Bitcoin made news recently by surpassing the $11,000 price barrier, up from under $1,500 at the start of 2017.
That’s the good news—if you own Bitcoins. The bad news is that there are unique ways you can lose money—and indirectly lose critical personal data—when trading Bitcoin, if you don’t know what you’re doing. (See also: What Is Bitcoin and Should You Buy It?)
Make no mistake, cryptocurrency trading is risky, security-wise, even as cryptocurrency advocates promote Bitcoin as a safe way to buy and sell goods and services. That’s primarily because the investor usually has total control over transactions, with no central authority.
“Unfortunately, many people assume that digital Bitcoins are somehow more secure than regular financial transactions,” says Jack Miller, chief information security officer at SlashNext, a Pleasanton, Ca.-based provider of Internet access protection systems. “But cryptocurrencies are actually riskier because there are no authorized regulatory bodies to regulate these digital financial transactions.”
Indeed, the digital forensics firm Chainalysis recently estimated as much as 23% of Bitcoins mined to date—nearly 3.8 million worth about $3.66 billion at current levels—are out of circulation and considered lost, Fortune reports.
Are Bitcoin keys at risk?
Andrew McDonnell, president of AsTech, a San Francisco-based security consultancy firm, notes that “holding bitcoin requires maintaining the confidentiality of a Bitcoin address’ private key,” a secret password, stashed in a digital wallet, that allows cryptocurrencies to be transacted and spent.
“Bitcoin hacking is a popular criminal enterprise because if that key is compromised, the attackers can send all of the victim’s Bitcoin to themselves or an intermediary or simply delete the key and digitally eliminate the Bitcoin,” he says.
Bitcoin exchanges have been tempting targets for these attackers, as their digital wallets often manage vast sums of the cryptocurrency.
The infamous Mt. Gox exchange data breach of 2011 triggered a reported loss of approximately $450 million worth of Bitcoin in 2014, partially through the compromise of investors’ wallets and keys. At the time, it was estimated that Mt. Gox processed 70% of all Bitcoin transactions, McDonnell notes. (See also: Here’s What You Should Do After a Data Breach)
What are the risks associated with Bitcoin?
Technically, using Bitcoin directly involves no personal data whatsoever, and so in that regard, it is extremely safe, says Chris Wilmer, an assistant business professor at the University of Pittsburgh. But, as usual, there are caveats—and areas of risk.
“Many intermediary companies, [such as Coinbase], will require you to provide personally identifying information so that they are in compliance with anti-money laundering (AML) and know-your-customer verification (KYC) laws,” says Wilmer.
“At this point, your data is as safe as it is with any other company outside of the Bitcoin world that asks for that information, which, in light of the many large hacking scandals… is not very reassuring.”
Although there is no identification required to use Bitcoin or other digital currencies such as Ethereum, “companies that offer add-on services, such as currency exchanges, will ask for identity information in which case it is just like any other tech company,” Wilmer adds.
Do cryptocurrencies promise a false sense of security?
As with all technologies, there are historical reminders that hacking the human element of a technology is always possible.
SlashNext’s Miller says the “false sense of security” around digital currencies is a problem because it lulls human beings into taking actions that play directly into hackers’ plans.
“As society’s dependence on cryptocurrencies like Bitcoin continues to increase, we will see more and more social engineering attacks being used to successfully steal cryptocurrencies,” he says. “While some of these attacks actually harvest Bitcoins from a victim’s account, others simply con the victim into giving their Bitcoins to the thief.” (See also: After the Equifax Breach, Watch Out for Phishing Scams)
In addition, larger state-sponsored hacks could cause widespread market chaos that serves to disrupt the Bitcoin ecosystem, Miller says. “That increases economic instability and risk around the globe.”
Is Bitcoin dangerous?
A big key to better understanding Bitcoin security is knowing where hackers are targeting their attacks, says Jared Nishikawa, director of immersive programs at SecureSet, a Denver, Col.-based cybersecurity academy.
“As with nearly every major cryptographic attack in recent history, including SSLStrip, Heartbleed, and Padding Oracles, 99% of the time, hackers are not attacking the underlying cryptographic algorithms,” Nishikawa says. “Instead, they are attacking vulnerable implementations of these algorithms.”
Nishikawa says there are multiple known cases of cryptocurrencies being “hacked.”
“In the case of Mt. Gox, hackers exploited a bug in the wallet software to gain access to private keys,” he says. “This almost certainly involved a rogue employee or physical theft of some kind.”
More recently, hackers exploited vulnerable code in Ethereum’s smart contracts to “reset” other users’ wallets. In the process, they essentially reassigned ownership of the wallet to themselves without even having to access the private keys, Nishikawa adds.
Ethereum is an open software platform that uses blockchain technology to replace internet third parties in cryptocurrency trading. (See also: Digital Currency Craze Moves Beyond Bitcoin)
How can you protect your Bitcoins?
The best way to guard against these types of attacks is to implement technologies that can identify and protect against social engineering attacks, says Miller.
“No amount of user training and awareness will ever solve this problem,” he notes. “That’s why technical solutions are a must. A solution that protects customers from these types of social engineering attacks every day, in real-time. As they say, a chain is only as strong as its weakest link, and with cryptocurrencies such as Bitcoin, the human element is clearly the weakest link.”
Nishikawa says the public should know the current dangers of buying and spending in cryptocurrencies. “In general, everyone needs to learn a bit more about cybersecurity, and hold themselves to higher standards of secure practices,” he says. “Bitcoin-related businesses should hire software developers that have strong cybersecurity skills, or hire competent security engineers, consultants, or auditors. If these people are hard to find, businesses should pay to train their current employees.”
How to keep your Bitcoin safe
Beyond that, here are four specific moves cryptocurrency investors can take to protect themselves:
1. Backup your keys
Consumers and businesses “need to make sure that they protect and securely back up their private bitcoin keys, and establish the integrity of any exchange involved in their transactions,” says McDonnell. “That’s especially important in peer-to-peer transactions like Bitcoin, where the protocol guarantees the transactions.”
2. Use a virtual private network (VPN) when trading
The best way to protect your data when trading and holding cryptocurrencies is to use a virtual private network, says Amit Bareket, chief executive officer and a cybersecurity expert at SaferVPN.com. “When you’re connected to a reliable and secure VPN, attackers won’t have a clue that you have a cryptocurrency wallet on your device and they won’t target your device specifically.”
If you don’t use a VPN when making cryptocurrency transactions, you’re leaving yourself wide open to identity and cryptocurrency theft. “Not only can a hacker glean your personal details from an exposed connection, but if, while spying on your network, they see you have a cryptocurrency wallet, they can then review all your traffic and log all of your transactions,” Bareket says.
That means crypto-hackers can see the cryptocurrency values you send and receive, while also view your social media details. “Together, that can lead to cybercriminals utilizing your identity to connect to your wallet and steal your cryptocurrency,” he adds.
3. Separate your wallets
Cryptocurrency users should always make sure they separate from their “hot wallet” that they use daily for trading and various currency transfers and a “cold wallet”, which is for long-term storage. “The cold wallet should reside on a device (laptop or an old mobile) that never connects to the Internet,” says Bareket.
4. Protect your key
The only data that is fundamental to cryptocurrencies is the private key, says Wilmer. “With Bitcoins, you can spend them if you have your private key, and if someone else gets a hold of it, they will be able to spend your Bitcoins,” he says.
“To make it easy to secure your private key, many companies have developed specialized hardware devices for digital currency transactions. One of the most famous hardware devices is the Trezor, made by SatoshiLabs. Trezors plug into your USB port and can be used to store digital currencies in a way that is extremely secure and reasonably user-friendly.”
So, what’s the verdict?
By and large, cryptocurrency is a sound technology that can be used safely, even more so than traditional bank accounts (which are also vulnerable to hacking), says Wilmer. “That being said, because so many are unfamiliar with cryptocurrencies, [businesses and individuals alike], hacking and loss have been frequent over the years.”
Bitcoin’s dramatic gains this year have been mesmerizing and richly rewarding for those who got in early. But investors must remain vigilant against data hackers who want to crack open their digital currency wallets—and have had a surprising degree of success in doing so.