April042022
Cybersecurity and Protecting Your Investments in the Wild West of Cryptocurrency
Operations Chat
Matthew Przybyl and Troy Rodriguez
04.04.22 | Operations Chat
Although cryptocurrency is not new, Bitcoin was conceptualized when Satoshi Nakamoto released the white paper “Bitcoin: A Peer-to-Peer Electronic Cash System” in 2008, the technology and regulation of crypto is still very much in its infancy, like the early days of the internet. For those early adopters investing in cryptocurrencies, it’s critical to educate yourself before adding crypto to your portfolio.
Crypto is Feeling Growing Pains… And Criminal Activity
Crypto has become much more mainstream and accessible, with early major projects like the Genesis DAO (Decentralized Autonomous Organization) in 2016 crowdfunding approximately $150 million of Ethereum investment. Only a month later, $70 million was stolen because a bad actor was able to exploit poor coding in the contract. This exploit, like many others to follow, highlights the fact that crypto is new, and the developers creating the smart contracts that hold your money are still learning.
More recent exploits include a centralized exchange that had about $120 million in crypto stolen after private keys for two of their hot wallets were stolen. Another platform that had private keys stolen was Axie Infinity leading to $615 million in stolen crypto, making it the largest theft to date in Decentralized Finance markets. Unlike current fiat markets, the government does not insure your accounts and is still trying to understand the cryptocurrency market. Until then, there is little legal recourse for victims to be able to recover stolen funds.
How to Protect Your Crypto Assets
Now that we understand the risks and have examples of recent exploits, what can you do as an investor to protect your investments? These are common strategies you can apply to most of your technological interactions.
- DYOR – Do Your Own Research. We are under a constant barrage of information from social media, podcasts, internet posts, email, news sites, YouTube, and television. Because crypto is new, you must be diligent about looking at a project objectively. Are the team members publicly known? Can you verify the experience of key team members? Did you read their project whitepaper? Does the project have adequate liquidity? These are just a few key questions.
- If investing on a Centralized Exchange such as Coinbase, Crypto.com, Bitmart, Binance, etc., understand that you do not own your private keys. Your investments, and access to those investments, are held by the exchange. Most major exchanges help mitigate risks by holding most of your investments in a cold wallet. A cold wallet is another layer of security because it is not actively connected to the internet.
- Never give anyone your Seed Phrase. This phrase is used to secure your crypto wallet and its private keys. Often, bad actors employ social engineering tactics to get investors to disclose this information. They then have full access to any cryptocurrency stored in the wallet and can transfer it to their own wallet without the ability to recover the funds. These bad actors make notepads that use waterproof paper as well as metal plates to document your seed phrase. This is important because if you lose this information, you will lose access to your cryptocurrency.
- Ensure devices and applications used to access your crypto investments are properly secured. Mobile devices should have their storage encrypted and strong passwords or biometrics enabled. Applications should have two-factor (2FA) authentication enabled with a strong password. Most applications support 2FA apps such as Microsoft and Google Authenticator.
- Beware of Dusting. This is a process where very small amounts of random crypto tokens may appear in your crypto wallet. By interacting with these unsolicited deposits, a bad actor can de-anonymize your wallet and identify investors with large holdings. These investors are then targeted through established tactics such as phishing and social engineering.
Questions: Contact Clifford Forrester, CIO at 212.699.6710 | cforrester@berdonllp.com
Matthew Przybyl brings more than 18 years of professional technology experience in the legal and accounting industries. Matt continues to leverage his technical background to deepen his knowledge of cryptocurrency as its adoption continues to increase globally.
Troy Rodriguez is a technology-driven IT professional with more than 18 years of experience supporting various technologies in the financial services sector. As a Technical Systems Analyst at Berdon LLP, Troy is responsible for helping the firm implement new and innovative technologies to enhance the experience of both the organization and its’ clients.
