Tag Archives: security

PSA: don’t store your cryptocurrency in online exchanges!

I just read this sobering tale about a guy who lost $8,000+ worth of cryptocurrency after being hacked. I’ve said it before, but this bears repeating: don’t trust anyone to hold your cryptocurrency for you. Online exchanges aren’t banks, and leaving your digital currency under somebody else’s control leaves you vulnerable to hacks like this one.

I wrote a wallet security guide a few years ago, and the basic principles are the same today: keep your coins in wallet addresses that you control, back up your wallet keys, and store multiple copies offline. If you don’t want to deal with manually securing your keys, you may want to invest in a hardware wallet (like the Trezor or Ledger Nano S—both support BTC, LTC, ETH, and other coins).

The author of the story that prompted this post offers some additional pieces of good advice, such as not making it obvious that you hold cryptocurrency on social media, and using a separate secret email address when dealing with exchanges.

Android Bitcoin & Litecoin wallets potentially vulnerable to theft due to coding flaw

Due to a serious flaw in the Java secure random number generator used by many Bitcoin applications on the Android operating system, any wallets generated by Android apps are potentially vulnerable to theft. While the advisory on bitcoin.org only mentions Bitcoin, the flawed code is also used in many Android Litecoin wallets, and probably also in whatever wallets exist for the various other cryptocurrencies.

If you have an Android wallet application on your mobile device, I highly recommend that you immediately generate a new address with the appropriate official desktop client (click here for Bitcoin and and here for Litecoin) and send all of your coins there. Do not use a cryptocurrency wallet on the Android OS until you can confirm that the version you’re using has been patched to fix the vulnerability, and discard any previously-generated wallet addresses permanently.

Update 8/12: The BBC has posted an article on the issue.

Update 8/14: And the first confirmed thefts due to the bug are starting to be reported.

Guide: Cryptocurrency Wallet Security

Litecoin walletSo you’ve built your own mining rig, you’ve mastered the art of trading for profit on the cryptocurrency exchanges, but you haven’t given much thought to securing your digital fortune against theft and accidental loss? Don’t worry, you’re not alone. Wallet security isn’t exactly a glamorous topic. In fact, many of you might even assume that you don’t need your own wallet at allafter all, mining pools and currency exchanges are more than happy to hold your money for you, right?

Letting somebody else control your money is a mistake that will likely end up costing you at some point. That mining pool operator that you assume is trustworthy could very well be a teenager halfway around the world that has no problem stealing your coins. The various digital currency exchanges are unregulated, not necessarily secure, and a daily target for hackersgood luck getting your money back when one is breached or goes belly up.

Since it’s still basically the Wild West when it comes to cryptocurrencies, the only way to ensure that your digital wallet can’t be stolen or lost is to secure it yourself. Thankfully, this isn’t all that difficult if you follow a few basic rules. Read on for the guide.