A Cryptocurrency Wallet, also known as a Crypto Coin Wallet, is an application that allows cryptocurrency users to store and retrieve their digital assets. With traditional currency, you don’t need a wallet to spend your cash but helps to keep it all in one place. When a user obtains cryptocurrency, such as bitcoins, they can store it in a cryptocurrency wallet and from there use it to make transactions.
Unlike a normal wallet, which holds actual cash, crypto wallets technically don’t store your crypto. Your assets live on the blockchain, but can only be accessed using a private key. Your keys prove your ownership of your digital money and allow you to make transactions. If you lose your private keys, you lose access to your money forever. There are many stories of early purchasers of Bitcoin losing the keys to what could be hundreds of thousands of dollars. 10 Heartbreaking stories of People Who Lost their Private Bitcoin Key.
Cold Wallets: Also known as ‘Hardware Wallets’, is where keys are stored in a thumb-drive device that is kept in a safe place and only connected to a computer when you want to use your crypto. This is the most secure way to protect your private key from theft.
Hot Wallets: Also known as ‘Online Wallets’, keys are stored in an app or other software. This makes sending, receiving, and using your crypto as easy as using an online bank account, payment system, or brokerage. Just be sure to protect your access with two-factor authenication.
What does this mean for anyone using Cryptocurrency?
- Don’t put all your crypto coins in hot wallets. When you entrust your savings or your wage payments to a bank, you are doing so with years of regulatory scrutiny and protection to back you up. In the unregulated cryptocurrency world, you are largely on your own if something goes wrong. Don’t keep more than you can afford to lose in a hot wallet.
- Don’t keep all your data online all the time. Ironically, perhaps, one important defense against ransomware in the first place is to maintain an offline backup, ideally one that is also off-site. Keeping your crypto coins, as well as any truly private or critical data, offline – is a similarly useful precaution.
- Don’t expect to keep a secret such as a Bitcoin password or ATM PIN if you tell it to other people. As Benjamin Franklin is supposed to have said, “Three people can keep a secret if two of them are dead.” Remember: If in doubt, don’t give it out.
- Don’t expect to get your money back as Colonial did. You need to think of crypto coin recovery as a rare exception, not as a common rule. As explained above, it typically requires a high-profile case, plus strong operational intelligence, plus a bit of plain old luck, for law enforcement to achieve a result like this.
In addition to these cryptocurrency-specific actions, your company needs to take proactive measures to first reduce its chances of being hit by ransomware. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks:
- Adopt two-factor authentication on all critical Internet-accessible services
- Adopt a password manager for better personal/work password hygiene
- Require 14+ character Passwords in your Governance Policies
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Document and test Business Continuity Disaster Recovery (BCDR) plans
- Perform a risk assessment every two to three years
Start building your robust, defense-in-depth cybersecurity plan at CyberHoot.