Cybersecurity: how to protect your crypto and avoid falling into digital crimes

Exchange or wallet?

Luciana Robba, actuary and investment advisorin dialogue with this medium, assured that there are two great options to save cryptocurrencies: self-custody and custodial (also known as non-wallets).

“To understand the difference a little more, it is important to know what is in custody and the answer is the private key. Without the private key you cannot move the cryptocurrencies of a wallet. The private key should never be shared because if you lose the private key you lose your crypto, there is no way to recover it, there is no customer support,” Robba described.

For their part, the custodial (or also called non-wallets)its main characteristics are “to give a third party the function of protecting my private key, in general are the exchanges. In this case, I assign the possession of my crypto assets to a company, that company keeps the cryptos in its wallet and they keep their private key. I give up my crypto assets, just like when I deposit money in a commercial bank.”

What are the types of wallets that exist

For its part, Daniel Feijo, director of Computer Engineering and the Bachelor of Information Technology Management at UADEdescribed to Ámbito the different wallets that currently exist.

“The virtual are those implemented by software in mobile, desktop or web applications. Some of these wallets are provided by the creators of crypto like Bitcoin or Ether,” he noted.

The other option is physical “whose implementation is done by hardware in an electronic device that looks similar to a USB token. These wallets store the user’s private keys in protected areas of the microcontrollers, which cannot be extracted from the device in plain text.”

are the calls hard wallet or cold wallet because they do not need to be connected to the internet. “A device that does not connect to the internet is by nature more secure than one that connects daily”Feijo expanded.

“There is a variety of quality and price among what can be found on electronic commerce platforms. Leder and Tezor are the dominant ones in the market, and can be obtained for prices between $25,000 and $80,000 depending on their characteristics and security levels,” he added. information.

For his part, Robba highlighted “the warm wallets It has a multi-sig system, or multisignature where two signatures are necessary. You keep a key on the cell phone and another on the company’s server, both signatures are needed for a transaction to be carried out.”

What are the safeguards that must be taken into account?

Luciana Robba points out that in the case of exchanges, it must be taken into account that “the laws of the country in which they operate can change” and that “they can be hacked, although it is very difficult for large companies to not have the necessary security systems so that that doesn’t happen.” As for those who have in their possession the private key, “The vast majority who have lost their crypto was due to forgetting the 12 words”.

“The recommendation is that for day-to-day operations they use an exchange, that is, a custodial one. And for the long term, a self-custodial one and as the capital to safeguard is greater, the greater the security that we take”, hill.

For his part, Daniel Feijo, provided a list of five tips to take into account. The first of them, use cold wallets. “They form the most robust environment by being stored on a secure device. Cold wallets identified as non-custodial (not guarded by a third party) are the ones that allow sole and complete control of crypto assets to be taken,” she said.

Secondly, keep multiple wallets. “Don’t put all your eggs in one basket or split to rule are well-known sayings. This technique is a simple and effective way to protect our crypto assets by dividing the possibility of fraud on a particular wallet.”

“In third place, set up two factor authentication. It is a computer security technique dedicated to making the application entry process, and its consequent validation and authentication, robust. The fact of having a secure password and a second or multiple validation, responding to a code sent by SMS to a cell phone (for example), strengthens access. Thus, it is necessary to have both elements to authenticate successfully,” said Feijo.

The director of Computer Engineering at UADE also recommends use a VPN (virtual private network). “This is a virtual private network, it is a network encrypted with cryptographic keys, which is built or mounted on the internet. While the internet is a public network where billions of people and devices connect freely (or with certain freedoms at least), A VPN is a private network between two or more users protected with strong encryption mechanisms. Therefore, it raises the level of security very significantly. Many people use VPNs provided by their employers, others can contract these services in the cloud or use a Free VPN. To date, there are dozens of platforms of these private networks on the Internet,” he said.

And finally recommended avoid using unregulated platforms. “It is always advisable to operate where there is regulation and protection for crypto transactions. When funds are lost, the absence of regulations makes it almost impossible to recover them. Many of the regulated exchanges are based in the United States. Trading in unregulated markets is a high-risk bet,” confirmed Feijo.

What are the most common crimes

Daniel Feijo assured that “technological progress and the techniques used by different groups of hackers or digital criminals mean that we must keep a constant eye on security to protect our wallets”, that is why in dialogue with Ámbito he reviewed the main dangers in terms of security that exist in the crypto world:

• Phishing: These threats are usually presented through email, text messages or even WhatsApp. Their objective is to trick us into giving us our access data. They ask the recipient to change their password or update data on a web page. But they are not the real pages, but rather they are impostors, and they will invite us to leave our username and password with the excuse of a change. Then, having captured our accounts and passwords, they enter the virtual wallets and commit the fraud. Another frequent operation is to sell our data and personal keys in exchange for cryptocurrencies.

• Keyloggers and malware programs: A keylogger or keylogger is a program, usually hidden and installed without the user’s knowledge, that stores the sequence of keys that we have pressed on the computer or cell phone. It is another way to get our users and passwords, to access applications or sell for cryptocurrencies. Game or entertainment programs and small but widely used applications (such as QR code readers or PDF files) contain within their source code the algorithm that performs the registration.

  Play-to-Earn Crypto hack: A special mention deserves the segment of video games where users, generally young, participate in games with the aim of acquiring the cryptocurrencies found in it. “Play to win cryptocurrencies” is an irresistible activity for those who spend a large part of their time in games designed with a high degree of addictiveness. But many of the companies that create games do not have enough investment and dedication to consider computer security a priority. Its protection capacity during development is lower compared to companies dedicated to the development of commercial software platforms. The insertion within the source code of malware and keyloggers in pirated or altered versions of the games endangers our precious username and password.

Source: Ambito