Last updated on September 21st, 2017 at 09:31 am
Today’s topic is Bitcoin Safety. Throughout the years, there have been numerous cases of people who have had Bitcoins lost, stolen or scammed out of their hands. In today’s episode, we’re going to talk about how to become a “Bitcoin Safety” expert so these things don’t happen to you.
Before we get started though, I want to bust one myth some people who are new to Bitcoin often have. A lot of people think that because Bitcoin is digital it can be hacked and manipulated. Also, due to many cases of theft people sometimes think Bitcoin isn’t safe. That couldn’t be further away from the truth.
Bitcoin, the currency and the technology behind it, has proved to withstand numerous attacks throughout the years. The weak link in Bitcoin’s security is usually the people who handle it. Whenever you hear that Bitcoins were stolen, it wasn’t because there was a problem with Bitcoin’s technology, but because whoever was holding those Bitcoins wasn’t careful enough.
Saying Bitcoin isn’t safe because you hear a lot about stolen Bitcoins is like saying the dollar isn’t safe because you hear that there are a lot of robberies going on. With great power comes great responsibility, and as long as you follow the steps we’ll go over in today’s lesson you’re Bitcoins will be safe and sound.
Let’s get started!
If there was only one thing I could teach you about Bitcoin safety it would be this: “You, and you alone, should know the private key to your Bitcoin wallet.” As we discussed in the last lesson, the private key, or seed phrase, is like the combination to a safe. Whoever knows your wallet’s private key can take control of your Bitcoins.
If you’re using a Bitcoin wallet that is supplied by a third party, it means both you and the third party know the private key. If that company wants to shut down your account or even just run away with your Bitcoins they can.
Storing your Bitcoins on a third party wallet is similar to putting your money in a bank – you don’t control the money, the bank does. At times you’ll need to use third party wallets, either from a convenience perspective or if you want to buy or trade Bitcoins. That’s totally fine. Just make sure you’re aware of the risk, put as little money as possible in these wallets and verify that the company or website supplying the wallet is trustworthy before doing so.
For larger amounts of Bitcoins, always use hardware wallets. They are the most secure form available for storing Bitcoins today. They come at a price because it’s a physical item you need to buy, but it’s worth the peace of mind.
Now let’s talk about how to avoid losing your Bitcoins.
Losing your Bitcoins is a term used for describing someone who lost the access to his private key. For example, there’s a known story about a British guy who threw away an old hard drive that also contained his private key. He later discover that the private key belonged to a wallet containing 7,500 Bitcoins which are now lost forever, since there’s no way to recover the private key once it’s lost. That’s over $10 million!
Because the private key is so important, you should store a backup of it somewhere. This means writing it down on a piece of paper or making a copy of it on a flash drive or any other form of storage that can’t be reached remotely. For maximum security, make sure to encrypt it as well. Many wallets today allow you to add an encryption when you export the private key to a file through the use of a password.
Some wallets will supply you with a seed phrase of 12 or more words instead of the private key. If that’s the case, make sure to write them down in a safe place.
There are several reasons why it’s so important to backup your private key:
For starters, if your computer gets hacked, you may still be able to send your Bitcoins to a new wallet if the hacker hasn’t gotten to them yet.
Also, in case your wallet gets damaged or destroyed, you will be able to import the private key to another wallet and reclaim the coins.
To conclude, treat the private key as you would treat a precious item like gold or jewelry. Keep it hidden and safe.
Moving on, let’s talk about how to avoid Bitcoin theft
Online wallets and exchanges are the weakest links in terms of Bitcoin theft. The easiest way to avoid theft from these sites is not to keep any Bitcoins on them. However, sometimes it’s inevitable to keep funds in an exchange or an online wallet. For example, if you want to trade frequently or if you’re using a certain wallet for online games.
If that’s the case, it’s important to secure your online Bitcoin accounts with a strong enough password. Here are some general rules for creating a strong password:
- The more characters the password has the better. Aim for at least 8 characters.
- Try to create a mix of lower and upper case letter and non traditional characters like exclamation marks, hyphens and so on.
- Don’t reuse passwords from other accounts.
Of course, the best passwords are the ones that are just a random string of text, numbers and symbols, but they are also extremely hard to remember. That’s why I strongly recommend you get some sort of password manager to help you generate and keep track of your passwords. There are several free options available on the market.
Another way of remembering strong passwords is using numbers instead of certain letter as shown here:
Th!5 i5 a 5tR0ng Pa5sw0rd
These rules should be exercised each time you open a Bitcoin related account, choose a PIN code for your wallet or choose a passphrase for encrypting a file. For example, if you have the option, choose a PIN code for your mobile wallet with 8 digits instead of the standard 4 digit PIN.
Last, but not least, whenever possible try to enable Two-actor authentication for your accounts. Two-factor authentication, also known as 2FA, is a method of confirming a user’s identity through two separate components. In most cases, it would be something a user has and something a user knows. Let me explain..
A good example from everyday life is the withdrawing of money from an atm; only the correct combination of a bank card (something you have) and a PIN (something you know) allows the transaction to be carried out.
In the case of online accounts, the something you know will be the password to the site and the something you have will be a mobile phone that will receive a text message containing a PIN code when you try to log in.
This way, even if a hacker manages to uncover your password he still can’t log in until he physically puts his hand on your mobile device.
HOWEVER, if you use a normal text message a hacker can still manage to intercept the message as it’s being sent to your phone. That’s why it’s important to use dedicated 2FA apps that are much more suited for this task. Some of the more popular 2FA apps today are Google Authenticator and Authy.
One thing we tend to forget is what network we are using to access online Bitcoin services like exchanges and wallet. Make sure to access sensitive information only on trusted networks that are properly secured.
For example, use your password-protected home or mobile network only and never use a public wi-fi network to access a Bitcoin service. Of course the password for your router should also follow the rules we just talked about. Public wi-fi networks are extremely vulnerable and hackers can eavesdrop on your session.
If you have to use a public network, make sure to connect through a Virtual Private Network, also known as a VPN. VPNs are programs that hide your online footprint and encrypt your data making life extremely hard for hackers. We’ve recently listed some of the best VPNs available and many of them also have a free service option.
Another very important security measure is to make sure the site you’re connecting to uses a secure SSL connection – this means you should see https:// and not http:// showing up in the address bar.
Now let’s talk about how to avoid Bitcoins scams.
It seems like every other day another Bitcoin scam is exposed. The most popular scams around today are phishing scams and Ponzi Schemes.
Phishing emails and websites pretend to be legitimate sites, but they actually steal your information. People arrive to these sites through malicious emails or ads and will think they are on the official site. Once they enter their username and password on the fake site, the hacker who created the site will use intercept them, access the real site and steal their coins.
So how do you identify a phishing site?
First of all, take a look at the address bar and make sure the domain is spelled out exactly as it should.
Second, make sure the site uses a secure SSL connection as we’ve discussed before – this means you should see https and not http showing up in the address bar. Most phishing sites don’t have an SSL certificate, although there may be exceptions.
Phishing emails work in a similar way. The email seems to be sent from an official Bitcoin wallet or exchange, however when you click on the link inside the email, you’ll be forwarded to a phishing site or have malicious software installed on your computer.
Whenever you get an email from any Bitcoin service make sure that:
- The sender’s email is from the domain of that service and not some closely-ooking alteration.
- Most services that you sign-up with know your name and use it in their emails. So if you are addressed as “sir” or “dear customer” see that as a warning.
- If the there’s a link inside the email, check that it leads to the official domain BEFORE clicking it. This can be done by right clicking the link, choosing “copy link address” and pasting the link on a text document.
- Don’t ever open any email attachments from unknown senders.
Other forms of scams include Ponzi Schemes.
A Ponzi Scheme is an investing scam promising high-rates of return with little risk. The Ponzi Scheme pays out the older investors by taking money from new investors. At some point the Ponzi Scheme operator usually disappears with the investors money.
Most Bitcoin Ponzi Schemes today appear in the form of cloud-mining sites or coin doublers. These are sites that will promise you high-rates of return on your coins on a daily basis and, after a while, will disappear with your money. So, how can you verify that a site is legit?
Well, we’ve created something called the Bitcoin Scam Test on 99Bitcoins that helps you analyze different websites and get a pretty good idea of which are legit and which are not. It takes about five minutes to analyze a site and it will save you a lot of money.
Before we conclude, here are some additional tips for Bitcoin safety:
Whenever you’re sending money to an address, remember that Bitcoin transactions are irreversible. Once the money is sent, there’s no “insurance” and you can’t get it back. For this reason, make sure to always double check that the address you’re sending the money to is correct.
Never type the address in manually since Bitcoin addresses have a lot of characters and you may make a mistake. Either copy and paste the address or use the QR code of the address to scan it.
Also, make sure you trust the person you’re sending money to. If you don’t trust them, you can always use a third party escrow service that you both agree on. One very popular escrow service is Bitrated where you can choose known figures from the Bitcoin community as arbitrators in case of a dispute.
Finally, if you’re conducting small amount transactions, one confirmation may be enough to send over the goods to a counterparty. But if you’re dealing with large amounts, wait for at least six confirmations in order to be sure that the transaction is irreversible.
Well, that’s it for today. If you’ve made it this far, you’re now an expert on Bitcoin safety. But knowing is only half of the battle. It’s now time to put all of what you’ve learned into practice, so here’s a short recap:
- Keep your private key safe and back it up.
- Large amounts of Bitcoin should only be kept on hardware wallets and not in exchanges or online wallets.
- Have strong, unique passwords and 2FA enabled for all of your online Bitcoin services.
- Never connect to Bitcoin services through public internet connections. If you have to, use a VPN.
- Be cautious of emails and websites pretending to be sent from Bitcoin service providers.
- Use the Bitcoin Scam Test to uncover Ponzi Schemes.
- Remember that Bitcoin transactions are irreversible, so make sure to trust your counterparty, double check the address before hitting send, and wait for at least six confirmations before shipping out any goods.