Do you sometimes leave your exchange account logged in after a trading session? Would it be possible to guess or find out the recovery information to the email linked to your trading or Coinbase account? Do you ever search ‘Binance’ and then click the link instead of typing the URL directly into the browser?
If you answered YES to any of the above (or a number of other common mistakes) then you could be exposing yourself to unnecessary risk. Whilst it may seem over the top to implement all of the following recommendations, it’s prudent to take as many precautions as possible when it comes to assets as vulnerable to theft as cryptocurrency.
Whilst the current market has seen portfolios deflate in value in a seemingly never ending bear movement, I worry far more about the possibility of losing a large chunk of my portfolio malicious software than the market collapsing.
The hacking of major cryptocurrency exchanges has been a fairly frequent recurring event. From the Mt. Gox breach in 2014 of $475 million worth of Bitcoin to the more recent theft of $500 million worth of NEM from Coincheck in June of 2017.
Cryptocurrency Stored on An Exchange:
Set up a dedicated email address for each trading account.
The email account used for an exchange should have 2FA enabled and no account recovery.
Use a unique and difficult to guess email username.
Use all of the available characters for passwords.
Don’t use password combinations you also use elsewhere.
Use private browser when on an exchange and delete any history/cookies.
Do not save auto fill account details of the exchange (username and password) on your computer.
Exchange should have 2FA enabled.
Save 2FA recovery keys in a secure location.
Only keep funds you are planning to actively trade on an exchange.
Run anti-virus software regularly.
Never click on advertisements.
Always type the exchange URL directly into your browser.
Cryptocurrency Stored Off Exchange:
Use a cold storage hardware wallet bought directly from the manufacturer or use a device that has never been connected to the internet to generate wallet and private keys.
Keep private keys for your hardware wallet in a secure location.
Never discuss/disclose the value of your cryptocurrency assets in public.