2022 has been a big year for crypto hackers. A recent report estimated that a total of $1.4 billion had been lost through attacks on cross-chain bridges since the year began. Another report gave a $2 billion approximation of the total crypto lost due to DeFi hacks in the first half of 2022.
The attacks on the crypto-verse have so far been isolated to the above-mentioned DeFi platforms and cross-chain bridges. But the recent Solana ecosystem hack affecting 9,232 wallet addresses and the loss of an estimated $5 to $8 million has brought the battle closer to home for crypto users.
Initial investigations into the incident identified a Slope Wallet weakness on the mobile app that sent private keys to their centralized Sentry server, where they were stored in plain text. Consequently, anyone with access to their Sentry Serve could access them and drain users’ wallets.
Engineers from Solana and Slope Finance, alongside crypto auditors from Ottersec and SlowMist, are still in the process of identifying the root cause of the breach since affected wallets seem to have extended beyond Slope Wallet users. Phantom and Solfare wallet users were also affected by the incident. However, hardware and crypto exchange wallets seemed unaffected by the attack.
Security Features to Look For in A Crypto Wallet
The fact that hackers directly targetted Solana crypto wallets has led to the question of their security and what crypto users should look out for when selecting one to keep their funds safe.
So what features should crypto users look for in a software or hardware wallet?
1. Compliance with regulatory requirements regarding privacy, KYC, and AML.
The crypto Wild West is slowly ending with regulators in the EU and the United States drafting bills to tame the industry. These regulations apply to crypto wallets as transactions will soon have to adhere to laws managing such financial transactions.
A crypto wallet that follows regulations regarding privacy, KYC (know your customer), and AML (anti-money laundering) processes, is a sure way of identifying its legitimacy and safeguarding user security.
2. Password protection and 2FA.
The most basic security feature that a software or hardware wallet should have is the ability for its user to set a password or personal identification number (PIN). The availability of 2FA (two-factor authentication) allows for an added layer of security. 2FA methods include email and SMS verifications, fingerprint or facial scans, and 2FA codes from apps such as Google Authenticator.
3. Ability to Whitelist Devices, IP, and Crypto Withdrawal Addresses.
We live in a connected world, and multiple devices can now access individual accounts. A crypto wallet that allows you to whitelist devices and IP addresses reduces the chances of unauthorized access to your funds.
Furthermore, whitelisting withdrawal addresses is beneficial because an attacker cannot siphon off funds to a crypto address that is not on the allow list.
4. Login, Withdrawal, and Deposit Notifications.
Monitoring access and transactional activity is essential for any crypto wallet. Login, crypto withdrawals, and deposits should be accompanied by email or SMS notifications. These alerts keep users updated on the status of their funds, thus increasing the chances of identifying unauthorized access or transactions.
5. Wallet stability during periods of high load.
Wallet failure during periods of high load can frustrate users, especially during market drawdowns when selling is required to minimize losses. Having a crypto wallet that will not fail when you need it most will go a long way in maximizing your returns.
For example, some crypto exchanges and their wallets are known to break down during market crashes. Researching which crypto exchanges fail during such periods will help you avoid similar scenarios in the future.
6. Offline storage of private keys.
The Slope Wallet vulnerability highlighted the need for private keys to be the sole responsibility of users rather than having them stored on servers. Crypto wallets that allow for offline storage of private keys guarantee that only individual users can access the funds.
7. Automated logout after a certain period of inactivity.
Automated logout after a set period of inactivity is essential for any crypto wallet. We often forget to log off from devices and apps, leaving sensitive information wide open for anyone to access immediately or after stealing the device. A wallet that logs you out after a set time minimizes such risks.
Best Practices for Crypto Wallet Users
Besides vetting hardware and software wallets by looking for the above features, crypto wallet users should also adopt the following best practices when picking wallets and interacting on the blockchain.
1. Use time-tested wallets with a known team.
Crypto users are sometimes tempted to immediately trust new crypto wallet projects instead of using crypto wallets that have stood the test of time. New crypto wallet projects sometimes do not have the apparent reassurances such as a visible team, the backing of a known crypto exchange or company, open source code, or even proper auditing. Consequently, picking a time-tested wallet is one way of reducing hacking risks.
2. Do not put all your eggs in one basket.
As the old saying goes, putting your eggs in one basket is a sure way of losing everything when there is a hack. Crypto users should have a habit of diversifying where they store their digital assets to reduce the probability of losing it all if one wallet is compromised. Mixing hot and cold storage is an excellent approach to reducing such risks.
3. Be up to date with Phishing scams and techniques used.
Phishing attacks have become the preferred method for hackers to obtain sensitive information to steal cryptocurrencies from unsuspecting holders. Knowing how such attacks happen and the tricks used by fraudsters will assist in identifying phishing attempts ahead of time.
4. Constantly updating your crypto wallet.
Continually updating your wallet is another way of reducing the chances of your funds being stolen. Crypto wallet developers are constantly auditing the software behind soft and cold wallets. They often release patches that fix identified vulnerabilities, and updating your wallet increases the safety of your funds.
5. Store private keys offline.
Another habit crypto users have, is storing their private keys on their mobile devices, personal computers, or on the cloud. As a result, private keys are an easy target for hackers who employ phishing techniques to obtain them. Storing the private keys offline by writing them down or printing them further enhances crypto wallet security.
6. Have backups to your private keys.
After storing your private keys offline, keeping a backup comes in handy when you lose the original private keys. One of the most famous incidences highlighting the need for backups is the case of a UK man who lost a hard drive containing private keys to his 8,000 Bitcoin wallet worth roughly $192 million using BTC’s current value of $24k. If he had a backup, he would not be planning to dig up a landfill with over ten years’ worth of waste in search of the hard drive.
7. Use 2FA.
Crypto wallet users often ignore using 2FA since they believe a password or PIN is enough to keep their funds safe. But they forget that some of their passwords and PINs are easy to crack. Research shows that birthdays, wedding anniversaries, and passwords such as ‘12345’, and ‘QWERTY’ are preferred by many as they are easy to remember. Therefore, 2FA is recommended as it adds a second layer of security.
8. Scrutinize mobile wallets before downloading from the app store.
As earlier mentioned, new wallets sometimes attract crypto users looking for ways to store their crypto. Mobile wallet users risk downloading random apps with poor coding or malicious intentions lurking in the app stores. Scrutinizing each app before downloading can weed out the least safe.
One can check the number of downloads (the higher, the better), user reviews, star ratings, and even what permissions it asks for to determine how secure the app is.
9. Use a VPN.
Online privacy is a fundamental right, and hiding your network activity, and IP address using a VPN (Virtual Private Network) means potential attackers cannot track your behavior online. Masking your online presence is one way of reducing the risks of targeting attacks through phishing. It can also prevent direct theft through threats of violence or kidnappings.
10. Check your crypto accounts regularly.
Bank account holders always check their balances, especially when they get paid. Crypto wallet users should also employ this habit to confirm their balances constantly. Regularly checking crypto balances can assist in detecting an ongoing hack or dusting attack allowing for the implementation of mitigation measures to avoid further losses.
11. Trust your gut feeling.
The crypto-verse is full of scammers and hackers attempting to gain your trust. Crypto users should be aware of red flags, including promises of high yield, a rush to establish trust, flashy lifestyles, or even suspicious LinkedIn profiles.
Although not as technical as the methods mentioned above, trusting your gut feeling when downloading apps or interacting with crypto community members is another way to reduce the risk of your funds being stolen.