Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Is your crypto wallet secure?

It’s all about the keys 

Cryptocurrencies and their switchback rise and fall continue to grab news headlines, prompting security fears among more cautious investors. It helps to have a clearer understanding of the actual threat to one’s private wallet, as Sepior explains

The Interviewer asks: “So, Professor, the public needs to know: can parents be one hundred percent sure about the safety of their child when it takes your vaccine?” The professor is angry and frustrated – wanting to say that the child will be safer than if it does not take the vaccine. But that might be interpreted as  “evading the question”.

It is a real dilemma: people tend to think of “security” as an absolute. We are often asked about some internet-connected online service:“is it secure?” – as if security was the definitive state of being one hundred percent free from any risk or harm. The unfiltered reality is:“no, there are no definitively secure solutions for any online service, including crypto wallets”.

Like the interviewer, they are asking the wrong question. It would be more relevant to ask:“is my crypto wallet suffiicently secure that no-one is likely to invest the time, effort and expense necessary to defeat the system and steal the funds?” Of course, the unfiltered answer to that question is “it depends”.

If, for example, we’re talking about a single, privately owned and controlled wallet that is securing the private keys for some $100 in cryptocurrency, the answer is almost certainly “yes, it’s good enough”. Highly skilled cyber adversaries would hardly invest the time and resources needed to defeat an even minimally secured system for just $100.

If, however, we’re talking about an exchange that is managing the security for thousands or millions of customers’ wallets – collectively representing hundreds of millions of dollars –then it would take a substantially more secure solution to be “secure enough”.Any hacker could justify the enormous time, effort and expense required to reap such a massive reward.

A quick review of publicised theft metrics through the end of 2018 illustrates that most crypto criminals are indeed focused on exchanges. During 2018 nearly 96% of all publicized 2018 cryptocurrency thefts were from exchanges, versus 4% from privately controlled wallets. Since Bitcoin was launched in 2008, a total of over $1.5B in crypto assets have been stolen from exchanges. Of those losses, more than half occurred in 2018 – $950m stolen in 2018, up from $266 in 2017 – suggesting that cybercriminals are becoming more sophisticated and that hacking risks are increasing.

So the big, scary news headlines about cryptocurrency theft are predominantly about theft from exchanges – the equivalent of physical bank robberies. Whereas theft from your private wallet is more like the risk of being mugged in the street. So, what is the actual risk? How would a hacker steal from your private wallet?

There is a common misconception that your crypto wallet actually stores and protects your cryptocurrency coins. In reality, no coins physically exist –instead the quantity and type of coins associated with your account are recorded on the blockchain ledger. All that your wallet stores and secures are the cryptographic keys that are used to generate a unique cryptographic “signature”. This signature is used to authorize the withdrawal of a specific amount of coins for a specific transaction from that ledger. Without that key, and the generated authorization signature, no coins can be transferred from your account.

Should, however, your private cryptographic key be lost or stolen, your funds would also be lost or stolen. Your wallet is only as secure as your private key. This is familiar territory, for securing a cryptographic key is like securing any other key – such as a password or PIN – and the same rules apply. For example: you must be very careful about writing it down in an insecure location or sharing it with other people. Above all, be aware that hackers are more likely to try to trick you to betray your key via “social engineering” such as phishing messages. As with the adoption of two (or more) factor authentication, wallets can also be secured in such a way that two or more keyholders’ signatures are required to open the wallet.

So the question “is your crypto wallet secure?” is really a matter of “are your capable of keeping your cryptographic keys secure?” For a private individual it is just like securing any other type of key. But if the wallet is a large one shared between business partners, then it becomes more attractive to hackers and you may need to look into recent advances in multi party approved wallet.