One single vulnerability is all a hacker needs! And no one understands that better than people who’ve lost their funds to a variety of ingenious exchange hacks and scams.
Like you, most people buy their first cryptocurrency on an exchange, and they leave them lying there simply because it’s convenient to do so. But what they don’t realize is that exchanges are sitting ducks for hackers. Cryptocurrency exchanges charge fees for trading and store funds for their customers, but they’re prone to hacks because they centralize the risk and store a part of their private keys online for real-time withdrawals.
One user lost crypto worth $100,000 on Coinbase, reportedly the world’s largest cryptocurrency exchange, with over 25 million users across 32 countries worldwide. The user’s SIM card was swapped by a hacker who used Google’s 2FA to access his email, and then his Coinbase account, in what is called a SIM Port Attack.
Just in case you’re wondering how he did it, the hacker got hold of the user’s personal ID, mobile number, and email address. He then called the user’s mobile service provider and requested for a new sim card. That’s not an unusual request; it happens when you upgrade to a new phone or switch mobile carriers. Once he got his hands on the SIM card, the hacker recovered the user’s primary email account. And from there, he retrieved the user’s Coinbase password and moved all his crypto away.
How many times have you received an authorization code that enables you to sign into your account? You’ll never look at those texts in the same way again! The unfortunate victim has provided a detailed account of his experienceif you’d like to delve a bit deeper into it.
Even Binance, the most popular exchange by volume, lost about $40 million worth of crypto in a well-planned hack. The attackers used a variety of techniques, including phishing and viruses, to access one of its Internet-connected wallets and withdrew 7,000 bitcoins.
Sometimes, an exchange doesn’t even have to be hacked for you to lose your funds.
A good example is Quadriga CX, an exchange that was not exactly hacked, but users lost their funds anyway. Because, when its founder, Gerald Cotten, died suddenly, he took the knowledge of $135 million in cryptocurrency to his grave. Reports state that Cotten defrauded users and moved their funds to other accounts, but nobody had an inkling of what was happening.
Such incidents drive home the importance of storing your crypto in a completely secure environment, one that hackers will not find easy to access. As advocates of the “Proof of Keys” movement will tell you — be your own bank. Move your private keys to a device where you actually have full control of your funds. Binance, Coinbase, Coinmama, and Krakenare some exchanges you can use to purchase cryptocurrency. Once the transaction is complete, you should send your assets to a wallet that gives you access to your private keys, preferably a hardware wallet.
If you’re planning on HODLing your funds for any length of time, the safest place to do it is in a hardware wallet.
A hardware wallet is designed to store your private keys in a secure environment. They usually connect to your computer or smartphone via USB, bluetooth, or QR codes. Because you keep them offline, they provide cold storage for your coins and tokens. Basically, there are two parts to a hardware wallet. The first part is a desktop, mobile or web client that’s connected to the Internet. This creates the transactions but can’t sign them, and that’s where the physical hardware wallet that contains your private keys comes in. The transaction must be sent to your offline hardware wallet, verified by you and signed by the device before it can be completed.
When you first set up your device, a random recovery seed is generated. Store it in a secure location, preferably in a metal wallet. If your hardware wallet is lost, stolen or broken, you can easily recover your crypto by entering your recovery seed into another compatible hardware or software wallet. Hardware wallets can also generate an unlimited number of recovery seeds, so if your seed is compromised you can always generate a new one and transfer your funds.
Be smart. It is easy to fall prey to hackers and bad actors in the industry, but it is not too difficult to stay safe. Following simple rules like controlling your private key; storing a significant number of coins in cold storage; not trusting exchanges to protect your idle funds, and being careful with your hardware wallet, can go a long way in ensuring that you do not become a victim.If you wish to know more, you can reach out to the Cobo Vault team on Twitter, Facebook, or Telegram.