- >News
- >Is Your Crypto at Risk? Take This Quiz and Find Out!
Is Your Crypto at Risk? Take This Quiz and Find Out!
Taking your first steps into the crypto world can be terrifying and liberating. It can also become easy to forget that just because something is peer-to-peer and trustless, some important security risks can still be at play.
Before you make that first transaction, you should probably spend a little time understanding the counterparty risks of the software or hardware you are engaging with.
Luckily, we have compiled a list of five of the most common security techniques people use and ranked them (from 0-20 with 20 being the highest possible score) so you can see for yourself just how secure your digital assets are.
1. Custodial Exchanges and Third-Party Providers
This is the easiest on-ramp and introduction for most people. Crypto can be intimidating, and many people merely want access to it as an investment opportunity rather than to understand its potential real-world utility.
These providers are an intermediary service between crypto and the end user that holds assets on the user’s behalf—the largest of which you may recognize. Companies like Crypto.com, Binance, Coinbase, and Kucoin have offered tens of millions of people an easy entry point to the space while proving to be reliable custodians.
While all of these offer a plethora of great investment tools for their users, there is still one glaring security risk. The custodial aspect of their operation creates a central point of failure. We need only look at the collapses of Mt.gox, QuadrigaCX, Celsius, and most notably, FTX as examples of what happens when these intermediaries turn bad. Always remember, not your keys, not your crypto.
Keep in mind this is the default way of storing crypto and arguably the least secure method. On the other hand, if you can’t be trusted with securing your own crypto then you’ll have to trust an exchange to hold it for you.
Score: 4/20
2. Web Browser Hot Wallets
Web browser wallets provide a lot of utility to the space, from everything to engaging with DeFi protocols, buying and selling in NFT marketplaces, and growing a Web3 social profile. Some of the recognizable wallet brands you may be familiar with are Metamask and Brave Wallet.
Web Browser wallets have less counterparty risk than custodial exchanges because the user ultimately retains control of their keys.
Yet, they are not completely risk-free. Users are still at the mercy of the developers’ compliance with regulatory bodies in the countries they operate. Last year, compliance with OFAC regulations meant that Metamask users in countries sanctioned by the U.S. were abruptly locked out of their accounts. Users in countries like Iran, Russia, and Venezuela that need access to crypto’s borderless and permissionless payment infrastructure the most were locked out.
In addition hot wallets are often a target for online scammers and you’ll need to be vigilant (especially when it comes to emails or messages from unknown parties). Here’s a look at some of the common crypto scams.
Score: 10/20
3. Desktop Wallets
One of the less utilized forms of storage, desktop wallets offer users a unique crypto security approach. These wallet apps are specifically designed to operate on computer desktops and offer some unique features that other wallets do not.
All desktop wallets can provide the same simple payment verification function as the other wallets covered here, while specific desktop wallets can operate as full nodes with trading and staking options on top of this function. Some of the most recognizable desktop wallets are Electrum, Exodus, and Guarda.
Desktop wallets are slightly more secure than browser wallets because they interact less with websites. They are still hot wallets, however.
The main security flaw with desktop wallets is that they create a central point of failure and are ultimately only as secure as the desktop itself. They are more prone to malware, keyloggers, and hacking attempts when compared to hardware wallets, but potentially more secure than web browsers and aren’t as reliant on the developer.
Score: 12/20
4. Cold Hardware Wallets
Considered the gold standard of crypto storage, these wallets eliminate much of the counterparty risk by their design. They are non-custodial in nature, so the user retains their private keys, and equally important, they are stored offline on a separate piece of hardware. Notable hardware wallet manufacturers are Ledger, Trezor, Bitbox, and NGRAVE.
However, by reducing the counterparty risks of being non-custodial, the onus of the security is completely on the individual user. You become your own bank, but along with that comes the responsibility of securing your private keys. The greatest security risk to cold storage hardware wallets is how their private keys are stored.
There are numerous stories of early adopters losing the drives or paper wallets in which their keys were stored. Famously, a Welsh computer engineer named James Howells accidentally lost over 8000 bitcoins in 2013 during an office cleanout. Ultimately, this is an issue of human error rather than anything related to the hardware, and these wallets still remain some of the most secure on the market.
It is also important to note that despite their reputation and design, they are not completely without counterparty risk. Earlier this year, Ledger announced a software update on their devices that would enable any user who wanted the ability to back up their keys through a new Recover feature. The devices were always marketed as being inaccessible to the manufacturer, so the announcement left many community members reeling and feeling that it was a breach of trust.
Score: 17/20
5. Multisig
One of the most important yet overlooked security techniques many people ignore. Multisig puts an added layer of security on any transaction by requiring two or more signatures to approve it.
Multisig is effectively a form of 2FA security for any account that ensures that even if the wallet a user engages with has been compromised, there is still a last line of defense. A hacker may gain access to the account, but they would be unable to transfer assets without at least a secondary signature approving the transaction.
The downside is that it can add friction to the equation and make fluid transactions cumbersome. Yet, that is the trade-off: security over convenience.
Score: 20/20
Honorable Mention: Whitelist Addresses
This is simply the process of only allowing transactions to approved addresses from your wallet. Most exchanges and wallet providers offer this service to their customers as an added security feature.
In addition to having an approved whitelist of withdrawal addresses, adding a new address to this list typically has a waiting period and notification to the account holder. This allows the owner time to prevent non-approved transactions from going through.