Taking Crypto Security More Seriously, Recently Moved Most of my Coins Off Exchanges

in #cryptocurrency7 years ago (edited)

We all know about Cryptocurrency "best practices". They involve things like...


  1. Using a hardware wallet or paper wallet for longterm storage of coins we plan on keeping for a longtime.
  2. Not keeping a lot of money on exchanges, and not keeping money on exchanges were not actively trading with.
  3. Spreading ourselves out across multiple exchanges, don't be 100% into a single exchange.
  4. Have a computer strictly for crypto.


We've all heard these things, we all know they are the smart ways to store and handle our cryptocurrency. That said whether it be because of lazyness, exchange withdrawl fees, or any host of a number of other reasons many of us don't necessarily practice what we preach or don't do what we know we should.

I'll be the first to admit I'm guilty of this. Sure my Trezor can hold a lot of coins, but there's also many coins it can't hold like NEO and NAV among dozens of others. Also exchange fees, the fees to take most coins off of exchanges are pretty stiff meaning we lose a lot of money everytime we move money off an exchange to a wallet. For these and a host of other reasons many of us don't take security as seriously as we should.

Following the recent Bitgrail incident, the NEM hack, and other instances of people losing money from the past, I've recently started taking protecting my coins more seriously.


How I'm Being More Safe With My Crypto

  1. I've decided to consolidate the number of coins I hold. The days of having a crypto portfolio of 20, or 30, or 50 coins is behind me. Sure I may scatter $50 across some longshots, but that can stay on an exchange. I've decided for most of my money to consolidate myself into a handful of coins such as Bitcoin, Ethereum, Litecoin, NEO, Stellar, NAV, and Lisk. BTC, ETH, and LTC can go on my Trezor. NEO, Stellar, and NAV can go into their prospective wallets. Just to mention a few, the NEON wallet for NEO is AMAZING. Incredibly easy to use and you earn gas. For NAV I'm a huge fan of the NavPay wallet for mobile for smaller amounts of money and the Nav wallet for your computer allows you to stake and earn either 4% or 5%, I don't recall if they've dropped the staking reward yet.

  2. 2FA, two factor authentication is incredibly important, it's something we all should be using and I would imagine most of you guys are. But quick question. How many of you backed up your Google Authenticator seed? When you create a new Google authenticator code you're shown the recovery seed one time, if you don't save it or write it down you'll never see it again. Unlike Authy, there is no way to see it again or back it up again. I forgot to save mine and have been hesitant to delete it and re-install. I'm finally getting around to it, I'm going to have to turn off 2FA on all my accounts, delete the Google Authenticator App from my phone, re-install it and then re-enable 2FA. Why this is so important is if my phone dies, falls in water, if I lose it, etc I lose access to all my trading accounts. This, if it were to happen, would require a long painful process of reaching out to all exchanges, telling them what happenned, providing my ID's probably a half dozen times, and hopefully within a few weeks having them unlock 2FA so I can trade again. I'd hate to have this happen so I'm being proactive and getting everything re-enabled with a Google Authenticator account I actually have backed up.

  3. Moving coins off exchanges and to wallets. I know it sucks, we all hate withdrawl fees. That said I'd rather lose a small percentage of my holdings to fees than lose it all to a hack or databreach. Now in reality if were using Tier 1 exchanges like Bittrex and Binance, maybe in your opinion Tier 1 exchanges are different than those two, but those are two I think highly of. If your using Tier 1 exchanges in reality your pretty safe. That said if your using more obscure exchanges like YoBit, HitBTC, BitGrail, I'd be very careful about how much money I leave on there and how long I leave it on there for.

  4. Using a crypto only laptop. I realize this is tough for many people to do. Not all of us have multiple laptops nor do some of us have the funds to buy multiple laptops. Not only that but many of us like to be able to access crypto from work, on the go, from home and this does make this more inconvenient. That said it's safer. Something I'm doing is wiping an old laptop I have and moving all my wallets over to that laptop. I will only access desktop wallets from this particular laptop.


Now you don't have to follow every one of these steps, but I do think it's something to keep in mind. I'll be honest, despite giving advice to people new to crypto I often tell them these things, while not always following this advice myself. After seeing many people I know personally affected by the BitGrail incident it's forced me to re-examine my security.

Curious to hear from you guys? What are your crypto best practices you follow? What are your weaknesses?

Sort:  

Very good post, lots of good information you’ve made me think about a few things I to will have to look at my 2FA myself I didn’t back up my google Authenticator bugger . I’m hoping on getting a new laptop very soon so it should help would you know if a mac is more secure?. Thanks mike

Hey @mikenevitt I also didn't backup my 2FA, made me very nervous having to turn it off on all my accounts and turn back on so tried to get as many coins off exchanges as I could and tried to consolidate my coins on the few exchanges I am on. There's been a few instances where I almost lost my phone or thought my phone died out and got really nervous as I imagine an exchange like Coinbase could take weeks to answer your support ticket and get you back online.

In regards to macs vs pc's, I've always heard macs were more secure if for no other reason than most viruses and malware were made for windows but these days with so many people using macs not sure if that still holds true. I think the biggest vulnerability we have is user error ie clicking a fishing link or something like that.

Thank you very much for your reply and help it’s very much appreciated cheers mike

Good post. I'm going to have to chew on some of this stuff. I don't currently have a cold wallet. My stuff is sitting on exchanges like you're referencing. About two weeks ago bittrex was having some issues and people couldn't log on for a day. I was convinced a hack had taken place and that I had lost everything. Thankfully that didn't happen, but it really made me think about the need for a proper wallet. I'm still really really new to all this stuff, though. Didn't know there were tier 1 or tier 2 exchanges. I'm on binance, but just got accepted on bittrex and think I will move my stuff there.

Thanks again!

Did Bittrex openback up registrations?

I personally think of Bittrex and Binance as being top end exchanges where as personally I wouldn't trust a cryptopia, HitBTC, Yobit, etc nearly as much as Binance and Bittrex.

If you plan on being involved in crypto for the longterm, and or plan on putting significant amounts of money on I'd buy a Trezor. Ledger holds more coins and is a little cheaper but Trezor seems to be more userfriendly. They hold a good assortment of coins plus all ERC20 tokens as well.

If you have NEO or NAV those are two very user friendly wallets as well.

Bittrex has not opened up registrations yet, but I wrote to their support asking them to let me open an account and they did :)

Yeah, I think I'll need to invest in Trezor soon.

That's awesome never hurts to ask. Back when everyone was waiting to get on Amazon Merch a few people took it upon themselves just to email support and asked and many people got on so awesome taking the initiative htere.

Yeah definitely recommend a Trezor, if you have any questions when you get yours hit me up, I had mine setup in about 5 minutes, very easy to use

Thanks so much for the offer. Might take you up on that. Seems quite scary at the moment to offload crypto into a device for some reason, but I do understand that it's the safest step.

Yo, have a great Tuesday!

I would say just for fun if you havn't done it yet setup an Electrum wallet. It's not quite the same as Trezor but you'll get experience with writing down a seed phrase, then delete the wallet and try to recover it. Just do that to get comfortable. Once you get your Trezor there's a bunch of step by step youtube videos that will walk you through the process but I'd be happy to help if you have any questions.

Great advice. I only recently became aware of the Google authenticator seed issue and I know on older accounts I don't have it. stopping 2FA and wiping out the app is going to feel like jumping a gap!

Premium tips, I follow some, I believe nobody is 100% safe and it's really annoying but we have to be carefully and follow some steps if we want to be our own bank. Awesome info.

Can’t wait for pillar to launch their wallet. I am trying to keep most of my coins off of exchanges as well. Better to be safe than sorry. I kinda like the idea of paper wallets in a bank security box.

What is Pillar I'm not familiar with it? Is it a project like Ethos like a wallet for all coins?

Some of the withdrawal fees are insane, but I agree that everyone should be moving out most of their holdings off of exchanges. You know the other good thing about cold storage? Even if i wanted to panic sell I wouldnt be able to because Im keeping it somewhere else... LOL Another tip I would add is that people need to stop bragging about the size of their portfiolios to the public. Sure you might think everyone you know is honest..but is everyone who they know honest? You never know... Someone I know who used to talk about crypto pretty publicly and bragged mid last year about how he bought ETH at $6 oddly doesn't talk about it anymore. I think its because he doesnt want to get hacked or robbed. I think thats a smart move nowadays.

Yeah you keep hearing stories about people who get held up for their crypto. I dont tell people about my holdings not only for that reason but I also don't want people thinking I'm gonna pickup the tab at dinner or buyer them nicer gifts for their birthday lol, half kidding haha

https://www.coindesk.com/man-stole-1-8-million-ether-armed-robbery-prosecutors-say/

Good sound advice! Well written post!

Type of article that will do well! Upvoted!