Amid Record Theft, How Can You Keep Your Crypto Safe?
Written by
Yaël Bizouati-Kennedy
Edited by
Chris Cluff
Commitment to Our Readers
GOBankingRates' editorial team is committed to bringing you unbiased reviews and information. We use data-driven methodologies to evaluate financial products and services - our reviews and ratings are not influenced by advertisers. You can read more about our editorial guidelines and our products and services review methodology.
20 Years
Helping You Live Richer
Reviewed
by Experts
Trusted by
Millions of Readers
A whopping $3.8 billion of crypto was stolen in 2022 — the biggest year ever for crypto hacking, a recent report found.
DeFi (decentralized finance) protocols became the primary target of crypto hackers, according to the Chainalysis report. In 2022, DeFi protocols as victims accounted for 82.1% of all cryptocurrency stolen by hackers — a total of $3.1 billion — up from 73.3% in 2021.
Unfortunately, there are no indications that hacking will slow in the near term. Trenton Kennedy, Chainalysis senior communications manager, said, “More likely than not, interoperability between blockchains will remain an important goal of the community. However, over time we hope to see hacking decrease, not just as it becomes more difficult to steal funds but also to launder and cash them out, given the transparency of the blockchain.”
Given the losses and the promise of DeFi as an antidote to some of the shortcomings that led to the collapse of FTX, Kennedy said he believes there will be more collaboration and progress in digital finance.
Transparency a Double-Edged Sword for DeFi
According to Chainalysis, DeFi is one of most compelling areas of the cryptocurrency ecosystem, largely due to its transparency — an argument many of its proponents have been louder about, especially since the demise of several CeFi (centralized finance businesses).
But that same transparency is also what makes DeFi so vulnerable. Hackers can scan DeFi code for vulnerabilities and strike at the perfect time to maximize their theft, according to Chainalysis.
“DeFi protocols are uniquely vulnerable to hacking as their open source code can be studied ad nauseam by cybercriminals looking for exploits,” Kennedy said, “even though this can also be helpful for security as it allows for auditing of the code. It is possible that protocols’ incentives to reach the market and grow quickly lead to lapses in security best practices.”
How To Protect Against Hackers
Against this backdrop, how can users protect themselves and their cryptos?
As long as crypto assets held in DeFi protocol pools and other services have value and are vulnerable, bad actors will try to steal them. The only way to stop them is for the industry to shore up security and educate consumers on how to find safe projects to invest in, Kennedy said.
Thanks!
“It’s also important to note that robust hack protection requires the industry to shore up security and law enforcement to continue advancing their ability to investigate and seize stolen cryptocurrency to the point that hacks are no longer worthwhile.”
Another reason there are so many hacks in the DeFi space is that it is still somewhat reliant on the incumbent centralized systems; and, while the space will eventually offer more security, it will take time before they are scaled for mass adoption, some experts argue.
“This reliance on existing centralized systems — such as cloud storage networks that generally feature a single point of failure — exacerbates the vulnerabilities facing those who own and use crypto assets,” said Phillip Shoemaker, executive director of Identity.com.
In turn, if you store your seed phrases on any device with a digital connection, then you’re exposing yourself to an elevated risk of hacks.
“So it’s important to never store seed phrases on any online device, and indeed it’s best to keep these seed phrases offline altogether,” Shoemaker said. “Keep your private keys offline. Scrutinize every transaction before you sign them. And generally avoid storing any critical information on centralized digital systems.”
That point is echoed throughout the industry. The “not your keys, not your cryptos” cri de guerre re-learned during the 2022 fiascos is still one of the top pieces of advice for security.
Brendon Sedo, a contributor to Core DAO, said your private keys should be kept entirely offline and hidden away as securely as humanly possible.
Better yet, he said, write your seed phrases — or recovery phrases — on a piece of paper and keep it stored in a safe place.
“Also, … when interacting with DeFi protocols or NFT products, it’s essential that you’re keenly aware of the transactions you are signing,” Sedo added. “A good many NFT users have seen their wallets drained because they signed transactions that looked legitimate but which were actually some form of a scam.
“Part of the latter issue has to do with the still rudimentary user interface of hot wallets, and certainly improvements to those interfaces in the realm of security need to be made. That said, vigilance on the part of the user is always of the utmost importance when dealing with crypto assets.”
Safeguard Your Home Wireless Connection
Other experts also point to the fact that, beyond keeping keys private and offline, many users don’t realize that things such as home wireless internet connections also could be highly vulnerable to hackers.
“Moreover, particularly when it comes to users of crypto assets, the use of smartphones on 5G networks increases your data’s vulnerability to hacks,” said Hugh Odom, founder and president of Vertical Consultants.
Even if you’ve written out your private keys on Word Document or in a notes application on your computer or phone, Odom added, the fact that your internet connection could be more vulnerable to penetration than you realize is a huge issue when it comes to being vulnerable to hacks.
“There are certainly ways to up the security of our at-home wireless connection,” Odom said. “But, as we’ve seen recently with the hacks at LastPass, for example, centralized digital systems generally expose crypto users to elevated risks. Again, keeping your private keys offline is the surest way of protecting yourself.”
More From GOBankingRates
