Want to LOSE your cryptocurrencies?
By Scott Binns, Giovanni Molinaro and Hekmat Kaadan
Let’s face it, the enticing world of cryptocurrency may be too tempting to avoid for some investors, but for those looking to get into the game, you need to know the ins and outs of this new frontier. At Richter, we’re here to help.
So you’ve purchased some cryptocurrency. What now? As a savvy investor, you now need to be able to access, store, send and receive said cryptocurrency. And that old, faithful, bursting-at-the-seams (a la George Costanza)-style wallet simply won’t do. What you need is a digital wallet, and the public key and private key that will be generated along with it.
Wait, this wallet needs keys? In the digital world, yes.
- A public key is an alpha numeric sequence, effectively representing your digital wallet’s account number, which is publicly listed on the blockchain. Although the account number is public, there is no way for a third party to know who the holder of such an account is, unless you, as the holder, make yourself known. The public key will also form part of the account’s digital address which is required to transfer crypto to the account.
- The private key is a different alpha numeric sequence that is used to access the contents of the account i.e. your crypto. Providing someone your private key is akin to giving them the keys to your house, your alarm code, and asking them to rob your home. Obviously, protecting your private key in a secure place is paramount in protecting your crypto.
- Think of the public key as your email address, it is available for people to see and they can identify it is an email address, whereas a private key is your email password which is required to obtain full access to your email account.
Keeping these concepts in mind, remember the following three simple ways you can easily lose your crypto :
1- Transferring your cryptocurrency to the wrong digital address
In order for Party A to transfer crypto to Party B, Party B needs to send her or his digital address to Party A. The digital address often includes over 35 digits. If Party A enters one digit wrong, the crypto will unfortunately be transferred to a different (i.e. wrong) account. Party A’s sole recourse would be to have the holder of the erroneous account transfer back the cryptocurrency – a very challenging task, given the whole system is based on anonymity of crypto-owners. There is no central authority when dealing with a decentralized blockchain.
- Solution: double – no, triple or quadruple check, the sequence – or ask someone to review, before transferring. We like to go for the cut and paste option.
2- Transferring the “wrong” cryptocurrency to a digital wallet
Another key concept when transferring crypto between wallets is the necessity for the recipient wallet to “accept” the crypto being delivered. Should the recipient’s digital wallet not support the transferred crypto (remember, there are currently over 1,500 cryptocurrencies in existence…), the transferor’s account will be debited, but the recipient’s account will remain the same. Also, even if the recipient wallet accepts the crypto being delivered, it is important for the transferor to send it to the correct public address on that wallet. For instance, consider a wallet that accepts Bitcoin, Ethereum and Ripple. The wallet would contain three different public keys, one for each cryptocurrency. If somehow a Bitcoin is transferred to the Ethereum public address, then the tranferor’s account will be debit, but the receipient’s account will remain the same and there is no recourse to retreieve the lost assets.
- Solution: before sending currency, double check that the recipient is able to receive it in his or her wallet first and that they provided you with the correct public address for that currency. If not, your likely to be yelling “serenity now!!!!”.
3- Losing your private digital key
The private keys that grant the holder access to the account are often over 51 digits. Some investors decide to keep their private keys on their phones, laptops or on a loose piece of paper. There have been many instances where hackers gained access to someone’s phone or laptop, and since the private keys were saved on that device, the hackers were able to obtain access to that individual’s crypto assets. Also, another consideration is if the device or paper get lost: an investor will not be able to retrieve her or her account if they forget their password. The private key allows you to bybass access to the account without the need to enter a password.
It is important to note that if an investor is holding his or her crypto assets on an exchange, then the investor would only have access to their public key with the exchange being the owner of the private key. An additional security one should set up is a 2FA Authenticator. With 2FA, a unique code as well as the username and password are required to access the exchange. The unique code is sent to the user’s phone and changes every 30 seconds. Without this code, an investor is not able to gain access to their account. As such, if you lose your phone, you lose access to your account. However, just like a private key, the 2FA Authenticator provides the holder with a recovery key for situations such as loss of a phone. This recovery key should be treated the same way as a private key, and saved in the same manner.
- Solution: store your private key number on a piece of paper and in a safe place, like a safety deposit box. If you choose to store it on a laptop, we suggest that laptop to be offline and only used for the purposes of storing your keys. It should not ever connect to the internet. As ironic as it may be, the safest way to protect one’s digital key is to keep it on a piece of paper… Yes, we have come full circle.