With cryptocurrencies becoming more mainstream, learning how to protect your investment has become more critical than ever. Getty
With cryptocurrencies becoming more mainstream, learning how to protect your investment has become more critical than ever. Getty
With cryptocurrencies becoming more mainstream, learning how to protect your investment has become more critical than ever. Getty
With cryptocurrencies becoming more mainstream, learning how to protect your investment has become more critical than ever. Getty

Business

Money

How to protect your crypto investments from hackers

Cyber criminals helped themselves to nearly $2bn worth of cryptocurrency this year

Vikram Barhat

November 24, 2022

  • English
  • Arabic

Crypto hackers have been busy lately. Hardly a day goes by when we don’t read another dramatic headline about a multimillion-dollar crypto scam.

Cyber thieves purloined a whopping $4.5 billion worth of digital currency in 2021, doubling their bounty from 2020.

Cyber criminals helped themselves to nearly $2bn worth of crypto this year alone, clocking a 60 per cent jump in such transgressions.

These frequent crypto-related crimes are the proverbial salt on the wounds of investors already smarting from the precipitous and unrelenting fall of crypto prices across the spectrum.

Worth more than $3 trillion barely months ago, the crypto market value has now sunk to $1tn, as of November 7, according to Coinmarketcap.com.

Worse yet, crypto transactions are irreversible - once stolen, digital assets are often lost for ever.

Crypto theft isn’t a risk that’s going to disappear overnight. With crypto becoming more mainstream and attracting more investors, learning about how to protect your crypto has become more critical than ever before.

Read on to learn how to be an astute — and safe — crypto investor.

Threats to crypto safety

Blockchain, a digital ledger for transactions, forms the backbone of cryptocurrencies.

Its decentralised nature and lack of intermediaries makes a blockchain vulnerable to sophisticated hackers who can find safety gaps in the tech infrastructure of crypto exchanges and online trading platforms, and exploit it to drain crypto accounts.

“Vulnerabilities can happen through a variety of ways: both simple bugs, but also design flaws that open the door for attacks,” says Christian Seifert, security researcher at Forta, a real-time detection network for security and operational monitoring of blockchain activity.

Lack of awareness among investors and failure to take adequate security measures is another area crypto thieves look for.

____________

Watch: what is Bitcoin and how did it start?

Hacking risks can also take the form of malicious links or malware that are designed to steal private information.

Phishing remains the most common cause of theft in the crypto industry. Swindlers design phishing websites that mirror established brands and trick users into giving up personal financial information.

“A major way that end users are impacted is through private key theft and ice phishing attacks,” says Mr Seifert.

“Both are social engineering attacks where users are tricked into disclosing information or signing transactions that give attackers access to a user’s digital assets.”

Account takeover attacks have also been on the rise. Criminals are using this automated scam to take over people’s online accounts using bot-driven hacking techniques, including credential stuffing or credential cracking.

Once perpetrators take control of accounts of popular businesses, they redirect users to fake websites to either drain crypto held in wallets or steal seed phrases — a list of 12 to 24 words that can be used to access funds in a crypto storage.

Storage choices

Custodial wallets, cold wallets and hot wallets are some of the most common storage options used by crypto investors to secure their coins and private keys.

For the average crypto investor, custodial wallets are the default storage option as they’re held and operated by crypto exchanges.

Cold wallets are offline hardware wallets regarded as arguably the safest bet for holding cryptocurrency. It’s an external storage device, like a memory stick, and is not connected to the internet.

Hot wallets, by contrast, are internet-connected desktop, mobile and web-based applications.

In crypto wallets, “digital assets are stored on the ledger, or the blockchain, and wallets manage the keys that allow one to operate on these digital assets”, says Mr Seifert.

“Hot wallets store these keys locally on your device [and thus, they are subject to being stolen] whereas cold wallets are disconnected, making it much more difficult to steal the keys.”

Unlike custodial wallets, held by third parties, non-custodial wallets allow users full control over their assets. They eliminate the danger of unauthorised access of your account information.

Whereas hot wallets require users to be technical savvy, cold wallets don't so much. Hot wallets used to access or store crypto within centralised exchanges require labyrinthine registration and verification processes and require a tremendous amount of trust that a big tech company will not steal or cut the user off from their digital assets.

Protecting your crypto

Offline crypto storage is widely regarded as the safest option, used both by individuals and exchange platforms to secure their digital assets.

When digital assets are stored with an exchange, you are delegating the management and safety of those assets to that entity.

“Exchanges have instituted best practices to secure your digital assets and theft from exchanges have been increasingly rare,” Mr Seifert says.

____________

Cryptocurrencies — in pictures

  • The crypto market, which includes currencies such as Bitcoin, pictured, has lost $2 trillion of its value in six months. Unsplash
    The crypto market, which includes currencies such as Bitcoin, pictured, has lost $2 trillion of its value in six months. Unsplash
  • The price of Ethereum, the second largest cryptocurrency by market size, has fallen by 70 per cent this year. Investors and analysts are watching to see if it will dip below $1,000. Unsplash
    The price of Ethereum, the second largest cryptocurrency by market size, has fallen by 70 per cent this year. Investors and analysts are watching to see if it will dip below $1,000. Unsplash
  • Dogecoin, supported by Elon Musk, is about 90 per cent down from May last year, yet it is outperforming Bitcoin and Ethereum in the current crash. Unsplash
    Dogecoin, supported by Elon Musk, is about 90 per cent down from May last year, yet it is outperforming Bitcoin and Ethereum in the current crash. Unsplash
  • The government of El Salvador has invested $105 million in Bitcoin. President Nayib Bukele's embrace of the cryptocurrency as legal tender is being questioned as the market crashes. Getty
    The government of El Salvador has invested $105 million in Bitcoin. President Nayib Bukele's embrace of the cryptocurrency as legal tender is being questioned as the market crashes. Getty
  • Changpeng Zhao, founder of crypto exchange giant Binance, has compared the current market turmoil to the dotcom bubble of the early 2000s. Still, the company is aggressively pursuing licensing in international jurisdictions and introducing new products. Getty
    Changpeng Zhao, founder of crypto exchange giant Binance, has compared the current market turmoil to the dotcom bubble of the early 2000s. Still, the company is aggressively pursuing licensing in international jurisdictions and introducing new products. Getty
  • Tether is the biggest issuer of stablecoins, a type of cryptocurrency pegged to a traditionally stable asset like the US dollar. Most stablecoins are meant to maintain a constant price of $1 and are backed by real reserve funds, making it easy to convert crypto investments into cash. But Tether's financial statements show that may not be true, leaving the issuer and its investors vulnerable. Unsplash
    Tether is the biggest issuer of stablecoins, a type of cryptocurrency pegged to a traditionally stable asset like the US dollar. Most stablecoins are meant to maintain a constant price of $1 and are backed by real reserve funds, making it easy to convert crypto investments into cash. But Tether's financial statements show that may not be true, leaving the issuer and its investors vulnerable. Unsplash
  • The recent crypto crash can in part be attributed to the collapse of TerraUSD, a stablecoin pegged to the US dollar through algorithms and linked to a "sister" cryptocurrency named Luna. When the price of Luna plummeted, TerraUSD also fell, creating a “death spiral” to practically zero for both coins. Unsplash
    The recent crypto crash can in part be attributed to the collapse of TerraUSD, a stablecoin pegged to the US dollar through algorithms and linked to a "sister" cryptocurrency named Luna. When the price of Luna plummeted, TerraUSD also fell, creating a “death spiral” to practically zero for both coins. Unsplash
  • On June 12 crypto lender Celsius Network said it had paused customer withdrawals, saying it needed “to stabilise liquidity and operations”. Investors are still waiting, with no signs that the current meltdown will let up. Getty
    On June 12 crypto lender Celsius Network said it had paused customer withdrawals, saying it needed “to stabilise liquidity and operations”. Investors are still waiting, with no signs that the current meltdown will let up. Getty

Non-custodial wallets, particularly cold wallets, put the onus on the owner for managing and securing their keys.

There are three distinct aspects to securing a cold wallet, says Walt Greene, founder, inventor and chief executive of QDEx Labs, a cybersecurity and blockchain development company.

“Keep your chosen physical storage device in a safe place — preferably in a safe until you need to use it,” he says.

Second, store your recovery phrase offline, in a safe. This provides you the ability to restore “the entire wallet’s contents if something were to happen to it and grants access to all your private keys”, says Mr Greene, who advises against saving a recovery phrase on any device connected to a network since it can be accessed by skilled hackers.

“Written format is preferable,” he stresses.

Third, your private keys are specific to a coin/blockchain via a unique address and should be kept in a secure place in written format, preferably in a physical safe and “always immediately disconnect your cold wallet from the device you are performing a trade on when finished”, Mr Greene cautions.

Keep your IDs non-obvious and passwords as strong as possible such as mixtures of “nonsense letters, phrases and words that have no correlation to each other along with numbers/symbols scattered throughout”, he says.

The more complex, the better, and write it down. Make sure you are on the right website (URL) every time you log in.

____________

Watch: take a look inside Thailand's cryptocurrency cafe

“Never enter your private [ID/password] information anywhere other than the proper log-in screen,” says Mr Greene, who urges investors to never share their seed phrase, ID or password with anyone who says they need it to transfer you anything.

To make it more foolproof, avoid using the same password for multiple accounts.

Cybercrime experts suggest using a password manager, an encrypted digital vault that safely stores password/login information for apps and accounts on your digital devices and websites.

“For the average user,” Mr Seifert says, “I would recommend custodial wallets as one delegates the responsibility of managing wallet keys to professionals.”

This can be beneficial both in the event of a key loss or a cyberattack.

Final word

The threat landscape is constantly evolving and attackers are innovating to steal digital assets. In recent years, this has even led to well-funded state-sponsored adversaries to be active in this space.

“Overall, the industry has recognised the need for built-in security features, understanding the threat landscape in real-time,” says Mr Seifert.

End users need to demand security from the platforms and wallets they are using, he adds.

That said, save for not investing in crypto at all, nothing is watertight when it comes to crypto safety, warns Mr Greene.

“Because many attacks are based on social engineering [meaning techniques that rely on human failing, not the technical prowess of a potential hacker], nothing will ever be 100 per cent safe from theft,” Mr Greene says.

As crypto holders, therefore, keeping your assets safe, taking maximum precaution and putting protective measures in place is your responsibility.

'The Batman'

Stars:Robert Pattinson

Director:Matt Reeves

Rating: 5/5

Tips%20for%20travelling%20while%20needing%20dialysis
%3Cul%3E%0A%3Cli%3EInform%20your%20doctor%20about%20your%20plans.%C2%A0%3C%2Fli%3E%0A%3Cli%3EAsk%20about%20your%20treatment%20so%20you%20know%20how%20it%20works.%C2%A0%3C%2Fli%3E%0A%3Cli%3EPay%20attention%20to%20your%20health%20if%20you%20travel%20to%20a%20hot%20destination.%C2%A0%3C%2Fli%3E%0A%3Cli%3EPlan%20your%20trip%20well.%C2%A0%3C%2Fli%3E%0A%3C%2Ful%3E%0A
What is the Supreme Petroleum Council?

The Abu Dhabi Supreme Petroleum Council was established in 1988 and is the highest governing body in Abu Dhabi’s oil and gas industry. The council formulates, oversees and executes the emirate’s petroleum-related policies. It also approves the allocation of capital spending across state-owned Adnoc’s upstream, downstream and midstream operations and functions as the company’s board of directors. The SPC’s mandate is also required for auctioning oil and gas concessions in Abu Dhabi and for awarding blocks to international oil companies. The council is chaired by Sheikh Khalifa, the President and Ruler of Abu Dhabi while Sheikh Mohamed bin Zayed, Abu Dhabi’s Crown Prince and Deputy Supreme Commander of the Armed Forces, is the vice chairman.

The Indo-Pacific

Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.

Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.

Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.

Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.

“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.

Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.

From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.

Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.

BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.

Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.

Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.

“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.

Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.

“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.

“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”

The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”

If you go
Where to stay: Courtyard by Marriott Titusville Kennedy Space Centre has unparalleled views of the Indian River. Alligators can be spotted from hotel room balconies, as can several rocket launch sites. The hotel also boasts cool space-themed decor.

When to go: Florida is best experienced during the winter months, from November to May, before the humidity kicks in.

How to get there: Emirates currently flies from Dubai to Orlando five times a week.
The biog:

Languages: Arabic, Farsi, Hindi, basic Russian 

Favourite food: Pizza 

Best food on the road: rice

Favourite colour: silver 

Favourite bike: Gold Wing, Honda

Favourite biking destination: Canada 

Avatar: Fire and Ash

Director: James Cameron

Starring: Sam Worthington, Sigourney Weaver, Zoe Saldana

Rating: 4.5/5

Updated: November 24, 2022, 5:00 AM
CryptocurrencyBitcoinCyber crimeBlockchain