Protecting your digital assets
Are you wondering how you keep your crypto safe? Previously we have given in-depth discussions on Bitcoin, blockchain technology, the security of cryptocurrencies, and investing in cryptocurrencies. This blog will be discussing centralized exchanges, the types of cryptographic keys, and an in-depth review of cryptocurrency security. Multiple examples have been used for further education for the reader.
Centralized Cryptocurrency Exchanges:
A centralized exchange is a website platform that allows a person to buy and sell cryptocurrencies using their fiat currency or it gives the option to trade cryptocurrencies for other types of cryptocurrencies. As stated in previous blogs there are currently thousands of different centralized exchanges in operation today where each one varies in fees that they charge and the type of cryptocurrencies that they sell.
Centralized exchanges are given their name because they are the 3rd party within the buying and selling process of cryptocurrencies. These are privately managed businesses that need to generate profit and the majority of their profits will be coming from their customers paying a percentage fee every time they buy or sell a cryptocurrency, much the same way as a shareholder pays a stockbroker a fee to buy or sell shares on their behalf.
Security of Exchanges:
Within the crypto world, there is a commonly stated phase, “Not your keys, not your crypto”. This statement is referring to the holder of the private key which will be explained in further detail within this blog. Centralized exchanges work as custodian banks meaning that they take responsibility and safeguard the individual’s cryptocurrency assets held on their exchange. Because these exchanges can hold large amounts of cryptocurrency assets at any given time, they have unfortunately become the targets of digital hacking attacks.
Mt Gox Exchange hack:
One of the most memorable attacks occurred in 2014 in which the Mt Gox exchange located in Tokyo, Japan became the target of one of these attacks resulting in an estimated 850,000 Bitcoin being stolen. At the time of the attack, the amount of Bitcoin lost was valued at more than USD 450 million and it is understood that customers are still locked in with legal battles to this today trying to recoup their stolen investments.
There is a misconception within the general public that when a hacking attack occurs on an exchange and Bitcoin has been stolen then there must be a design fault with Bitcoin itself and therefore the cryptocurrency must not be trusted. It must be reiterated that this is not the case and that it is factual that Bitcoin’s Blockchain has never been hacked. When put into a different comparison this statement would be like the example below.
Example: The Commonwealth Bank of Australia in Sydney gets robbed and the criminals get away with over $450 million Australian dollars. The general public now puts the full blame on the Australian dollar and it should not be trusted anymore.
This was in fact the cryptocurrency exchanged that fell victim to the digital hack which has got nothing to do with the Bitcoin or the Bitcoin Blockchain itself.
Do Not keep large amounts of cryptocurrency assets on the exchange:
The first take-home message from these hacking attacks would be to not keep large amounts of cryptocurrency assets on the exchange. It is difficult to define what a “large amount” is because all people are different in their individual assumption of wealth. However, if a person chooses to keep their assets on an exchange then the hacking threat is always present. Therefore, it is recommended that a person moves their cryptocurrency assets to their own private wallet as quickly as possible once it has been purchased from an exchange.
What are cryptographic Keys:
Cryptographic keys are the basic principles that allow cryptocurrency user to access their crypto assets. Once a digital wallet is created a mathematical algorithm will create two types of keys that are mathematically linked to each other.
- Is termed a Public Key
- Is termed a Private Key
Below is an example of an Ethereum linked Public Key: 0xb2a7abd9fa5de3fc728cb69bd6bb5d3d3f51b438.
When a person views this public key, it will have no meaning to anyone because it is in fact encrypted. This is where the private key is needed to decrypt the public key, the private and public keys work in conjunction with each other.
A further misconception is when a person believes that they hold cryptocurrencies within their private wallet. This again is not the case, when a person states that they own and hold cryptocurrency in their wallet a more accurate statement would be that that person owns the private key to that cryptocurrency.
What is the private key?
The private key acts as a digital signature that synchronises with the blockchain and then finds the cryptocurrency where it is stored on the blockchain that belongs to the owner of the key. It acts as proof of purchase that the coins that the person has purchased do indeed belong to the hold of the private key.
Example: A Bob has a Ferrari car parked on his driveway and has the keys to the car in his pocket. Bob can currently get into his car and drive the car away with no problems, so there are no discrepancies that the car really does belong to Bob. Now Bob has lost the keys to his Ferrari and has now lost the ability to drive the car away. There now exists a discrepancy whether or not the car really does belong to Bob.
The take-home message from this example is whoever holds the private key controls the cryptocurrency. The private key acts as a digital signature that allows the holder of the private key to move or spend their cryptocurrency. If the private key gets lost then the person no longer has access to their cryptocurrency.
Is it safe to share your private key with anyone?
NO! Absolutely not!! A person must not share their private key with anyone, this is why it is termed “private key” and it has to be kept “private”. If another person is asking for your private key or already knowns your private key, then that person has the capability to transfer your cryptocurrency assets to their own private wallet. The take-home message is never sharing your private key with anyone it is the holder’s responsibility to keep it safe.
Returning to exchanges and it must be noted that when a person chooses to leave their cryptocurrency assets on the exchange what they really are doing is leaving their private key on the exchange. This means that the exchanges now have full control of the private key much the same way as if a person leaves their car keys within a safety deposit box at a bank.
What is the public key?
The public key is a cryptographic key and it is used as a public viewed receive address where cryptocurrency assets can be sent to.
Example: Bob lives in Australia and he wants to send an email to his friend Sarah who lives in Canada. The first vital piece of information that Bob needs to know in order to go ahead with the email is what is Sarah’s email address? Once Bob knows what Sarah’s Email address is, he then simply copies in the email address and he can then send the intended email.
Apply this basic knowledge to Cryptocurrency and think of the public key as the email address. If a cryptocurrencies holder wants to send their crypto assets to another exchange or to their own private wallet then they are first going to have to know what the public address is of that exchange or wallet.
Importance to note:
It is highly important to note that once a cryptocurrency has been sent to another wallet or to an exchange using the public key (receive address) that the transaction cannot be undone or be reversed. Therefore, a sender must check and double-check that they have the correct intended public key before sending any cryptocurrency.
Example: Bob has written a paper letter and has sealed it up into an envelope. He then writes the intended address on the back of the envelope and posts it into a letterbox. Monuments later Bob realizes that he has made a huge mistake. He has misprinted the address on the back of the envelope, the intended address was Sydney, but he has accidentally written Melbourne on the envelope. At this point there really is nothing that Bob can do because he does not have the key to open the letterbox and retrieve back his envelope, Bob has now effetely lost his letter. The bottom line is that a sender of cryptocurrency must check and double-check that they have the correct intended public key before sending any cryptocurrency.
Is it safe to share your public key with anyone?
Yes, it is completely safe to share your public key (receive address) with anyone. This is why it is termed a “public” key and no other persons have the ability to remove or transfer any cryptocurrency assets out of another person’s wallet with just the public key alone the blockchain platform simply will not allow the transaction to occur.
Cryptocurrencies are giving people all over the world new opportunities to make life-changing wealth. They are achieving this by giving the users of cryptocurrencies more control over their individual wealth by removing the 3rd party banking system and many of the projects that they are backup by will have world-changing implications. However digital criminals are becoming extremely aware of this and over the years they have found that it is very difficult to steal assets from banks, both physically and digitally. So now these digital criminals are starting to target the individuals who own the private keys to cryptocurrencies. Therefore, it is highly recommended that any inexperienced persons coming into the cryptocurrency industry must know the basics of security when it comes to protecting their cryptocurrency. Digital criminals appear to be using social medial platforms to search and target their victims with both scamming attacks and phishing attacks. A common-sense approach would be not to advertise the fact of ownership of cryptocurrency on social medial platforms and have a good understanding of scamming and phishing tactics.
It is not recommended to keep a large number of cryptocurrency assets on a centralized exchange due to the threat of a hacking attack. The private key acts as a digital signature, whoever has ownership of the private key owns the cryptocurrency, it is highly important to keep the private key safe. The Public Key can be shared with other people as it acts as the receiving address of where the cryptocurrency assets need to be sent but is also not recommended to be shared if not necessary. Digital criminals are now targeting individuals who own the private keys. Education into the basics of cryptocurrency security is essential so that an individual does not fall victim to an attack.
Written by Rob Lavington, to check out more of his blog visit