More and more people are losing their coins to hackers and it's important to have good practices.
Here's a list of ways you can lose your wallet/coins to:
- Using a public Wifi without protection
- Using a computer/phone with a trojan
- Using the same username password for websites
- Not backing up your private key/24 word passphrase
- Giving your private key/24 word passphrase away
- Approving a smart contract designed to clean out your account
- Not using a cold & hot wallet system
- Not knowing what to do when you're being sim swapped
- Using a fake wallet/trading app
- Keeping your whole crypto stack on an exchange
Using a public Wifi without protection
Not all wifi connections are the same. There's a reason why public wifi requires you to read and accept their terms and conditions before using their wifi. Public wifi can be compromised easily and sometimes people are known to connect to a fake wifi connection which allows a hacker to see your screen, log your keystrokes (especially for passwords) and remote control your laptop/phone when you're not looking.
Using a VPN adds a layer of protection but sometimes it's best to just not use public wifi at all and use your own LTE data connection.
Using a computer/phone with a trojan
Your device may have a trojan or virus after years of surfing on the web. Depending on the virus hidden in your devices, you may be giving away your passwords or giving hackers a chance to remote control your computer when you're away and logged in to your crypto services. Some people are known to use a dedicated computer/phone for crypto use to ensure they have the maximum amount of protection and privacy for their crypto.
Using the same username password for websites
We hate memorizing different passwords and sometimes just default to using a single password for everything. This makes you vulnerable to hacks especially in the crypto space. There has been instances where major websites like LinkedIn got hacked and their username/passwords got leaded out to the internet. If you use the same login credentials to different websites, a hacker can just try your login to all major websites to gain access.
It's always important to use different login credentials for different websites.
Not backing up your private key/24 word passphrase
There will be a day when your phone or hardware wallet is damaged and you need to access it from another device. A private key or 12-24 word phrase is needed to claim your coins and not having that can render your wallet lost. Be sure to back up your private key and 24 word passphrase to ensure this does not happen.
Keeping your private key and 24 word passphrase stored safely is important too. Some people are known to break up their passphrase into two lists and store in separate locations.
Giving your private key/24 word passphrase away
Some websites may prompt users to provide a private key or 24 word passphrase. Do not provide it under and circumstances. Hackers are known to use rationales including a airdrops or hacking a legitimate website to ask people for their private key and 24 word phrase. Anyone with a private key or 24 word passphrase has control over your wallet and can clean out your wallet
Approving a smart contract designed to clean out your account
If you are using a smart contract wallet, you may be at risk when you interact with different dapps. Hackers are known to create malicious smart contracts that upon approving, cleans out a user's wallet.
Using a hot and cold wallet system allows you to limit your loss should your hot wallet approves a malicious smart contract by accident.
Not using a cold & hot wallet system
Many people make the mistakes of using only one wallet where they store their coins and all transactions. This is risky especially if their one wallet is hacked and cleaned out, they lose everything.
The transparent nature of blockchain allows anyone to see how much each wallet contains and if hackers know the identity of the owner of a big wallet, they may consider targeted attacked at that owner to clean out his/her wallet.
A hot and cold wallet system consists of two wallets. The hot wallet is the wallet that interacts with the outside world while the cold wallet only interacts with the hot wallet and nothing else. Nobody but the owner knows the existence of the cold wallet. The cold wallet is usually a hardware wallet like Ledger where interaction with the hardware wallet is needed to send any funds out.
A system like above gives HODLers an extra layer of protection such that their should their hot wallet gets hacked, they only lose what's in the hot wallet. Cold wallets are less likely to be hacked as they are not shown to the outside world, however, one need to be aware of the risk that hackers can become aware of the cold wallet through some of the other hacks mentioned in this article (compromised computer). The safest form of a cold wallet is a hardware wallet such that even if the computer is compromised, the hacker needs to have the physical hardware wallet to steal the coins. If a HODLer has over 1k of coins, the price of a hardware wallet is small compared the risks exposed.
Not knowing what to do when you're being sim swapped
Sim swaps are a thing these days as hackers are known to conduct targeted attacks on individuals known to own crypto. Unlike general phishing where they cast wide nets hoping 1 or 2 people will respond to a scam, targeted attacks consists of a hacker doing research on a target to collect key information that could be used as a secret question (eg. Highschool you went to, mother's maiden name or parent's city of birth). A lot of this information is available on social media and others can be acquired from social engineering.
Armed with these information, the hacker convinces the minimum wage tech support personnel at your phone provider to swap your phone number to their sim card. From there, they gain access to your email and centralized crypto services.
Many hodlers aren't prepared for a sim swap, they get locked out and end up losing their coins. It is important to know how to respond and potentially conduct a security review of your email system.
Having 2 factor ID via Google Authentication helps as it adds a layer of protection that can only be unlocked by the Google Authentication app on your phone (not sim card). Conducting sim swap drills can help too.
Using a fake wallet/trading app
The rise in cryptocurrencies has led to people downloading random wallet apps on their phone. Some include fake wallet apps where people send their hard earn crypto to only to learn the wallet app siphoned the crypto away while others download malicious apps that allows a hacker to keylog or remote control one's device.
Only use trusted wallet apps and do your own research on which wallet apps work for you.
Keeping your whole crypto stack on a centralized exchange
Throughout the history of crypto, over 50 exchanges disappeared leaving their users out in the cold. While centralized exchanges are starting to innovate coming up with additional services for users to keep their coins on their platform, you have to ask yourself how much are you willing to risk and lose.
The biggest mistake one can make is to leave their whole crypto stack on an exchange or service. There's a reason why whales like Michael Saylor are keeping their coins on a hardware wallet instead of on a centralized service earning 10% APY interest. The risks are too great and there's no mechanisms for recovering people's lost coins.