Importance of securing your crypto wallets

If you've been following crypto news, you would have heard about the hacking of coincheck, one of the largest exchanges in Japan. Their COO said the stolen funds were kept in a "hot wallet", one that's connected to the internet instead of being secured offline. Here's the full article: "http://www.abc.net.au/news/2018-01-28/coincheck-worlds-biggest-cryptocurrency-hack/9368056"

Cyber attacks on wallets and exchanges will become more and more prominent as cryptocurrency continues to grow. This serves as a timely reminder to everyone (if you have not done so already) to secure your wallets. There are many ways to do it, here's a few tips:

1. 2-Factor Authentication
   If you're storing your coins/tokens on an exchange, they will all offer 2-factor Authentication (2FA). Enable it straight away, this is a necessary bare minimum. Essentially what this does, even if your password is compromised, the hacker cannot enter your account without a secondary code which regenerates every set time period. When you enable 2FA, remember to back up your key somewhere in case you lose your phone or your phone breaks else you will lock yourself out of the account too. If an exchange does not offer 2FA, I would advise getting all your coins/tokens off it as soon as possible. The better exchanges will also alert you via email when there's been any logins which are great for you to respond quickly if there are any strange activities.

2. Online wallets
   On exchanges, you have no visibility of the wallet but instead you're provided with a username/password which probably in the backend links to an ID. You're at the mercy of the exchange in terms of allocation of funds into wallets. They will not have a wallet for everyone but instead probably maintain records of how much you have in separate database tables and store the coins/tokens in consolidated wallets. That is why people move them out to their own wallets. If you create your own wallets, it is vital (VITAL) that you remember your private keys (not just your wallet address). If you forget your key, it does not matter if you have your wallet address, you will forever only be able to view your balance and will not be able to withdraw from that wallet ever again. Like always, use 2FA and if there's no 2FA, don't use it!

3. Offline wallets
   Online wallets will always be susceptible to hacking so another way is to use an offline wallet. (Well, offline to an extent because everyone is still connected to the internet 24/7 these days) What I mean is, these wallets are loaded by applications on your machines instead of a browser page. Similar warning to the above, remember your private keys else it will be lost forever. The one I use and recommend is MEW (my ether wallet) for eth based tokens. If you are code savvy, you can download the source code to run locally.

4. Hardware wallets
   There's only one notable one at the moment which is Ledger Nano S. If you decide to buy one of these, ensure you check that the coin/token is compatible and also, do not buy second hand ones. Always buy from a reputable store because if someone has your key to the hardware wallet, they can pretty much take all you have after you've deposited (there has been stories of this on reddit).

However you choose to store your cryptocurrency, always remember the following:

• Use 2FA.
• Use a strong strength password.
• Never login from an unsafe public computer.
• Never login from an untrusted wifi connection.
• Remember your private keys.
• Check your URLs to be sure you're on the official exchanges.
• Never give your details to suspicious support emails.
• Keep your anti-virus up to date on your machines.
• Never give your private keys or passwords to anyone (unless you trust them with all your money)

If you have any other extra security advice, please do comment and share.

Keep safe and happy trading everyone!