×

After $500 million Japan cryptocurrency theft, here's how to keep yours secure

  • Hackers are targeting digital currencies.
  • More than 3 million bitcoins have been lost — maybe forever.

Hackers stole more than half a billion dollars in cryptocurrencies from Japanese exchange Coincheck last week — and experts say investors can expect more such attacks.

In the last month, hundreds of frantic people have called into McCann Investigations in Houston. Some have lost their cryptocurrencies. Others had them stolen.

Wallet Recovery Services, which helps people find their lost cryptocurrencies, warns website visitors to expect a slow response time due to its "high volume of new requests."

"All the hackers in the world are targeting cryptocurrencies." -Eric Larcheveque, CEO of cryptocurrency security company Ledger Wallet

Bitcoin was born out of a distrust of traditional markets and a desire to establish a new system, free from brokers or bankers. But as the value of many cryptocurrencies rise, so does people's uneasiness with being the only one with access to their digital fortune.

Investors are finding that the system's high-security makes it easy for them to get locked out.

Currently there are more than 3 million bitcoins that have been lost, according to blockchain tracking company Chainalysis. Since bitcoin was created in a way that makes its supply finite, that means that 14 percent of the currency could be gone for good.

Chesnot | Getty Images

Even more alarming: cryptocurrencies are a dream for cyber criminals.

"Let's say you manage to steal a Social Security number or banking information – that's not money, it's information," said Eric Larcheveque, CEO of cryptocurrency security company Ledger Wallet. "You need to find a broker to sell the data."

Bitcoin is simpler.

"It's immediate. It's already cash," Larcheveque said. "All the hackers in the world are targeting cryptocurrencies."

Here are some tips from experts for holding on to your cryptocash.

1) Be careful where you do business

SusanneB | E+ | Getty Images

Dorothy Flippov, a private investigator at McCann Investigations who specializes in cryptocurrencies, said many people say they've sent their cryptocurrencies to the wrong address. What really happened is probably more sinister.

"The possibility of actually sending the coin to the wrong address is infinitesimal," she said. "It's as unlikely to be struck by lightening while being bitten by a snake while winning the lotto."

That's because people's keys are a long string of numbers and letters, and if you typed in one wrong character, it's unlikely that you actually found another key. In reality, the person was probably defrauded by whomever convinced them to send his or her coins.

"This is the newest rendition of fraud," Flippov said.

Some cryptocurrency investors claim there have been a series of Ponzi schemes.

And so Flippov said all investors should do their due diligence.

"How long have they been around? Who's the team behind it?" she said. "If they've been involved in a lawsuit, don't go with them."

Even with your buying and selling transactions, stick to well-known exchanges like Coinbase.

2) Store your virtual currency offline

Amazon

Last week, Japanese exchange Coincheck announced that 58 billion yen, or $531.8 million, had been directed to another account. The company said it had kept its cryptocurrencies on so-called hot storage, which means it was online at all times.

If you have a significant amount of cryptocurrencies, experts say you shouldn't store them on an exchange like Coinbase.

"We've seen a lot of sad stories of people having their cryptocurrencies on their PCs, and their daughter downloaded a game including a virus which sent their assets to a hacker," Larcheveque said. "They lost everything."

Instead, transfer your coins and private keys to a so-called hardware wallet. Popular ones include the Ledger Nano S and Trezor (prices range from $100 to $200). The USB-looking device will keep your bitcoins or ripples off the internet, where they are more vulnerable to hackers.

"If you buy physical gold, the first thing you will do is buy a safe," Larcheveque said. "If you buy cryptocurrencies, very quickly you'll understand that you need to buy a digital safe."

A hardware wallet just requires you set up an eight-digit PIN. Plus, the little computer provides you with a set of 24 words which you can use if you forget that PIN. But if you're depending on an online exchange and you lose your 64-character private key, you will have no other way to access your coins.

3) Back up your backup

National Guard helicopters make water drop as the Thomas Fire approaches the Lake Casitas area on December 9, 2017 near Ojai, California.
Getty Images
National Guard helicopters make water drop as the Thomas Fire approaches the Lake Casitas area on December 9, 2017 near Ojai, California.

You can never be too secure with your cryptocurrenices, said Christopher Allen, principal architect at Blockstream, a blockchain company focused on security.

"You can't go to the bank and say, 'Oops, can you fix this?'" he said.

Keep those 24 words, which provide instant access to your cryptocurrencies, in a safe place. Allen recommends you enter those words into a cryptosteel, a device that can withstand temperatures up to 1,500 degrees Celsius. Then put that in a fireproof safe.

Living in California during the recent wildfires, he was glad to have these layers of security, he said.

"At least when the firemen are done with the hoses," Allen said. "It'll still be there."

More from Personal Finance:
Bitcoin, once 'sketchy,' becomes more mainstream
Some cryptocurrency-backed debit cards dropped from Visa network, leaving users scrambling
Bitcoin is too risky to treat as a 'serious' investment, financial advisers say