Thousand-character long text: How to ensure the security of your encrypted assets in the time of CEX crisis?

吴说

特邀专栏作者

2022-11-14 02:25

This article is about 9403 words, reading the full article takes about 14 minutes

Raise security awareness

Original author: Binance team

Original compilation: Wu said

Security is paramount. While this is an obvious fact, it pains me to see the lack of security awareness among most common people. And many experts think that everyone has a deep understanding of security issues, and then design or recommend some advanced features, these features are not only difficult to use, but also easy to screw up if you are not careful, which also makes me very painful. Security is a broad topic, and while I'm not an expert in many related fields, I've seen many people run into security issues. Recently, the price of cryptocurrencies has risen, market activities have become more frequent, and many new entrants have returned to the field of cryptocurrencies. In this article, I will do my best to explain some of the security concepts that are relevant to holding cryptocurrencies in plain language. They include:

1. Some basic concepts about security

2. Should we/shouldn’t we own cryptocurrency, how should we hold it

3. Do we/don’t hold cryptocurrencies on trading platforms, how should we hold them

4. Other Topics

First, no transaction is 100% secure. For example, if an asteroid hits the earth one day, no matter which way you save, your funds are unlikely to be safe. Yes, you can store money in space, but how long will that savings last? And if the earth is gone, is its value still there? Maybe by then, you've stopped caring about it. So, when we talk about security, we're really asking the question: "Is this safe enough?"

So let's first define the concept of "safe enough". It is defined differently for different people and for different purposes. If you store $100 in a consumer wallet, you probably don't need super security, a mobile wallet will do. But when it comes to millions of dollars, or money that's at stake, you need stronger security measures. In the following content, we will discuss the safety and security issues of larger amounts of funds.

To keep your cryptocurrencies safe, you only need to do the following 3 things:

Prevent others from stealing.
Prevent yourself from getting lost.
Find a way to transfer funds so that they can be transferred to loved ones in case you are no longer around.

Sounds easy, right? But it takes a certain amount of knowledge, hard work, and intelligence to actually do these 3 things, and most people either don't understand or ignore them.

Let's expand on it below.

Do we/don’t own cryptocurrencies, how should we hold them

"My Keys, My Funds". Is it really?

Many genesis cryptocurrencies insist that they are safe only if they hold the cryptocurrencies themselves, but they never consider how much technical difficulty it is for ordinary people to do so. Is this really the best advice? Let's discuss this practice now.

Let me ask you a question first: What does a Bitcoin private key look like? If you don't know, please read on.

The bitcoin private key looks like this:

KxBacM22hLi3o8W8nQFk6gpWZ6c3C2N9VAr1e3buYGpBVNZaft2p

It's just a string of numbers and letters. Possessing it enables the transfer of bitcoins through that address.

Another concept is "mnemonic", which consists of 12 or 24 English words combined in a specific order. They can be used to generate a series of private keys. Many wallets use mnemonic phrases. In the following content, we will use the term "private key", but most of the processes and related recommendations mentioned in the article are also applicable to "mnemonic phrase".

Back to the topic. To keep your cryptocurrency holdings safe, you need to:

1. Prevent others from obtaining your private key; prevent hacker attacks, prevent computers from being attacked by viruses and network attacks, etc.

2. Prevent yourself from losing your private key; back up your data to prevent loss or device damage, and make backups.

3. Find a way to transfer funds and, in the unfortunate event of your death, transfer your private keys to your loved ones. The prospect is less than pleasant, but as responsible adults to our loved ones, we must manage the risk.

Let us analyze them carefully.

1. Prevent others from obtaining your private key

This is an obvious risk. We've all heard about hackers, viruses, Trojans, and more. We don't want any of these things anywhere near where we store our tokens.

To do this adequately, our device cannot be connected to the internet and cannot download any files from it. So how can we send and receive cryptocurrencies in a secure manner?

Let's talk about some of the different devices that can be used.

A computer is one option, and it's usually more feature-rich. If a computer is used to store tokens, the computer cannot be connected to the Internet, or any other network for that matter. Once connected to the network, hackers may exploit vulnerabilities in the operating system or other application software to find opportunities for attack. Be aware that all software has bugs.

So, if the computer is not connected to the network, how can we install software? We can use CD ROM or U disk, and install at least 3 kinds of antivirus software to make sure they are clean. Download the software (operating system or wallet) to the U disk, wait for 72 hours, and constantly check the update notification to ensure that the downloaded software or the website where the software is downloaded has no security issues. It is very common that the official website is hacked and the download package is replaced by a Trojan horse. We must go to the official website to download software. In addition, using open source software can also reduce the chance of worms. Although we are not programmers ourselves, open source software has been checked by other programmers and is less prone to worms. Therefore, we should use a stable version of Linux (not Windows or Mac) as the operating system, and only use open source wallet software.

After installing all the software and operating system, we can use a clean USB flash drive to sign transactions offline. For different wallets, the operation methods are also different, which is beyond the scope of this article. With the exception of Bitcoin, many other coins do not have wallets that allow offline signing.

At the same time, we need to ensure the physical security of the equipment used. Because if someone steals this device, he can directly enter this device. Therefore, we want to make sure that the hard drive is strongly encrypted so that even if someone gets hold of the hard drive, there is no way to read it. Different operating systems have different encryption tools. Hard drive encryption tutorials are also outside the scope of this article, but can be easily found online.

If the above things are done well, you may not need to read the following content. But if that's not your thing, there are several other options.

The next option is cell phones. Now, non-rooted/jailbroken phones are much more secure than computers because of the sandboxed design of mobile device operating systems. There are too many versions of the Android system, and it is impossible to track them all, so I usually recommend using the iPhone. We should have such a mobile phone, which is only used for wallet installation and not for any other purposes. The phone is supposed to be in airplane mode at all times and only turned on when making wallet transactions. I also recommend getting a separate SIM for this phone and only using 4G for internet access. Never connect to any WiFi. Connect to the network only for transaction signing and software upgrades. If the amount of funds in the account is not too large, it is generally no problem to do so.

Some mobile wallets have an offline signature function (by scanning the QR code), so that our mobile phone does not need to be connected to the Internet during the process from the completion of the wallet App download to the generation of the private key. This way we can ensure that the private key never exists on a mobile phone that is connected to the Internet. Doing so prevents the wallet app from being hacked by a worm, or sending data back to the developer. These situations have happened to many wallets before, even the official version is no exception. But the disadvantage of this is that we cannot upgrade the wallet App or operating system. Upgrading the software involves installing the latest version of the app on another phone, putting it into airplane mode, generating a new address, backing it up (more on that later), and sending funds to the new phone. Doing so is cumbersome. Also, the number of coins/blockchains supported by these wallets is limited.

At the same time, we also need to ensure the physical security of the mobile phone. While the latest version of the iPhone's hard drive is fully encrypted, there are also allegedly devices that can unlock the iPhone by cracking the pin code.

hardware wallet

We can also use hardware wallets. These devices are designed to permanently store private keys so that computer backups are not required. Transaction signing is also done directly on the hardware. But not everything is 100% perfect. Hardware wallets may also have hardware and software vulnerabilities. There are many different hardware wallets on the market. We generally recommend choosing those with a longer history and a better brand name, as they have been more tested. Among the two mainstream hardware wallet brands, there have been different reports that one of them can easily obtain the private key once hackers get it. Therefore, we must ensure their physical security. In addition, almost all hardware wallets need to interact with computer (or mobile phone) software to complete the operation. Therefore, we have to ensure that the computer is virus-free and hacker-free. Some viruses can change the destination address to the hacker's address at the last moment of the transaction. Therefore, we need to carefully verify whether the destination address of the transaction is correct on the device. Even so, securing your computer is a must. With a hardware wallet, it is true that some of the simplest operations of hackers stealing private keys can be avoided, but I still strongly recommend preparing a clean computer as a dedicated computer and turning on all firewall functions. But in general, if you want to hold tokens yourself, hardware wallets are a good choice. But it is more troublesome to save the backup, which we will talk about in the next section.

There are many more types of wallets and devices. I can't introduce them all here, but the above are the most standard types. Now that we have discussed how to reduce (rather than eliminate) the probability of being stolen by others, we have already answered 1/3 of the question of how to hold tokens by yourself.

2. Prevent yourself from losing your key

We may encounter situations where the device storing the tokens is lost, or the device is damaged. Therefore, we need:

backup.

There are many different methods here too. Each has pros and cons.

There are also many methods of backing up, and each has its pros and cons. But basically, what we want to do is multiple backups in different geographical locations, and not be seen by others (encrypted).

We can write it down on a piece of paper. Some wallets that use mnemonics will recommend this method, because it is relatively easy to write down 12 or 24 English words. But for the private key, it is easy for us to get the capital wrong, or the handwriting is too illegible (for example, O and 0 cannot be distinguished), and it is difficult for us to figure out what went wrong later. However, there are many more serious problems with paper notation. These papers may be:

lost – lost with other paper
Destroyed – burnt by fire or washed away by flood
Easily read by others – no encryption

Some people deposit key slips in a bank vault, but for the reasons above, I generally don't recommend it.

Don't assume that taking a photo (or screenshot) of the note or uploading it to the cloud is a safe backup. If hackers attack your mailbox or computer, they will have no trouble finding your key. In addition, cloud service providers may also make multiple backups of it and store it in different places, and their employees may also see this information.

Some specially designed metal tags can be used to store mnemonic backups. These metal tags are essentially indestructible, so the risk of fire or flood is largely avoided. However, it doesn't solve the problem of missing or easily readable entities. Many people store metal tags in a bank vault, often with gold and other metals. I guess people who like to buy metal products are prone to do so. If you take this approach, be aware of its limitations and risks.

What I recommend is to use several USB sticks. But it doesn't require any technical tricks (typical "design for experts" fallacy). There are anti-shock/waterproof/fireproof/antimagnetic U disks on the market. We can store encrypted versions of private key backups on several of these USB sticks and store them in different locations (friend's house or relative's house). This solves all the problems mentioned earlier: multiple locations, not easily damaged or lost, not easily read by others. The key to doing this is strong encryption. There are many corresponding tools on the market, and they will continue to become more advanced. VeraCrypt is one of the entry-level tools, and the level of encryption is not bad. Its predecessor, TrueCrypt, was popular for a while, but was later found to have some security flaws in peer review, so development was stopped. Therefore, we recommend users to learn about the different products and choose the best and latest encryption tool for themselves. Also, don't give anyone your backups, even encrypted ones. In addition, we also recommend to perform a private key rotation (i.e. generate a new private key and send funds from the old address to the new address) every once in a while.

3. Provide security for loved ones

Humans cannot live forever. So we need succession/estate planning. In fact, cryptocurrencies can make wealth inheritance easier and reduce third-party intervention. Again, there are a few different ways to do this:

If you're using a low-security note or metal tag, it's fine to just hand it over to your heirs. But of course there are some potential downsides. If they are too young or not skilled enough, they may not keep backups properly. If security is screwed up by them, hackers can easily steal funds through them. In addition, heirs can take your funds at any time. As for whether you want them to do this, it depends on the trust relationship between you.

I strongly recommend avoiding sharing private keys with others, no matter how close you are. The reason is simple, in case funds are taken/stolen, there is no way to determine who is doing it, or who is keeping it improperly, which can cause confusion.

We can put a note or a metal tag in a bank vault, or give it to a lawyer. However, as mentioned above, if someone passing through gets the key, they can take the funds without leaving a trace. This is completely different from the fact that lawyers need to go to the bank to transfer funds to the heirs.

But if we use the U disk method mentioned above, we can transfer funds more safely. But this will require more setup steps.

There is an online service called Deadman's switch. They will send text messages/emails to users on a regular basis (for example, a month), and users need to click on a link or log in to reply. If there is no reply within a certain period of time, the account will be considered as a "dead person", and the system will automatically send emails one by one according to the recipients and content set by the user. I don't recommend this kind of service, but if you are interested, you can go to Google to find out and try it out. In fact, Google itself has such a service. Among its many settings, there is an option that allows other people to access the account if the user has not logged into the account for more than 3 months. I haven't tried this option personally, so can't comment. Please also check for yourself. If you're thinking, "Oh, that's great, I just put the key in the mail and pass it on to my kids." Then please read this article again from the beginning.

You might be thinking, I can put the passphrase I use to encrypt the USB stick in the email so my partner or kids can unlock it. That's pretty close to being the right thing to do, but it's not enough. Just as we can't keep passwords with backups on internet servers, as this would greatly weaken the security of the backups/funds.

If you're thinking, I can scramble/encrypt the email containing the password for the USB drive, set another password, and tell my loved ones. You are right to think so. In fact, you don't need a second password. At this point, you can use a tried and tested encryption tool called PGP (or GPG). PGP was in fact one of the early adopters of asymmetric encryption (in the same way Bitcoin does). Here, I will not introduce the PGP usage tutorial, which can be found on the Internet. The bottom line is, have your partner or child generate a PGP private key that belongs to them, and you use their public key to encrypt "dead man" messages. This way, no one can read the content of the message except them. This way is relatively safe, but it requires them to ensure the security of PGP private keys and not lose them. Of course, they also need to know how to use PGP mail, which requires certain technical content, and the process is relatively complicated.

If you understand the above advice, your ability to hold large amounts of cryptocurrency on your own is at a basic level (rather than an advanced level). Regarding some of the problems mentioned above, we still have many solutions that can be explored, including multi-signature, threshold signature, etc., but they belong to a more advanced guide. In the next section, we'll explore:

Use the trading platform

"Exchange" in this article refers to a centralized exchange that hosts funds.

After reading the previous part of the article, you might be saying, "Oh my god, that's such a hassle. I'll just deposit my tokens on the exchange." However, exchanges are not without risk. Although the trading platform is responsible for the custody of funds and system security, we still need to do some operations to ensure the security of our accounts.

Only use large and reputable trading platforms

There is counterparty risk in the trading platform. A lot of small/new exchanges may start out as an exit scam. They will run away after collecting deposits from users. So, be sure to stay away from exchanges that are “not for profit” with zero transaction fees, heavy discounts and/or rebate rewards. If the goal of these platforms is not to generate regular business income, then your money may be their only goal. Formal security measures require a large amount of investment, so the platform is required to have a sustainable business model. When it comes to security, don't skimp on your assets. Big, profitable exchanges don't create exit scams, they don't have the drive to do so. If a platform is profitable, has a sustainable business model, and has a multi-billion dollar business, what reason is there to steal a few million dollars and then live in hiding and fear?

Large trading platforms have also undergone more tests in terms of security. Yes, large platforms are easier targets for hackers, which is also a risk. But hackers also target smaller platforms, some of which are easier to come by. Large trading platforms usually cooperate with 5-10 external security companies in rotation to conduct penetration testing and security testing.

Keep your account safe

Account security is obviously important when using a trading platform. Let's start with some basics.

1. Keep your computer safe.

Typically, a computer is the weakest link in the security chain. Whenever possible, use a dedicated computer to log into your trading account. Install commercial antivirus software on your computer (yes, security requires investment) and keep the amount of crapware to a minimum. Turn on all firewall functions.

Use another computer for playing games, surfing the Internet, downloading, etc., and all antivirus software and firewalls are turned on. Because the virus on this computer is very likely to allow hackers to invade other computers on the same network. So, make sure this computer is also clean.

Avoid downloading files

Even if you don't have a wallet installed on your computer, I strongly recommend not downloading any files on your computer or phone. If someone sends you a word file, ask them to send it as a Google doc link. If sending a PDF, open it in your browser with Google drive, not on your computer. If they send you a funny video, ask them to send it to you as a link on the video platform. Yes, I know it's a hassle, but security guarantees don't come for free, and lost funds can cost real money. View all files in the cloud, do not download anything locally.

In addition, please turn off the "auto save photos and videos" function of the instant messaging software. Many software have default settings for automatically downloading emoticons and videos, which will have an impact on security.

The software should be upgraded in time

OS upgrades are annoying, I know, but upgrades close discovered security holes. Hackers will also pay attention to these upgrades, and use these discovered vulnerabilities to invade the computers of users who are lazy to upgrade. Wallet software or trading platform apps usually follow the same pattern. So, make sure you are using the latest version of the software.

2. Ensure the security of email accounts.

I recommend using a Gmail or Protonmail account. These two mail service providers are generally more secure than others. We've seen more security incidents on other email platforms.

I strongly recommend users to create a dedicated email account for each trading platform and use some obscure name. In this way, even if other trading platforms encounter security incidents, your account in Binance will not be affected. This also reduces the chances of email phishing scams.

Enable 2FA service in the mail service. I highly recommend using a Yubikey. It can defend against many types of hacker attacks, including phishing sites, etc. We'll talk more about 2FA later.

If SIM swapping scams have occurred in your country, please do not bind your phone number as a means of email account recovery. We’ve seen many victims of SIM swap scams suffer from email account password resets and accounts being hacked. Generally speaking, I do not recommend binding between mobile phone numbers and email accounts. Please separate them.

3. Ensure password security.

Configure a unique strong password for each platform account. Don't be afraid of forgetting your password. Just use a password management tool. For most people, LastPass or 1Password will do just fine. Both of these software integrate well with browsers, mobile phones, etc. Both claim to only store passwords locally, but sync between devices using only encrypted passwords. If you want a more professional tool, you can use KeePass, or use its version for your operating system. KeePass only stores information locally. There's no syncing between devices, and there's little mobile support. It's open source, so there's no need to worry about security holes like worms. Please do your own research and choose a tool that suits you. But don't use simple passwords or use the same password on all platforms just because it "saves time". Be sure to use a strong password, otherwise, the time you save could come at the cost of a lot of money.

With these tools, if your computer still has a virus, you're screwed. So, use good antivirus software and keep them running.

4. Enable 2FA verification.

I highly recommend turning on 2FA (Two-Factor Authentication) verification immediately after creating your Binance account, and if you haven’t done it before, do it now. Because 2FA codes are usually stored on phones, they can provide a degree of protection when emails and passwords are hacked.

However, 2FA does not provide complete protection. For example, if a computer virus steals email addresses and passwords, it can go on to steal your 2FA codes by tracking your 2FA code keystrokes. For another example, if you enter a phishing website and enter your email address, password, and 2FA code, the hacker can use these information to log in to your real Binance account at the same time. There are so many possible situations that we cannot list them all. Therefore, we still have to protect our computers and beware of phishing websites (more on this later).

5. Install U2F.

U2F is a hardware device that generates a unique time-based, domain-specific code. Yubikey is arguably the most suitable device for U2F. (Although many hardware wallets can also use U2F, the user experience is not so good. Apps need to be installed, and the entire operation process is relatively slow.)

U2F has three major advantages. First, it's hardware-based, so secrets stored on the device are nearly impossible to steal. Second, it is domain specific. It protects you even if you end up on a phishing site by accident. Finally, it's very simple to use.

Based on the above reasons, I strongly recommend that you bind your Yubikey to your Binance account. It offers one of the best safeguards against hackers stealing your funds.

At the same time, please also bind Yubikey with Gmail account, LastPass and other supported accounts to ensure the security of these accounts.

6. Stop using SMS verification.

There was a time when SMS verification was all the rage. But times have changed. As SIM swapping scams become more frequent, we recommend that you stop using SMS authentication and switch to the above-mentioned 2FA or U2F authentication methods.

7. Create a whitelist of withdrawal addresses.

We strongly recommend using Binance's withdrawal whitelist feature. After opening, users can quickly withdraw cash to the verified address, and it is more difficult for hackers to add a new withdrawal address.

8. API Security

Many of our users use the API for transactions and withdrawals. Binance provides different versions of the API, and the latest version supports asymmetric encryption, that is, we only need to know the user's public key. This way, the user keeps the private key for themselves and only provides us with the public key information. We determine order ownership through the public key and never ask for the user's private key. Please keep your private key safe.

If we use a trading platform, we don't need to back up the API as we do to hold our own currency. If your API key is lost, you can always create a new one. Just make sure no one else has your API key.

9. Complete the L2 layer KYC verification.

One of the best ways to ensure account security is to complete L2 layer KYC verification. This way we know what you look like and can be verified with advanced automatic video verification technology when our big data risk engine detects account anomalies.

10. Keep phones and other devices physically secure

Be sure to keep your phone safe. Because your email App, Binance App, your 2FA password, etc. may be installed on your phone. Don't jailbreak your phone. That would greatly reduce security. In addition, it is necessary to ensure that the mobile phone is not lost and add a screen lock. The same goes for other devices. Make sure they don't fall into the wrong hands.

11. Beware of Phishing

Beware of phishing. These behaviors usually occur in emails, messages, or social media. After clicking the link, a page that looks like Binance website will pop up, which will ask you to enter ID information, etc., hackers can use this information to enter your real account. Binance account.

We can avoid scams just by being careful. Do not click on any links in emails or social media pages. Enter the web page address manually when entering the Binance website, or use a bookmark. Do not share email addresses with others. Do not use the same email address for different sites. Be careful if strangers (especially CZ or similar names) contact you out of the blue on telegram groups, instagram.

Overall, as long as you follow the above recommendations, your Binance account will be relatively safe.