8. The Complete Guide to Crypto Wallet Security

 

One topic that isn't talked about much but should be more is cryptowallet security. There are 3 basic vectors of attack I think of when it comes to protecting my Litecoin, all of which are centered around protecting my private keys:

  1. Digital
  2. Physical
  3. Social

Digital

First and foremost, you must protect yourself from hackers and malware.  The best way to do this is to create something called a "Cold Wallet."  A Cold Wallet is another word for making sure your Litecoin wallet isn't connected to the internet.  In this way, hacker's cant access your private keys digitally.  I go in-depth in the different ways you can do that in this article here.  However, if you don't want to deal with the hassle of preparing a cold wallet, want ease of access to your coins, and have a decent amount of $$ invested, I strongly recommend a hardware wallet such as Trezor.

Another word of caution, don't take a picture of your seedkeys and email/SMS text them anywhere.  Alternatively, don't keep them in a word document and email it unless it's password protected.  Only do this if you are using "end to end" encryption services like Keybase or Telegram's secret chat.  Emails and SMS texts can actually be snooped on fairly easily unless they are encrypted.

Finally, another thing to keep in mind is how to protect your digital wallets from corrupted hard drives and/or software bugs.

Physical

This is two-fold:

  1. Protecting your seedkeys. 
  2. In person interactions.
  3. Tragic unforeseen circumstances.

If you've bought a hardware wallet like a Trezor or have a loafwallet, then chances are you have something called "seed keys."  These set of words are used to generate the private keys that are associated with your Litecoin wallet.  It is absolutely imperative to protect these seedkeys.  Even though you've written them down on a piece of paper, that is insufficient.  You must ensure your private key or seedkey is protected from fire or water damage in-case of a house-fire or water damage.  That is why I strongly recommend getting a fire and water resistant solution like a steel wallet to keep your seedkeys in.  One affordable steel wallet that I personally have bought and use is Billfodl.  However, some people keep it in a safe or even a bank.

However, even with a steel wallet your Litecoin isn't completely safe.  You must also store it in a hidden place where random strangers won't accidentally stumble across it.  You can even take measures to hedge against these situations by obfuscating your seedkeys.  Some wrap their steelwallets with a material to cover their seedkeys and stick it in a tamper evident bag.  This way, you will know instantly whether someone ripped the bag to look at or take a picture of your seedkeys.  Another way you could hide your seedkeys from being vulnerable to the naked eye is by using an off-line QR code generator that hasn't been touched by malware to spit out a QR code after you type in all your seedkeys.


Another aspect to consider is your own personal security. This may not be as big of a concern to others, but it is something I am keenly aware of.  If people know you are involved with cryptocurrency, they may assume you have a significant amount of money.  In light of this, it might be worthwhile to have multiple wallets that hold a small portion of your cryptoportfolio to hand someone in the event someone tries to violently threaten you or someone you love.

Finally, the last facet to consider is one of a custodial nature.  One of the most secure ways to store your seedkeys is if no one knows where they are.  However, if something should ever happen to you like a freak accident, then your cryptocurrency will be lost forever.  Therefore, it may be worthwhile to consider different ways for people to access your Litecoin whether it be through a custodian or telling someone you trust directly.
 

Social

One of the most common ways people lose their Litecoin is through something called "Social Engineering." This when someone convinces you that they are someone or a company you trust in order to manipulate you. By gaining your turst, they get you to either to send your Litecoin to them directly or to give up sensitive personal information so they can access your exchange accounts.

This form of attack comes in several forms.  Here are some examples:

  • Fake website (electrumltc.org vs. electrum-ltc.org).  The fake website is electrumltc.org.

  • On twitter when they copy Satoshilite's profile picture and pretend to give away free ETH if you send ETH to their wallet.
Screen Shot 2018-04-24 at 4.25.45 PM.png

 

  • Phishing emails pretending to be companies like Coinbase.
HvgnC1F.png

 

  • Someone messaging you pretending to help you when really they're trying to steal your Litecoins.
Screen Shot 2018-04-24 at 4.32.59 PM.png

 

This type of vulnerability is harder to protect against because it comes in so many different forms and requires some common sense.   However here are some general principles to go by: go out of your way to verify sources, learn what a phishing email sounds or looks like, be reluctant in giving away any personal information, double check website and Litecoin addresses, never give your private keys to anyone, and if it sounds too good to be true then it probably is.  

Finally, the last social vulnerability to mitigate against is yourself.  People often encrypt their digital wallets with passwords that they forget or misplace their seedkeys when they hide it.  Make sure that whatever steps you take to protect your Litecoin, that you'll be able to remember it.  
 

Conclusion

Unfortunately, it can be a bit difficult to keep your cryptocurrencies completely safe.  But now that you know the different attack vectors, you can take the necessary steps to ensure that you do not get scammed, hacked, or swindled out of your Litecoin.