Top tips for keeping your cryptocurrency wallet secure

If you’re a newcomer to the crypto space it’s likely you’re excited about it, but at the same time worried about security because you have heard the stories about people losing fortunes just because they lost the password to their crypto wallet. On top of that, you may have searched for reliable information about keeping your wallet secure, but haven’t found it yet. It’s important that you carefully consider the pros and cons of how you ultimately decide to purchase, store and transact with your crypto. After all, if you lose your crypto it is gone forever!

How people lose their crypto

Here are some of the ways in which people have lost their cryptocurrency holdings:

Loss

• Human error

(e.g., you send your funds to the wrong wallet, you forget your password)

• Natural disaster

(e.g., your house burns down with your crypto wallet(s) stored inside it)

• Hardware malfunction/loss

(e.g., your computer hard drive holding your private keys is corrupted)

Theft

• Remote theft

(e.g., you fall victim to scams, an exchange hack, or a personal hack)

• Physical robbery

(e.g., your backpack or purse is stolen with your private keys in it)

• Government seizure

(e.g., law enforcement demands an exchange to freeze your account)

I hope none of these happen to you.

Types of wallets

A wallet is a computer programme that stores crypto. Depending on whether the wallet is connected to the internet, crypto wallets are classified as: “hot” (online) or “cold” (offline).

Hot wallets

Hot storage wallets exist on an internet-connected desktop, laptop, mobile phone or

web browser. These wallets are popular because they can be easily created and used

immediately. This means some safety is sacrificed and they are vulnerable to cyber attacks.

Cold wallets

Cold storage wallets exist on devices or physical media that are not connected to the

Internet. Often they are like a USB flash drive. They are safer than hot wallets because private keys are generated and stored offline where they can’t be accessed by cybercriminals, but they can be stolen from you through a physical robbery. The downside is that funds in a cold wallet aren’t as available for spending as those in a hot wallet. The most reliable exchanges, such as Kraken, Coinbase and Binance use both hot and cold wallets so that some funds are always available for immediate use (in hot wallets) to facilitate day-to-day transactions, while the majority are stored offline for safekeeping (cold wallets). When storing your crypto, you should take your own personal financial situation and risk tolerance into account when you  are considering which one of the following storage strategies to use.

The small investor

If you have less than $10,000 in crypto, the best advice is to keep things simple and use a reputable exchange to store your crypto. Kraken, Coinbase and Binance are the big names, but your choice may depend on where you live.

The medium investor

With $10,000 – $200,000 in crypto, you should use a hardware wallet and place a backup copy in a safety deposit box.

The large investor

If you have over $200,000 in crypto, it is recommended you need a trusted custodian, multi signature wallet technology and/or full nodes. Consulting with a professional about this is recommended.

How Do Wallets Work?

Crypto wallets function is a similar way to traditional bank accounts, in that both an “account

number” and “password” are required to access the funds held in the wallet. When you

creates a wallet, you generate a unique cryptographic key pair – one public and one private –

which allows you to send or receive crypto. The public key is like your bank account number, and the private key acts in a similar way to your banking password. Here is an example of how a wallet operates for a transaction:

Example of a Bitcoin Transaction

1. Alice owes Bob 0.02 bitcoin

2. Bob sends Alice his public wallet address to receive payment

3. Alice uses her own private key to send 0.02 bitcoin associated with one of her wallets

to Bob’s public wallet address

4. The 0.02 bitcoin sent by Alice is received in Bob’s wallet.

And that’s how easy it is.

A last word of advice

Don’t store your assets in desktop wallets, ‘brain’ wallets (i.e., memorized private key), or web wallets (i.e., private key held on a website) as these wallets offer low security. If you are going to buy a hardware or software wallet, buy it from a reputable authorized retailer and not from second-hand stores, such as eBay.

Finally, every crypto owner must have a plan for their crypto when

they pass away. If no plan is put in place, your crypto assets will die along with you.

It’s essential that every crypto owner includes their crypto asset holdings in

their will and teaches one or more trusted individuals (i.e. family members) how to access

their crypto funds in the case of severe injury or death.

Shorting: how to do it like a hedge fund

‘Shorting’ has become the talk of the town, following the GameStop share-buying story. But what does shorting really mean, and why might it have value, rather than being seen as an attempt by ‘robbing’ hedge funds to ruin a business?

A recent tweet from Elon Musk got a lot of attention:

u can’t sell houses you don’t own, u can’t sell cars u don’t own, but u can sell stock u don’t own!”

And that, in brief, describes shorting. It stems from the fact that there are always some stocks that are of “short interest”, which is finance-speak for stocks that investors believe will go down in price in the future. That’s what certain hedge funds thought about GameStop.

It may seem odd to those of us who think in terms of investing in stocks in the hope the value will go up. Shorting is just the opposite: using this method investors attempt to profit from a stock’s price going down instead of up. As Rob Isbitts says in a recent Forbes article: “short selling is to investing what sword-swallowers are to entertainers: it is way, way at the high end of the riskiness spectrum.” So, it’s not something to try at home, in other words.

How do investors ‘short sell’ stock?

It’s definitely more complicated than buying a stock and then selling it. That’s the easy option.

The thing to remember is that the stock market revolves around ‘valuing’ a business. A business launches a new product that proves popular, and its share value rises. That’s what most investors look for: a company that is producing something which is perceived as valuable. Short sellers have a very different approach.

As Isbitts’ says: “They look for businesses that the market thinks too highly of. In other words, businesses that are, in their judgement, “overvalued.”

Hedge funds and others are always analysing markets, and often they are looking for stock selling at a higher price than they believe it is worth. Now, if they buy that stock there is no way that they can make a profit from their ‘buy’, because they predict it will be going down. However, their research has shown them an opportunity to sell the stock short.

In order to do this, they ‘borrow’ shares of the company they want to short from a broker. These shares are then owed to the broker at some point in the future. When they return them, they receive the profits of the short sale. Isbitts sums it up neatly: “If the stock price goes down, those same shares will be worth less than the short seller received. That allows them to repay those shares to the broker, but pay less to do so than they received when they shorted.”

There is of course a lot of risk involved in doing this, as a few hedge funds found out after the r/WallStreetBets community pushed the share value of GameStop up.

If you invest $5000 in shares priced $50, the most you can lose is $5000. But if you enter into a short on stock that is valued at $50 per share, and the share price rises to $500, then you owe the stock back to the broker at the new price of $500, not the $50 you shorted it at. In other words, you have lost a lot of money, because you never owned the stock in the first place.

The hedge funds believed that GameStop’s share price would fall, and so initiated short sale trades, but got caught out by a large group of retail investors who followed the crowd.

Whatever Elon Musk might say, shorting is not a scam: it’s an investment position, largely based on research and opinion about a company. What happened with GameStop is not necessarily good news for the small guy. They may go searching for other companies that have been heavily shorted and attempt to repeat their GameStop action. But tracking down overvalued businesses in a bid to make money could really bite them on the ass. This has been a particularly crazy episode, and it appears the subredditors have turned their attention to silver this week. Let’s hope that in this case ‘every cloud does indeed have a silver lining’.

iPhone location tracking is a security risk

There is no such thing as absolute privacy or security for smartphone users. The only way you can have control is by not storing information that you want to keep a secret on your phone.

As Apple CEO Tim Cook said last year, “The people who track on the internet know a lot more about you than if somebody’s looking in your window, a lot more.” It should make us pause to think about how we use our phones.

Apple, according to Zak Doffman, believes it is “privacy protector-in-chief,” and iOS14 is intended to demonstrate its privacy-first approach. Doffman points to the ongoing battle between Apple and Facebook over ad tracking, remarking, “Exploitation of our personal data has become a commodity traded between the world’s largest organisations.”

However, iOS users were surprised when Apple explained its location tracking. It is an invasive feature, and as Doffman says, “a perfect illustration of just because you can, doesn’t mean you should.”

Were you aware that the location tracking builds up a data collection of all the places you have visited, including times, dates, the type of transport you used to get there and how long you stayed at the location.

Jake Moore of ESET commented, “significant locations is one of those features hidden within the privacy section which many users tend not to be familiar with. I cannot think of a positive or useful reason why Apple would include this feature on any of their devices.”

If you check out the data repository on your iPhone, you will likely see that it stores certain places, times and dates, and that is because it is trying to work out if this might be important for a photo memory or a calendar entry. But do you really want this? I agree with Doffman when he says, “I don’t need my phone tracking every single location I visit and deciding which it deems significant to save me a few seconds of effort.”

According to Apple, the device wants to “learn the places that are significant to you.” However, you can breathe a small sigh of relief when you learn that the “data is end-to-end encrypted and cannot be read by Apple.”

What this illustrates is that even though the data is encrypted, you still don’t have absolute control over the security of your iPhone. John Opdenakker, an information security expert, said, “While Apple’s encryption and device-only restriction certainly reduces the security and privacy risks, I personally switched this feature off because it doesn’t offers real benefits and just feels creepy.”  He added, “What worries me from a privacy perspective is that this feature is enabled by default and that the setting is hidden away such that the average user probably doesn’t find it.”

Don’t forget that you can turn off other location-based services on your Apple device, such as ads and alerts. Want to know where to find them all? Just go to “Settings-Privacy-Location Services-System Services-Significant Locations.”

Are you switching to Signal?

For some years now almost the entire world has been using WhatsApp thanks to it being the leading secure messaging platform. However, that is all changing  due to a slowness on the part of its owner Facebook to introduce multi-device access.

Zak Doffman comments that this has been made worse by “the fast-moving convergence of messaging and calls—and with WhatsApp calls still tied to a phone, rather than an easier-to-use large screen device, it’s becoming a major stumbling block.”

Facebook tried to rectify this by launching the cross-platform Messenger Rooms, but these don’t offer end-to-end encryption. So, as Doffman says, it isn’t an ideal way to communicate if your information is sensitive or confidential.

Admittedly, WhatsApp does do a good job of securing voice and video calls from its iPhone and Android apps, and you can now have up to eight people on a call. It also has a desktop app in the pipeline, but it’s all a bit too late.

The super secure Signal platform is beating WhatsApp. It has already started beta testing one-to-one video and voice calls from its desktop app. Group calls are not available yet, but they won’t be far away, as Signal’s recent announcement would seem to indicate: “We think that calls need to zoom out of the past and into the future, and your feedback will help us get there.” Obviously this was aimed at Zoom, which dominated work and personal conversations during lockdown.

“This release is one of the first steps towards our goal of enabling secure voice and video calls that are available on all of your devices,” Signal says, adding, “in addition to being end-to-end encrypted and free for everyone to use.”

However, Doffman points out that Signal isn’t really that concerned about Zoom,  it is WhatsApp that is the real target. And it is picking up traction with those who don’t really trust Facebook for messaging. The only downsides of Signal at the moment are first, the number of users is relatively small at the moment, and second, there are no backups yet, so if you lose your device, you lose your messages.

The recent protests in the USA and Hong Kong have highlighted the need for a more secure messaging by anyone concerned about interception, metadata or tracking. What’s more Signal is chasing WhatsApps users and is ahead of the game. If WhatsApp wants to retain its No.1 position, it needs to implement end-to-end encrypted back-ups and linked devices. Not used Signal yet? Why not install it on your phone and try it now.