With the rise of cryptocurrency, online wallets have become a prime target for hackers. Even major exchanges have found themselves vulnerable with Coincheck losing a massive $500 million in January 2018 and more recently Binance losing $40 million in May 2019. We take a look at what individuals should be thinking about when it comes to protecting their crypto assets, including general internet security and we summarise our own no-knowledge approach to security.
“Not your keys, not your bitcoin” – Andreas Antonopoulos
How secure are your private keys? Self-custodianship of your crypto starts at taking control of your keys, meaning minimising funds kept on centralized wallets and applications.
Do your research
We’re all guilty of trusting the big names, but they will always be a honeypot for hackers. You don’t need to avoid them but always do your research and find out what security practices they follow. How do they store funds? What’s their login process? If something does go wrong do they have an insurance policy?
Hot or cold?
Are your funds stored in hot or cold wallets? Funds in hot wallets (meaning they are connected to the internet) are easily tradable whereas those in cold storage (offline) offer more security as they cannot be accessed remotely. You should try to keep as much cryptocurrency in cold wallets as possible. This practice is followed by exchanges for the majority of user funds and so far has been proven effective as exchange hacks have typically involved hot wallets.
We recommend you a get a hardware wallet such as a Ledger Nano or a Trezor for storing your cold funds and implement and test a robust and secure backup and recovery strategy.
Don’t make yourself a target
Whilst most cryptocurrency investors value the financial privacy it offers, those who publicise their wealth are often targeted. Recently a Norwegian multi-millionaire jumped from a second storey balcony following an attempted armed robbery. The victim had allegedly boasted about making a fortune through investing in bitcoin and other cryptocurrencies prior to the robbery. You wouldn’t advertise a large inheritance so why is your crypto worth any different? Sometimes old fashioned discreetness is the best approach; privacy is security.
But don’t keep too quiet…
Say you were to get run over by a double decker bus tomorrow - do your nearest and dearest know about your cryptoassets? Some secrets don’t need to be taken to the grave!
Don’t forget about the little things…
Sometimes we’re so bored of hearing about best practice for broader, basic internet security that we forget to implement even the simplest and most obvious protection. Make sure you have a good antivirus installed and regularly update your operating system.
Do you have a web cam and microphone installed? Removing them sounds extreme, but in a world where Big Brother is watching and listening, hijacking is easier and more common than you might think. Similarly, have you ever considered how much information someone can learn about you through your online presence?
Passwords
Make sure your passwords are strong and don’t use a one for all approach. In Jan 2019 Collection #1 appeared to be the biggest public data breach yet with 773 million records exposed, reminding us that passwords are important and even to this day very easily hackable. Make sure any emails associated with your crypto accounts and wallets are secure, better still use two-factor authentication and be wary of email scams. Someone able to login to your email account has the potential to access to all of your accounts through a simple password reset via email.
Consider using a password manager with a strong master password so you can have strong unique passwords for all of your accounts without having to remember them all. Products like 1Password and Dashlane are good for this. But be careful not to store all your crypto keys and backups in a service like that in case your machine is compromised.
Use your common sense
- Only click on links or download programs or apps that you know are safe.
- Never give your password out to anyone – this may sound obvious but hackers posing as technical support are well known to gain credentials this way
- Don’t be fooled by fake sites – there are a lot out there using similar URLs to the real thing
Trust your instincts - if something doesn’t seem right or sounds too good to be true then more than likely it isn’t.
Total cryptocurrency security cannot be guaranteed. Prepare yourself just in case you are ever a victim…
Keep records
The ideas discussed above will help to keep your cryptocurrency safe but we recommend keeping up-to-date, accurate records of your activity so that if disaster strikes you have detailed documentation. You shouldn’t rely on exchanges to do this for you - they might not be there forever.
Sometimes all’s not lost - when can you claim loss relief?
Loosing public or private keys to a wallet cannot be treated as a disposal for capital gains tax purposes. However, if you can show that there is no prospect of recovering the cryptoassets, you can file a negligible value claim in the Tax Return to claim the loss.
Similarly, loosing cryptoassets as a victim of theft or fraud cannot be treated as a disposal for capital gains tax purposes. However, if you can prove that you held the cryptoasset at some point but there is no chance of recovering it you can file a negligible value claim. According to HMRC guidance, those who did not receive a cryptoasset that they paid for may not be able to claim a capital loss.
Securely keep track of your portfolio with Recap…
Recap enables crypto users to easily track their whole portfolio without disclosing private financial data and calculate their UK cryptocurrency tax position. Although we still recommend having a back up, having all of your data in one place makes any discrepancies easier to spot. Get started for free.
We know nothing…
Security has always been our number one priority and it’s what makes us different to alternative tax products. We believe that your data belongs to you and so you should have full control over it.
We use a zero-knowledge approach meaning that data is encrypted client-side using a personal encryption key that only you have access to. This means that your data is only ever visible to you, we have no knowledge of it – not us, not our staff, not our suppliers. Find out more.