In the past, cryptocurrency has been the target for online fraud and theft, and although this is still the case, there have been huge improvements made to crypto security. This means that it’s possible for end users to securely store their digital assets without having any cybersecurity knowledge or expertise.
This guide will explain in simple terms how to protect yourself from cryptocurrency theft and scams and what precautions Swyftx has in place to ensure your digital assets can never be compromised.
How is cryptocurrency stored?
All units of cryptocurrency in existence are stored in a cryptocurrency address, commonly referred to as stored in a wallet. Each has a key to unlock and access the crypto assets inside. This is typically referred to as a ‘private key’ and is similar to your PIN number for your bank. It is crucial you keep this key safe and where nobody can access it, as this is the only thing a cyber thief needs to access and steal your cryptocurrency. The irreversible nature of crypto means, if your crypto is stolen, it’s highly likely it’s gone for good.
To put it simply, cryptocurrency security is about protecting your private keys so that they cannot be accessed by cyber criminals. In recent years, crypto security has levelled up, with exchanges and wallets adding more layers of security between the private keys and the end users.
What do private keys look like?
Private keys are data snippets which are intended to be read by machines. For Bitcoin, Ethereum and several other cryptocurrencies, a private key is a 256-bit number represented in binary (numbers of 0 or 1). However, they are usually displayed in a different form that typically looks something like this:
Private keys can also be derived from a seed phrase which is expressed in a more user friendly way. Many cryptocurrency wallets favour the use of seed phrases which is expressed as a 12 or 24 word phrase. These words are completely randomised and do not make up a sentence. For example:
Pride King Switch Practice Silver Seen Book Desk Again Simple Case Quick
Swyftx security practices
At Swyftx, security is our top priority. In a digital age where fraud, cyber theft and scams are becoming more prevalent, we understand the importance of protecting our customers. We have a robust security framework in place to ensure we provide a platform for customers to safely trade and store their digital assets. We implement an extensive range of security practices including but not limited to:
- Using JSON Web Tokens (JWTs) and session expiry
- KYC verification
- Biometric authentication
- Offering and encouraging 2FA account protection
- Breached password detection
- Consulting with 3rd party security auditors
- Undertaking external penetration testing
- Internal least-privilege security model
Methods of protecting your Swyftx account
Create a unique and secure password
This may seem like an obvious one, however, most people don’t follow this step. It’s important to create a password that is 100% unique to any other service you use. For instance, your Swyftx password and the password to your email should be completely different. Swyftx enforces a password policy to ensure that your password is complex enough, however, it is ultimately your responsibility to create a sensible password.
Setup two-factor authentication (2FA)
Two-factor authentication, commonly referred to as 2FA, two-step verification or multi-factor authentication is an extra layer of security on top of your account password. Single-factor authentication, typically something you know (i.e. a password), is combined with a second piece of information only available via something you have (i.e. a number or code that you have immediate access to), typically kept on your mobile phone.
Swyftx recommends and supports a number of apps that generate multi-factor authentication codes such as Google Authenticator, Microsoft Authenticator and Authy. These apps generate a Time-based One-time Password that will reset to another password once time has expired. This password will be required for you to login into your account or when you are attempting to withdraw money.
The image to the right is a screenshot example of the Google Authenticator app. The one time password will change as soon as the timer on the right hand side expires.
Although Swyftx does not enforce you to use 2FA on your trading account, it is highly recommended as 2FA is proven to be one of the most effective strategies to mitigate cyber security incidents caused by various cyber threats.
Set up biometric security
Biometric security has advanced over the years. It is biological measurements or physical characteristics that can be used to identify individuals. Facial recognition and fingerprint scans are the most common types of biometrics.
The Swyftx mobile app, available on both android and iOS devices leverages biometric security features to provide secure, convenient access to your account. You can choose between fingerprint scan or facial recognition to ensure your account is safe, even while mobile.
Other methods of protecting your crypto assets
If your Swyftx account has been set up using a secure and unique password, two-factor authentication and biometric logins, then it is an extremely safe place to store/hold your digital assets. However, there are other ways to ensure the safety of your crypto, some of which have been provided below.
Storing your crypto in a cold wallet
A cold wallet, also referred to as cold storage, is often seen as a more secure option than a traditional crypto wallet. Unlike ‘hot wallets’ which involves storing your digital assets on an internet-connected wallet, cold storage involves storing your crypto offline and entirely separated from internet access. This thoroughly reduces the threat from hackers as they cannot gain digital access to your wallet. The most common type of cold wallet is a hardware wallet. Hardware wallets are small devices similar to USB’s that isolate your private key from all other devices and the internet. These devices are becoming increasingly popular among crypto owners as they can sign transactions without disclosing the private key. Hardware wallets can be stored in a deposit box to ensure they don’t land in the wrong set of hands.
Paper wallets are another type of cold storage. A paper wallet typically involves printing a QR code or your private key on a physical piece of paper.
Be cautious of phishing and scams
With its market cap exceeding 2 trillion dollars, the cryptocurrency market is showing no signs of slowing down. However, with this immense growth, comes a swarm of dangerous scams, fraud and bad actors. Due to the irreversible nature of cryptocurrency transactions, if scammers take your money, the chances of retrieving it back are next to nothing.
A common type of scam used by bad actors in the crypto industry is referred to as ‘phishing.’ Phishing involves scammers sending emails to targets with fraudulent links that direct targets to a website created for the purpose of soliciting important information such as passwords or bank account details. In the context of the crypto market, phishing scams target details relating to wallet addresses and keys.
Initial coin offering or ICO scams proliferated at the height of the 2017/18 crypto market spike. These can be difficult to regulate to ensure legitimate investor protections are in place because ICO’s are typically sold internationally and paid for with cryptocurrency. It’s always best to proceed with caution when you’ve been sent an offer for an ICO that sounds too good to be true. For more information read ASIC’s statements on ICO’s.
Install anti-malware on your computer/laptop
An additional layer of defence that you might want to consider to protect your crypto assets is to install anti-malware software to your computer or laptop. Malware is a term that encompasses all malicious software. A virus is a specific type of malware. Just installing anti-virus software to your computer might not be able to prevent all types of malware from causing harm to your computer and the data contained on it. Whereas, anti-malware does the job of a typical anti-virus program whilst also fighting against modern threats like spyware and rootkits.