Freedom and responsibility. These two concepts are extremely important, both when it comes to Bitcoin and other currencies.
They provide their users with unprecedented financial freedom, as for tens of millions of people who do not have access to banks and institutions, for political dissidents and refugees, journalists, and each of us.
It gives single freedom to an individual to be the only one who manages his funds, without the mediation of a bank, the state, or a third party.
But in return, it demands responsibility from its users. When you take responsibility for your own funds instead of the bank, you need to keep in mind some basic ways to protect your money, savings, or investment.
This text aims to introduce you to some basic concepts as well as basic best practices for protecting your digital assets.
Most practical tips may not be enough on their own, but a combination of several different methods can allow you to sleep easier and have a greater amount of comfort in storing your digital assets.
Although this topic may sound intimidating and technically demanding, in reality, you can easily make a solidly safe setting in 30-60 minutes of active work.
In this text, the subject of focus and the main examples will be the two most represented currencies – Bitcoin and Ethereum.
The principles and basic ideas are similar for many other cryptocurrencies and digital assets, but when you understand some of the basic principles of Bitcoin and Ethereum protection, it will be much easier for you to protect other digital assets. Here’s how:
Are your tokens really yours?
If you bought cryptocurrency for the first time, it is most likely in your account at the exchange office. In that situation, there is no private key that you own, but only an account with which you access your funds that are in the exchange office, but in a wallet that you do not control.
These are so-called “custodial” wallets, ie wallets where although you can use your funds, they are not fully owned by you, ie if someone came across the private keys of the wallet in possession of these funds, he could manage them without your consent.
On the other hand, these wallets have one big advantage and that is that they protect you from a certain amount of responsibility that non-custodial wallets carry with them.
In case you forget the password to access your account, your funds will not be lost, but it is possible to regain access to the account and reset it.
For most people who invest in cryptocurrencies, this is enough protection to get started.
If you use online exchange offices, it is extremely important that you also use 2FA authentication, ie the process where through another device(usually through an application on a mobile phone or SMS) you confirm your identity and gain access to the account.
Another type of wallet, which, unlike custodial wallets, offers a greater degree of security, but also responsibility while providing greater security, are non-custodial wallets.
These wallets can be software(an application or program on your computer or mobile phone) or hardware(the device you use to access your wallet), but what they have in common is that only you(or the person with the private key) are able to access your digital property.
The process of opening and securing your crypto wallet is an extremely important part of the whole process. Therefore, we will pay special attention to this.
How to secure your crypto wallet?
Whether you are working on opening a software wallet, on a computer or mobile phone, or installing a hardware wallet for the first time(a device you bought designed to store your digital assets), the procedure is very similar.
When you start setting up your wallet for your digital property, you will get several strings of numbers and letters that represent your wallet. They are:
- A public key or address is a series of letters and numbers that indicate the address of your wallet and usually look like this 3FZbgi29cpjq2GjdwV8eyHuJJnkLtktZc5 when it comes to Bitcoin or with the prefix 0x when it comes to Ethereum, for example, 0xb794f5ea0ba39494ce839613fffba74279579268. That address is public, you can treat it in a similar way as you would treat an email address.
- If we look at the Public key as an email address, we can look at the Private key as the code for that email. It allows us access and we do not share it with anyone, at any time. Another way to look at a private key is as a payment card pin – it allows access to funds.
- Seed phrase/recovery phrase is a string of 12/24 words that will be created when you install your wallet. This string of words will look like this: “test mushroom apple car flight business telegram insane cucumber police doge plummet”.
The seed phrase is a kind of master key. Even if you lose your hardware wallet, or the phone with your wallet, entering this 12- or 24-word list will allow you to have full access to your digital assets.
For these reasons, it is extremely important that the seed phrase is never, under any circumstances, published and shared. Access to this phrase is enough to lose all the funds from that wallet. If any site or other person asks you for a seed phrase, it is almost certainly a scam. These words should also not be stored on any device that has Internet access.
Your digital assets depend on keeping this key. The goal with keeping the key, as well as any other code, is to balance so that no one else gets this key, but also so that you do not forget or hide it so well that it can become impossible for you to find it.
What some basic tips are is to keep the seed phrase written down on paper(for extra security engraved in metal) and keep it in a safe, dry place where there is no possibility of it being easily destroyed.
If we imagined an ideal level of security from others, we might go to 24 countries and put a piece of a key in 24 different safes. But we can also imagine how difficult it would be to get such keys for ourselves. But the option of splitting the keys into three or four parts and storing them in different locations is good practice for an extra level of security.
It should be kept in mind that each part must remain equally safe and secure. More advanced users who need additional protection can also choose one of the companies that provides protection where several wallets need to confirm ownership in order to unlock the funds. This method is used by institutions and users who need an extra level of security and you probably won’t need it to get started.
How do I choose a wallet?
There are a number of Bitcoin software wallets on the market. Google search alone will give you a large selection of wallets. It is important to choose a wallet that has a code that has been independently verified, which is a certain security guarantee.
When it comes to Ethereum, by far the most popular wallet on the market is Metamask, which allows users to interact with hundreds of Web3 sites, tokens, and platforms.
It is extremely important to read carefully the description of each interaction of Metamask wallets with different platforms that are important to approve.
When accessing unknown and unverified sites, it is best to use a non-primary address that does not contain a large portion of your funds. Metamask wallet, due to the fact that more often than most other wallets interact with different sites and platforms, is particularly vulnerable to attacks, so it is best practice to keep a more valuable part of digital assets on other software or hardware wallets.
When it comes to hardware wallets, the two most popular and reliable wallets on the market are Ledger and Trezor.
Both of these wallets can be ordered directly from the manufacturer which is the best way to buy as it eliminates the possibility of someone having had the opportunity to install problematic software on the device.
This type of wallet is also called a cold wallet and is a very simple and secure option for storing cryptocurrencies for the vast majority of users. Most models support Bitcoin, Ethereum, as well as a large number of other cryptocurrencies and tokens, such as NFTs.
How can I stay safe online?
Never share your seed phrase, no matter how convincing a site or application may seem. It is the easiest but perhaps the most common vector of attack.
Fraudsters are also extremely good at copying different identities, whether it’s Elon Musk or your co-worker and always check who and why you’re sending funds to, even when it seems like a real request to you.