How to secure your digital currencies? Bainance CEO responds

 

Securing digital currencies is one of the main challenges in this area. In the world of crypto, everyone is their own personal bank and the responsibility for the assets is at its highest. In a detailed article, Changpeng Zhao, CEO of Bainance Exchange, describes everything you need to know to keep your digital assets safe. After reading the following article, you will get acquainted with all the ways to maintain the security of your digital currencies and user accounts in this field. Despite the obvious importance of security, there are many people who do not take this issue seriously in their daily lives. On the other hand, we see that security experts think that ordinary people have a deep understanding of security issues, and based on this way of thinking, they design systems that are very difficult to work with and have a lot of complexity. Security is a very broad issue, and I (CEO of Bainance) do not specialize in many areas of security, but I have seen a lot of people have problems with this. we are seeing a large number of newcomers enter the field. In this article, I want to explain in simple language the security concepts related to the field of digital currencies. In the following four main chapters, we will address the issue of security:

Basic concepts of security

Why and how should you keep your currencies?  Why and how should you keep your currencies with centralized exchanges? First of all I have to say that nothing is 100% safe. For example, if a meteorite hits our small planet, it does not matter how you maintain your assets. You might say they can be stored in space, but how long do they last? Or will these investments be worthwhile when there is no more land at all? It will definitely not matter much at that time. I said all this to answer the question of whether there is a concept called "sufficient security." Let's first define "adequate security". The concept of adequate security will be different for everyone, depending on the type of use and its purposes. If you have only $ 100 in your wallet for everyday shopping, you definitely do not need to take strict security measures for your wallet. But if you save a few million dollars or all of your life savings in one wallet, then security measures should be even stricter. In the rest of this article, we assume that you have a significant amount of digital currency and want to maintain its security. To secure your digital currencies, it is important to remember the following three points: You must prevent the theft of funds. You should not miss them. When you die, there is a way for the funds to reach those you love. As simple as it may seem, doing all three requires knowledge, effort, and perseverance that most people either do not have or often do not take seriously. Let's get to the point. Why and how should you keep your currencies? Do's and Don'ts Many digital currency enthusiasts believe that their currencies are safe only when they are in front of you, but they do not consider how technically difficult and confusing it can be to technically maintain such assets. Is keeping digital currency with you the best option for you? Let's take a deeper look at it. At the outset, I ask you, do you know what a bitcoin private key looks like? If you are unsure, then continue reading this article.

Bitcoin private key is something like this:

KxBacM22hLi3o8W8nQFk6gpWZ6c3C2N9VAr1e3buYGpBVNZaft2p

Yes, that's right, the same string of characters forms the private key of Bitcoin; Anyone with this text string can move whatever bitcoins are stored inside an address. Another concept you should be familiar with is the phrase "Seed Phrase". Seed is a string of 12 to 24 English words arranged in a special order. Sides are used to produce private key sets. Many digital currency wallets use CDs. I will use the term "private key" below, but you should know that most of the mechanisms and information that I provide to you must be followed in connection with the Sides. Let us return to our main discussion; To keep digital currencies safe, you need to do the following: Do not allow others to access your private keys; Prevent hackers, protect computers against viruses, protect the Internet and… Do not lose your private keys; Includes backing up when your devices are damaged and keeping them in a safe place. Create a way to transfer private keys at death; This is not very pleasant, but since we are adults and we are responsible for those we love, we must consider this possibility and prepare for it. In the following, I will explain each of the sections in detail.

Prevent others from accessing private keys

You must have heard of hackers, computer viruses, trojans and the like. The truth is that you do not want any of them to fall into the trap of storing your own currency. If you want to make sure that your device does not have such problems, you should never connect it to the Internet and download a file using it. Now the question arises how to securely receive and send our digital currencies using a device like this?

Let's look at the different devices you can use.

A personal computer is the most likely option to use. If you use a computer to store your currency, it is best not to connect it to the Internet or any other network. If your computer is connected to the Internet, it is possible that hackers could infiltrate your computer using operating system bugs or some of the software on your device. Software is never buggy. So now that the device can not be connected to the Internet, how do we install the required software on it? Use CDs or flash drives, but before that, make sure that their contents do not contain malicious files. Use at least 3 different antivirus programs to scan your CD or external storage to make sure there are no malicious files in them. Download the software (operating system or wallet) you want and transfer it to your flash drive. Before hitting the computer, check the news for more security to make sure there are no security concerns about the software you downloaded or the website you downloaded from. Keep in mind that official websites have been hacked many times and their files have been replaced with files containing trojans. However, you only need to download your files through official websites. In addition, to reduce the chances of being in the back-door in connection with these softwares, make sure that the software is open source. In this case, even if you are not familiar with coding yourself, other programmers will check the software and therefore be less likely to be infected. In other words, for complete security, you should use a stable version of Linux (not Windows or Mac) and an open source wallet software. Windows and Mac are not open source, which increases the risk. Once you have everything installed, use a virus-free flash drive to sign offline transactions. This option depends on the type of wallet you have, which we will not discuss in this article. With the exception of Bitcoin, many digital currencies do not have wallets that can be signed offline. The online signature method is that you sign the transaction offline on your computer without an internet connection and then send the signed transaction to the network using a computer connected to the internet. In addition, you must ensure the physical security of your device. If someone steals it from you, then they will have access to it. Therefore, make sure that your disk is properly encrypted, in which case if someone has access to your hard drive, they will still not be able to recover its data. Different systems, tools. Some wallets allow you to sign transactions offline using a QR code, so you can be completely offline after completing the wallet installation and generating private keys. This will ensure that private keys are never placed on a phone that is connected to the Internet. This feature is valuable when the wallet secretly sends information to the developer. We have seen this happen several times in the past, even in the official versions. You will not be able to upgrade your wallet or operating system software. You must use another mobile phone to upgrade; Install the newer version of the wallet on it, put it on flight mode, create a new address, back up that version, and then send the currencies to the new phone. Of course, this method will not be to your liking and is very time consuming and few currencies/block-chains have wallets with this feature. It is important to keep your cell phone physically secure. Although the new iPhone hard drives are said to be fully encrypted, reports suggest that certain devices could break the phone's hard drive encryption if there is physical access to the phone.

Hardware wallets

These devices are designed to ensure that your private keys are never removed from the device. For this reason, by connecting them to a computer, no copy (either encrypted or routine) will be stored on the computer. The transaction is signed inside the machine. But nothing is 100% safe. Such wallets may have bugs in their firmware, software, or other components. There are many hardware wallets on the market and it is recommended to use wallets that have a proven brand and have passed the test. There are reports that one of the two most popular brands in hardware wallets has a bug that, if physically accessed, could steal the user's funds. Therefore, you need to make sure that you maintain it safely. In addition, almost all hardware wallets require interaction with your computer or mobile phone. Here you need to make sure that your computer or mobile phone does not have a security flaw or virus. Some viruses change the location of the address you want at the last minute with the hacker address, so when confirming the transaction, be sure to watch out for such viruses and check the incoming addresses before confirming the transaction. When using a hardware wallet, you are also responsible for securing your computer. Of course, such wallets prevent many common attacks to steal private keys, but still, the importance of protecting the computer is not diminished. Always make sure your firewall is in the strictest condition. These wallets are a good option if you want to keep your currencies in front of you. Some wallets allow you to sign transactions offline using a QR code, so you can be completely offline after completing the wallet installation and generating private keys. This will ensure that private keys are never placed on a phone that is connected to the Internet. This feature is valuable when the wallet secretly sends information to the developer. We have seen this happen several times in the past, even in the official versions. You will not be able to upgrade your wallet or operating system software. You must use another mobile phone to upgrade; Install the newer version of the wallet on it, put it on flight mode, create a new address, back up that version, and then send the currencies to the new phone. Of course, this method will not be to your liking and is very time consuming and few currencies / blockchains have wallets with this feature. It is important to keep your cell phone physically secure. Although the new iPhone hard drives are said to be fully encrypted, reports suggest that certain devices could break the phone's hard drive encryption if there is physical access to the phone.

Hardware wallets

Do not lose your private keys. The device in which you store your currencies may be lost or damaged. To overcome these problems, we will discuss the appropriate solutions:

Backups

There are many ways to do this, and each has its own strengths and weaknesses. Basically [all] you have to do is make multiple backups, in several different places that can not be seen (encrypted) by other people. You can write your backup on a piece of paper. It is very easy to write 12 to 14 English words on paper. However, in the case of direct storage of private keys, it is possible that the letters may not be read correctly due to the large number of lower and upper case letters in the private key or bad handwriting. For example, the number 0 may be confused with the letter O. Other paper problems include: getting lost; For example, among other papers to get hurt; For example, catching fire or getting wet. Other people can read it and it is not encrypted. Some people use banknotes to hold the paper on which they write their private keys. For the reasons I mentioned above, I do not recommend this method. Do not take photos, pictures or screenshots of this paper (digital or physical), do not place them in your cloud storage space (such as Telegram) and do not think at all that this will provide a secure backup of your private keys. If a hacker hacks into your email account or your computer, they will easily find them. Also keep in mind that your cloud storage service provider may have multiple copies of your data at several points, and that employees or at least some of their employees may be able to view these files. Some metal tags are also made for storing and backing sidewalls. Such labels are designed to protect against physical damage, which eliminates the dangers posed by disasters such as floods and fires. But still, if someone has access to them, there is a risk that the Seeds will be stolen. Here, too, some people even put their metal tags inside bank safe deposit boxes next to their gold and precious metals. I think for those who are fans of [precious] metals, putting assets in safe deposit boxes is an easy option. If you use this method to secure your assets and assets, be aware of the limitations and risks associated with it. I suggest using some flash memory, but this method requires some technical knowledge (this method is one that is useful for tech enthusiasts). There are several USB models on the market that are resistant to water, electric shock, fire and magnetic waves. You can use these memories to store encrypted copies of your private keys and then place them in several different places (for example with friends or acquaintances). By doing this, all the things we mentioned at the beginning will be fulfilled. In this case, the keys are not easily damaged, others can not easily read their contents and are located in several different places. The key to using this method is strong key encryption. Many tools on the market take a long time to encrypt. Vera-crypt is a beginner-level tool that gives you an acceptable level of encryption. According to companies specializing in this field, the previous version of this software called True-crypt, which was also very popular among people, had security vulnerabilities; As a result, its development was halted. Therefore, it is recommended that you research this yourself and find the best up-to-date encryption tool. It is also important to note that even if you have encrypted your backup, do not share it with anyone. It is recommended that you change your private keys at regular intervals. This is done by generating new keys and transferring funds.

Transfer of funds at death

Because our lifespan is limited, planning for the property and how to deliver it to the heirs is essential. The truth is that digital currencies allow you to transfer your wealth to heirs with as little interference as possible. Like the previous sections, there are several different ways to do this. If you use the not-so-secure approach of paper wallets or metal labels, all you have to do is give them to the people you love. Of course, there are weaknesses in this case as well. They may not have the tools to secure a copy of the backup, for example, they may not be very familiar with how the technology works or they may not be very old. If they have done little to address security issues, a hacker can easily use this vulnerability to steal your funds and wealth. Remember, too, that they can take your capital at any time! Depending on your relationship with them, this can be against your will. I strongly recommend that you do not share your private keys with different people, no matter how close the relationship; Because if these funds are stolen or transferred to another account, there will be no trace of them that you want to use to track your funds. You also have the option of giving your paper or sticker containing your private keys to a lawyer or bank teller. But, as we mentioned earlier, if anyone gets their hands on your keys during this time, they can transfer funds without any specific rejection. Doing so is different from the case where your lawyer transfers your account balance to the heirs' account after going to the bank. If you want to use the flash memory method, there are ways to securely transfer wealth to the people you love. But these methods require special conditions. There are online services known as "Headman's Switch". In this method, the service provider will send you an email or alert at various times (for example, once a month). You must click on this email / alert and respond to it. If you do not receive a reply within a certain period, you will be considered dead. In this case, a certain number of emails (which you specify) will be sent to specific people. I personally do not recommend this method, but by searching for the phrase "dead man switch" you can try them yourself. Google itself has such a capability. In part of the Google settings, it is possible to specify that if a certain person does not visit your account for a certain period of time, it will be accessible. Personally, I can not suggest this method either. If you want to try it out, just go to your Google Account settings. If you say to yourself, "What a wonderful way to put my private keys on my email so my kids can see them," you better read this article from the beginning. It may occur to you to put a flash memory password on your email so that your children can see it. This is a better solution, but still not very good. Remember that you should not put your backup password on the Internet. This will greatly reduce the security of your backup assets. If you want to encrypt emails with flash memory passwords and then share another password with your children, you have a better approach. In fact, you do not need a second password at all. There is an old tool for encrypting emails called "PGP" (or GPG) that you can use. It was one of the first software to use asymmetric cryptography (like the one in Bitcoin). This is not going to be training When we use the word "exchange", we mean a centralized exchange that safely holds your digital currency. So after reading the previous sections, you might say, "Wow, what a hassle. "All I have to do is store my currency in an exchange office." It should be said that using an exchange office is not safe. Since the money changer is responsible for the safe maintenance of your assets, you should work to secure your account.

Use only reputable exchanges

Yes, it is very easy for me to name Binance, because this exchange is one of the largest digital currency exchanges. Of course, this talk is not without reason. Not all exchanges are the same. Large exchanges invest heavily in security structures. Bainance has invested hundreds of millions of dollars in this sector. Security covers many areas; From equipment to networks, protocols, personnel, risk assessment, metadata, artificial intelligence, training, research, testing, third-party partners, and even relationships with international jurisdictions are all areas of security. Proper security requires a lot of money, manpower and effort. Many smaller exchanges and newly established exchanges can be fraudulent from the outset and carry out an Exit Scam. Exit Scam means they receive your deposits and then run away with all the capital; For this reason, avoid exchanges that are too small. Unpaid exchanges and exchanges that have a lot of discount plans or any plans that end up in their negative profit fall into this category. Here, if [their] goal is not to generate revenue from their business, then your capital is their goal. Proper security comes at a cost, and it must come from an acceptable business model. When it comes to securing your assets, you should not be stingy at all. Large, high-profit exchanges have no incentive to commit fraud. When you have a multi-billion dollar business, why steal millions of dollars and live in fear while looking for a place to hide? Large exchanges are subject to further testing on the security front. Of course, this is also a risk. To combat hackers and fraudsters, we invest heavily in data mining and artificial intelligence. We were able to prevent the loss of capital of many users who fell victim to SIM swap. Some of our users who use several exchanges have reported that their emails have been hacked, in which case their funds have been stolen from other exchanges, but in Bainance, our AI stopped the hackers and they could not get the funds from Take out an exchange office. Because smaller exchanges do not have big data to use, they cannot have mechanisms similar to ours when they want to. When you use exchanges, it is obvious that maintaining account security is very important.

Maintain computer security

Again, your computer is usually the weakest part of your security chain. If you can, use a dedicated computer only to access your account at the exchange. Install a popular antivirus (yes, invest in security) and minimize the number of other software that you do not use. Set your firewall to its strictest state. Do your games, browsing, downloads, and other tasks with another computer. Even install antivirus on this computer and put your firewall in the same mode as before. A virus on this computer makes it easier for hackers, and if they are on a network, the hacker can enter another computer. As a result, be mindful of other computers.

Avoid downloading unofficial files to your computer

I recommend that you do not download the file using your computer or mobile phone. If someone wants to send you a Word file, ask them to upload it to Google Doc and send you the link. If you have been sent a PDF file, open it in Google Drive with a browser and do not do this with your computer. If they want to send you a funny video, ask them to do it using one of the platforms. Yes, it has its own problems, but security is not cheap. So is the loss of capital! See everything online as much as possible and do not download anything to your computer. In addition, disable the "Automatically save photos and videos" option in messenger software. Many of these softwares download gifs, images and videos by default, and this is not very good for your security.

Keep your software up to date

I know how tedious operating system updates can be, but these updates sometimes fix security bugs that have just been found. Hackers also track these updates to see exactly what bugs have been fixed and by which they can attack the computers of lazy people who have not yet updated. Wallet software and exchange offices are no exception to this rule. Therefore, make sure that your software and operating system are always updated to the latest version.

Email account security

I recommend using Gmail and Protonmail email services. Security in these two email service providers is higher than the others. So far we have seen a large number of security breaches on other email platforms. I highly recommend that you use a unique email for each account in each exchange and create them so that they can not be guessed. In this case, if another exchange is attacked, your Bainance account will not be harmed. Using this technique, phishing attacks and email scams will also be reduced. Enable 2FA for your email account. I recommend using the Yubikey tool for your email account. This way, you will be safe from many cyber attacks, such as phishing and. If you live in a country where SIM cards can be exchanged online by a mobile service provider, do not use your mobile phone number as an email retrieval method. We had many victims of hacking by changing their SIM cards who used their mobile phone number as a method of password recovery. In general, I do not recommend attaching your mobile number to your email.

Provide password security

Use a specific and powerful password for each site. Do not bother remembering your passwords yourself and use a password management software. For many people, LastPass and OnePassword software work. Both of these softwares have versions for browser, mobile phones and و. Both claim to store passwords only on the device and use an encrypted version of the password to sync them across different devices. If password protection is more important, use KeePass or other versions of iOS. It then saves your passwords on the device, does not sync between other devices, and supports fewer operating systems. This app is open source, so you do not have to worry about backdoors. Do your research and finally choose the best software. Just remember not to save time by using a simple or duplicate password. Make sure you use a strong password, otherwise it might cost you a large portion of your investment when you save it. If you have chosen all these tools correctly and your computer is a virus, it is useless! For this reason, make sure the quality of your antivirus.

Enable two-factor authentication

I recommend activating your two-factor authentication immediately after registering with Bainance. Because your two-factor authentication code is always on your mobile phone, somewhat out of line U2F has three major advantages: First, they are physical devices, so it is almost impossible to steal the code inside. Two that they are specific to a particular domain; This feature is useful when you inadvertently end up with a phishing website. In the end, they are very simple to use. For the reasons I told you, I recommend connecting your Ubiquitous device to your Bainance account. Using this device will increase your security layers against hackers. You should also link your Ubiki to your Gmail, ListPas and other supported accounts to make sure they are secure.

Drop SMS confirmations

There was a time when the use of SMS confirmations was advertised, but that is a thing of the past. Due to the increasing number of SIM card exchange attacks, it is recommended that you do not use SMS for your confirmations and go more towards using two-factor authentication and U2F.

Create a whitelist of transactions

I recommend that you use the whitelist feature in Bainance. In this case, you specify that withdrawals be made to only one set of specific wallets. This allows you to quickly transfer funds to your approved accounts. On the other hand, the possibility of transferring capital by hackers to new addresses will be severely limited.

Security of APIs

Many users use APIs to trade and withdraw funds from their accounts. Bainance offers several versions of APIs that use the latest version of asymmetric encryption. This means that we only need your public key. In this case, your private key is at your disposal and you only give us your public key. We only need the public key to verify that your orders are yours, and we will never ask for your private key. You are required to keep the private key in a safe place. You do not need to protect your API key in the same way that you protect your currencies. If you lose your API key, you can easily generate another key. You just have to make sure that no one else has this key.

 

Provide physical security for devices and mobile phones

You need to secure your mobile phone. You probably have email software, binance software, and two-factor authentication code on this mobile phone. Do not root or jailbreak your mobile phone. This greatly reduces the security of the device. It is also important to ensure the physical security of the device and use the appropriate screen locks. The same is true for devices other than mobile phones. Make sure that the devices do not fall into the hands of other people or if they do, it will be very difficult to access the menu.

Beware of phishing attacks

Beware of such attacks. Phishing attacks usually start with emails or links on social networks. Only enter the exchange site through the address of the official Bainance page or using bookmarks (marking the page). Do not share your email with others. Do not use the same email on other websites. Beware of strangers (especially people with the name CZ or similar emails) who suddenly text you on Telegram, Instagram or other social networks. In general, if you follow these steps, your Bainance account will be secure. Which is better in the end? I usually advise people to use both centralized exchanges and their own wallets. You can put part of your capital in an exchange office and put that part of the currency in a wallet like Trust Walt. If you are familiar with the technology, you can change the stated ratios. Centralized exchanges are out of reach every so often for technical reasons, so when this happens and you need to make a transaction, these wallets will come in handy.

A few other sections

There are several different models of scams. Some people try to persuade you to send them your funds by creating fake accounts in cyberspace with names similar to accounts like "cz_binance_". Always remember one rule, send money to people only when you want to have a financial exchange with them. Always use two different channels to verify the credentials of the person you want to transfer money to. If a person named Changpong Zhao suddenly comes to you and, with a compelling story, asks you to send them your currency, report it immediately to the appropriate authorities. If your friend suddenly sends you a message asking you to transfer money to him or her immediately, call or ask him or her to send you a short video to confirm the request. Suppose his cell phone or SMS account is hacked or someone steals his cell phone.

Scams via YouTube

YouTube fraudsters are manipulating fake videos to make a video of Changpeng Zhao donating free currency and و. Report them by seeing them.

Social media scams

Do not get caught up in schemes that promise you free digital currencies and first ask you to send some currency to a specific address and then get more currency. He will never ask for this amount of currency

 

Mr Ehsan Atash Zaban

PythonEX.net