In this tutorial, you will learn the following:
- The implications of holding private keys
- Common extortion schemes in the crypto world
- Key protection mechanisms
1.0 Implications of holding private keys
As you may already know, a private key is a secret phrase that is used in cryptography, similar to a password. It is a proof of ownership of a wallet address. When you own a non-custodial wallet address, you get a private key which you can use to access the wallet at any time. The key and wallet are absolutely under your control. With great power and liberty comes a greater responsibility; therefore, you need to take note of the following:
1.1 You must not forget your private key
Usually, when you forget the password to your email address or your Binance account, you have a way to recover it. All you need to do is to click the Forgot Password option. You were able to recover those passwords because the accounts are truly not in your custody. It’s in the custody of your email provider and Binance operator respectively. However, for a non-custodial wallet address, the whole wallet and control lie in your hands. Forgetting the private key to the wallet address means you are forgoing your money.
Back in 2011, Stefan produced an animated video explaining how the digital currency works. For his efforts, a bitcoin enthusiast awarded him 7,002 bitcoins. Later that year, he lost the password to his IronKey, the USB hard drive that contains the digital wallet that holds his bitcoins. Since then, the currency's value has skyrocketed, and Thomas' holdings are worth $220 million US ($321 million Cdn.) The IronKey gives users 10 password guesses before it encrypts its contents permanently, and Thomas' bitcoin is lost forever. He has two guesses left.
Don’t want to be like Stefan? Remember your private key.
1.2 You must keep your private key away from prying eyes
This is pretty straightforward, right? Your private key grants you access to your wallet and crypto asset. Therefore, if someone sees your private key, they will have access to your money. Consequently, it is imperative to keep your key away from prying eyes.
Reflection: How do you think you can keep your private key safe? Write down your thoughts.
Now, let’s see if the options you thought about can truly keep your private key safe. First, if your thoughts fall among the following, it is not a good way to save your private key.
- Saving private keys on email or cloud folder (e.g. Google Drive): Emails are susceptible to hacking and phishing attacks. Therefore, if your email address is attacked, you risk losing your private key to ‘predators’.
- Saving private keys on your computer, smartphone or any other device connected to the internet: This is very risky! Keeping your key in a device you use in accessing the internet can expose the data to cyber attacks.
With respect to keeping private keys safe, someone once suggested the following:
“write it in a small notebook and lock it in a safe, which is then stored in a vault on the floor, covered by a rug and guarded by dogs with machine guns and a very small clone of Arnold Schwarzenegger”.
Obviously, that was a joke but it underscores the importance of keeping your private key safe! At this juncture, it is important to know that:
“Your private key should be stored offline”
Usually, writing down your private key in a diary that is kept in a secured place would have been a simple way but that is at risk of fire or water damage. Our suggestion is that you inscribe your backup phrase on materials that are resistant to fire and water, e.g. a metallic material. Afterwards, store in a secure location. Also, it is recommended that you create a few copies of your private key as backup. So, if you misplace one, you can easily get your key from the backup.
2.0 Protecting yourself from common extortion schemes in the crypto world
Scammers are everywhere and looking for ways to extort money from people. The cryptocurrency world is no exception. Therefore, as you get paid in crypto, it is imperative to understand the common fraud schemes and how to protect yourself. To get started, check out the following data reported by the United States Federal Trade Commission in 2021.
Below, we discuss the popular crypto extortion schemes and how to protect yourself.
2.1 Romance Scams
According to the United States Federal Trade Commission, about 20% of the money lost in romance scams from October 2020 to March 2021 was sent in the form of cryptocurrency. Basically, these scammers engage people in long-distance relationships, usually send fake pictures and videos; and ask their victims to send money to them. They are increasingly requesting crypto as it is difficult for authorities to trace that. Some of the red flags that can help you spot romance scammers include:
- They prefer to move communications away from dating websites.
- They ask a lot of personal questions about you but avoid answering personal questions about themselves.
- They try to establish a bond quickly and they ask for financial help.
- You never meet them in person. You perform a reverse image search of their profile photo and it seems to belong to someone else.
2.2 Investment Scams and Ponzi Schemes
First of all, it is critical to remember this popular saying when it comes to investing; “if it sounds too good to be true, then it probably is.” These scammers promise high returns but when it is time for investors to get returns, they start giving excuses or even encourage investors to pay more money for higher returns.
Case in point: Cryptocurrency buzz drives record investment scam losses
Reports to the FTC’s Consumer Sentinel1 suggest scammers are cashing in on the buzz around cryptocurrency and luring people into bogus investment opportunities in record numbers. Since October 2020, reports have skyrocketed, with nearly 7,000 people reporting losses of more than $80 million on these scams.2 Their reported median loss? $1,900.
2.3 Blackmail Scams
In this case, the scammer sends you a message claiming to have damaging personal information and requesting you to pay money to stop them from releasing it to the public. When you see this, tell them to GET LOST!
2.4 Phishing Scams
This involves the scammers sending emails with malicious links to a fake website in order to obtain your personal details, such as cryptocurrency wallet key information and currency is then stolen from the wallet.
Time Magazine provides more details on common crypto scams, you can check it out. Finally, be alert and beware of who and what you deal with online, including social media.
Here is a bonus case for you to check out: Social media blamed for $1B in crypto scam losses in 2021
Nearly half of the consumers who reported a cryptocurrency-related scam in 2021 said it started with an ad, post or message on social media. The United States Federal Trade Commission found that Instagram (32%), Facebook (26%), WhatsApp (9%) and Telegram (7%) were the top platforms used for crypto scams.