received from wallet companies have their domain spelled correctly and never look for their web address clicking on Google ads. Once you send a phishing website your private key you can say goodbye to your funds.
6. Turn off auto-updates
It’s always a good idea to turn off auto-updates for applications relating to the crypto sphere. Application bugs can potentially create massive losses for account holders. It’s best to wait 2-3 days after an update has been released to see if any bugs appear. Once the app has been tested by other users, it’s a safe bet that you can install it without risk.
7. One or Two Factor?
It’s best to enable two-factor authentication (2FA) if your wallet allows for it. 2FA is simply a double authentication of who you are. 2FA Authentication can be done in different ways – Google Authenticator app uses a 6 digit code which is changing minute by minute and is unique to you, another option is to add biometric identification like a fingerprint. Whichever you choose, 2FA is very important in order to increase security.
8. Double Check the Address
It’s important to double-check the address that you send any payment transaction to. There are malicious programs that can edit a ‘copy and paste’ procedure in order to paste a different address, the new address belongs to an attacker. It’s usually best to send a micropayment as a verification, and then send the larger payment to the verified address.
9. Check the Locks
It’s important when using a web wallet, to ensure that there is an SSL security mark in the address window of your web browser. This stands for a secure site seal and ensures that your browsing is encrypted. The website should begin with HTTPS, rather than HTTP and you should notice a lock sign next to the URL. Again, security is critical when dealing with digital wallets.
- Bonus Tip:
Use a non-public email address for all your crypto accounts including exchanges. For that mail, set up a two-factor verification. As always, make up a strong password (including some unique characters).