Utrum Foundation’s Educational Series for Cryptocurrency Investors, Traders, and Enthusiasts
In the previous post we discussed “being your own bank.” With this in mind, let’s set a baseline of thought and begin taking measures to setup your security and the practices which you can implement to protect your “bank.”
Intro and Basics — Securing Yourself Before Investing
Before you begin investing in cryptocurrency, you need to take inventory of your personal practices, habits and make some adjustments which will ultimately protect your holdings and trades. For starters, as a newbie to cryptocurrency investing I suggest you set a baseline perspective that includes the following premises:
ANONYMITY in your social and “untrusted” interactions is paramount to securing your holdings and activity.
CAUTION in your actions is key to safe and successful transactions.
PARANOIA is HIGHLY underrated when it comes to dealing in cryptocurrency.
Contrary to the way most people deal with their finances in our modern society, where we essentially blindly trust strangers pretty regularly, in the crypto world that sort of behavior gets you broke fast. And this “trust” doesn’t begin and end at “don’t share your private key”…it begins with simply what you talk about and with whom you share information about your crypto holdings or investments.
Let’s briefly discuss each of these three principles.
Being at least moderately paranoid can help you protect your crypto dealings. In every related action you should assume that any “leak” of your private key or similar information, it will be exploited. Even to the degree that I do not trust a used device or computer unless I’ve replaced the OS…although I go a step further and replace the drive.
Why be so paranoid? It’s not necessarily about that one layer of security, for example the used computer, it’s about being in the habit of awareness and caution.
Remember, if you send cryptocurrency to the wrong address or to an untrusted person…or use your private key/other sensitive login information on a computer that’s not trusted and secured, you risk losing money permanently. Even if you sent cryptocurrency to a wallet no one owns by accident, it will just sit and rot there, never to be claimed.
So being a little paranoid goes a long way.
The reason I use that word specifically, is, as one example, I’ve noted a lot of gullibility crypto subreddits…such as ethtrader. Someone posts a link to a “new exchange” or one I saw recently was a site claiming to allow you to cash out your ETH for PayPal. In many cases of such scams the funds just end up on the scamsters wallet with no recourse. And people fall prey to this, especially people who are used to the centralized financial community and aren’t very keen on the community of cryptocurrency, to know what exchanges for example, are trustworthy, etc.
Caution is really similar and the premise here is to always exercise caution with your actions. This premise differs from Paranoia in that I’m referring more to your actions in carrying out a certain trading or investing task. Move cautiously and slowly to avoid mistakes.
For example, let’s say you setup a new ETH wallet using myetherwallet. You have your new public address (wallet address) and are ready to dump your stash of $10,000 worth of ETH from Coinbase, for cold storage. So you paste your new public wallet address in Coinbase and send. A few hours goes by and no ETH in your new address, but your Coinbase account is empty and says the transaction completed.
That would probably be one of the worst moments of your life and could be avoided by practicing some caution in EVERY step. For example, after you create your new wallet you’d make a very small (like $1) transfer using coinbase or wherever your ETH is coming from. After that transaction shows up in your new wallet, you’d do a slightly larger one, like $100. All good? Send the loot.
This ensures you didn’t make a mistake in the wallet address or other steps of the transaction.
And every step of even sending those test transactions, would include you verifying the public address in the send field, every time, against your printed wallet or wherever/however you have that public key recorded. This way you can make sure you’re not inadvertently pasting the wrong address.
(if this all is sounding over your head, don’t worry, after the step-by-steps in later additions to this series, it will make more sense)
That’s just an example of practicing caution and how you really want to move cautiously with every action you take involving your investments. This will help ensure you are truly making the transactions you intend to and not making a fumble that can cost you big time.
Anonymity is the premise on which you want to base securing or protecting your personal data and in turn your investments. Being anonymous does not mean you have to delete your Internet presence and go “off grid.”
With cryptocurrency anonymity as I’m describing it is only in direct correlation to your transactions, trades, holdings, wallets and logins. You can maintain your “normal” Internet presence and an anonymous presence with regards to your crypto finances.
I’ll begin covering those steps in a moment, but the premise is simple: Separate your public presence from all your private and serious crypto dealings.
You can still share an address to receive crypto payment for example, but you don’t want to store your holdings in that same address. Similarly, you can share a wallet address from Coinbase, but you don’t want to use your “known” email address in association with your Coinbase login.
This isn’t to hide from Coinbase, but rather to reduce risk of someone using “social hacking” to hack your exchange account login.
Social hacking can also be used to coerce or threaten you, if a nefarious person knew enough about you socially and was able to correlate your social presence with your crypto value (how much you hold) for example, they might be able to demand a ransom or similar in regards to threats against you.
This happens, I know of individuals to whom it’s happened, so following the steps going forward will, again, help in protecting you and your funds.
Setting Up Your Personal Security
Okay, let’s talk about the actual steps to take to make sure you are operating within these premises and really keeping your soon-to-be investments secure. This list of steps to securing yourself and your personal data is not necessarily the most complete list. I’d love to hear any feedback if you have suggestions on how to make it more complete.
Step 1 — Alternative Public Identity (Being Anonymous)
As I’ve discussed before, an important step to getting started is very simply not being public about your cryptocurrency dealings. Don’t brag online, facebook, Reddit, etc about what you’re doing or how much you’re investing…or gaining.
Really anywhere you discuss cryptocurrency in terms of investing, should be very nonspecific and for added security, not tied to your known identity. Of course the latter is a more aggressive approach, so in most cases you’ll simply not share figures or even superlatives in regards to figures.
For best security and anonymity however, create a throwaway email, reddit and any other personal account where you want to discuss crypto-investing…make sure that those accounts are not traceable to your personal identity by the public. For example, don’t use a reddit username that includes your name or anything personally identifiable to you.
Also, be cautious when using your social accounts that if you discuss personal things, even referring to the fact that you’re married or male or female or tall, short, etc etc…those personal discussions or ties to personal things about yourself should NEVER be carried out using your same social media account used for crypto investment discussion, etc.
The same goes for commenting on posts in Reddit or other social media platforms that have a history other users can view and are also susceptible to being hacked or attacked by DDoS attack and your personal email leaked. There have literally been people I’ve spoken to who have had this very thing happen and been blackmailed in giving BTC to the attacker.
That’s one example of why it can hurt you, but there are many ways in which allowing your personal information mix and mingle publicly with your crypto-investing, and especially if you’re revealing how much you hold (which you should NEVER do regardless)…can harm you.
So to avoid all of that, I recommend you create the following new accounts that are not tied to your personal identity at all and use them exclusively for any crypto-investing activity or communication:
- Email address (gmail is acceptable if you don’t tie any personal data to it)
- Google voice number tied to new email or to a new gmail account
- New social media account for any site you intend to use to discuss this stuff, some examples being: Reddit, Facebook, Twitter (if you want to follow cryptocurrency tweets and like them, get involved in polls, commenting, etc), forum discussions, etc.
For added peace of mind, if you’ve ever made anyone aware you’re looking to invest in cryptocurrency, anyone, then when you create these anonymous accounts, do so from a computer that is connected through a secure private and anonymous VPN…and from a computer you’ve never used to identify yourself and that has never been in anyone’s possession but yours.
Using a VPN is smart regardless. Especially if you connect from hotspots often, which are often “Open” networks. This means that although they may require a password to login, they may not be encrypted connections. This leaves you open to a hacker connected to the same network who can simply view all data packets and see your logins or other critical data in plain sight.
I recommend Mullvad, but there are several very good VPN services available.
Sounds super paranoid, but this is potentially millions of dollars we are talking about gaining down the road…so it never hurts to be extra cautious.
Step 2 — Separate New Secure Accounts
Similar to Step 1, you will create another new set of accounts that are linked to each other…with a major difference. These will be tied to your actual identity (use your real name within the account settings of each) and will be used when setting up exchange accounts or other investment accounts where you need to verify your identity.
These accounts need to be new and separate from your normal personal accounts to add a layer of security to your investment dealings, in case by some small chance your normal personal email were already hacked or someone else had access and you just didn’t know or forgot, maybe you told someone who blabbed that you are thinking of investing in BTC and they know your cell number or leaked info out and your cell number got in the wrong hands…a simple call to your carrier could put a new SIM card in the wrong hands with access to your cell text messages…so even Two Factor Authentication could be hacked!
Or maybe you want to remain publicly known as being involved in cryptocurrency and just refrain from discussing how much you have, etc., but still need the security layer to keep social hackers at bay.
So what you’ll create is a new email account using Gmail or Protonmail (create the account from a computer you trust) and then create a Google Voice number once you login to that new Gmail/Google account.
Next, enable Two Factor Authentication for this Gmail/Google account by visiting https://myaccount.google.com/security while logged into the new google account. Use your new Google Voice number as the phone for 2FA. This phone will be forwarding to a known number, your cell or home, so you may not see the text message…to receive text messages on this number simply visit https://hangouts.google.com while logged into that google account and you’ll have access to the texts. You can also download the Hangouts app on your smartphone to receive these messages.
You now have a new email and phone, with 2FA enabled, setup using your own identity and that you can use for setting up exchange accounts later on.
You can also setup 2FA using the Google authenticator app or Authy, follow the instructions online if you want your new email to use one of these apps to perform the 2FA rather than a text message. It’s not a bad idea if you want to be extra secure.
Step 3 — Hardware to Use (recommended)
In the Step-by-Step sections later in this series, it would be most advantageous to use the following combination of hardware in dealing with your crypto-investments:
- A smartphone like an iPhone or Android, preferably never used for discussing investments, accessing investment sites, etc..just as secure as you can manage. For example a separate “burner phone.” In most cases it’s not necessary to have a dedicated device, but if you can do it, do it. There’s really no such thing as too careful when dealing with large sums of money on the blockchain and being your own bank!
- An old laptop that can boot from a DVD or USB thumbdrive and has a couple USB ports. It doesn’t need to be able to go online and can also be your everyday laptop, just needs to be able to boot up from a DVD preferably.
- A basic USB printer, name brand, non-wifi and not public (your own printer).
Step 4 — Hardware Wallet
(optional if you don’t want to deal with paper wallets right away but want a secure way to store)
In later additions to this series I’ll be discussing paper wallets. But you may want to deal primarily with a hardware wallet for ease of use and in addition to your paper wallet(s).
Here are a couple good starter hardware wallets. Although I don’t really cover how to deal with hardware wallets (yet) in this guide, it’s somewhat easier to do in many ways than some of the step-by-steps I do cover, so it’s a foot in the door before you learn how to do paper wallets.
Once you have these basic steps covered, you’re ready to begin! In the next addition to this series I’ll continue walking you through the process of getting setup securely and on your way to paper wallets, secure transactions and a lot more!
Next Up and Coming Soon — Part 4: Wallets and Transactions