How to Keep Your Crypto Assets Safe from Cyberattacks
By Nick Oldack, Senior Manager, Advisory Services & Kenneth J. Pia, Jr., CPA, ABV, ASA, MCBA, National Matrimonial and Business Valuation Industry Leader
Unfortunately “hacks,” “scams,” and “rug pulls” have become some of the most used terms in a digital asset investor’s vernacular. Sophisticated attacks on cryptocurrencies, non-fungible tokens (NFTs) and other digital assets are among the leading reasons cryptocurrency has not achieved mainstream adoption. This emerging asset class turns off many investors who do not have the appetite to hold such risky and volatile assets that come with numerous security concerns.
Multiple security breaches occurred in August 2022 alone, costing crypto investors millions and millions of dollars in stolen assets. In fact, two significant cyber breaches occurred within a couple of days of each other, each with significantly different methods of attack. The first involved Nomad, a startup protocol that lets users swap tokens from one blockchain to another. Hackers drained almost $200 million in cryptocurrency from Nomad in an attack that exploited weaknesses in the decentralized finance space.
In the second attack, a total of nearly $4.5 million was stolen from thousands of users’ Solana wallets. While the dollar value of this hack pales in comparison to the nearly $200 million drained in the Nomad hack, the Solana hack represents a scarier scenario for the common cryptocurrency investor. Users who lost money in the Nomad security breach actively chose to utilize a startup protocol knowing it carried increased risk. However, the Solana investors were surprised to see SOL currency and the U.S. Dollar Coin (USDC) stablecoin stolen from their wallets, despite the fact that many had not utilized those wallets or executed any transactions. A preliminary investigation showed the hack appears to be related to a security breach that occurred in Slope, a commonly used mobile Solana wallet. Based on available evidence, it seems that thousands of private keys may have been compromised. That would allow someone in possession of private key details to access Solana wallets.
It is important to note that according to the Solana Status Twitter account, “Hardware wallets used by Slope remain secure.”
What can we do as investors?
While it is impossible to alleviate all risks associated with holding digital assets, we can do our best to be responsible custodians of our assets. The status update above reassures users that Slope hardware wallets were unaffected and remain secure. A “cold storage” or hardware wallet is the most obvious safety measure an investor can utilize. A hardware wallet stores the user’s private keys in a secure hardware device that is not connected to the internet.
The two most commonly used hardware wallets are made by Ledger and Trezor. Investing a couple hundred dollars in a hardware wallet goes a long way toward preventing a security breach and the potential loss of your assets.
It is not practical to have 100% of your assets in cold storage at all times if you are an active investor transacting on a regular basis, but you can keep a large portion of your assets in a hardware wallet to mitigate the risk of being exposed to a future cyberattack.
In addition to utilizing cold storage, it is important to keep your assets off public exchanges such as Coinbase, Kucoin, etc. If something happened to these exchanges, such as a security breach, bankruptcy, etc., your assets would be at risk. Remember — not your keys, not your crypto.