Every now and then we hear a newsworthy story of a victim losing a considerable sum of his/her Bitcoin. The majority of these cases were the result of an indirect hack, a phishing incident or a scam.
In hindsight, all of these incidents are easily avoidable with the right security measures in place.
Protecting your Bitcoin can sound like a daunting task, but it involves the same precautions and best practices you should take with your online banking.
Step one: Choose a reputable and trusted company
The first step to protecting your Bitcoin is ensuring you choose a reputable company to buy, sell, spend, store and manage it.
Before handing over your money or details, it's always a good idea to do a sanity check of the company:
- Look for a company with a proven track record
- Verify the identities of owners and employees on LinkedIn
- Consider the company’s procedures for verifying customers and preventing crime
- Research venture capital firms invested in the company
Many security breaches in this space could have been avoided with extra security measures in place. Make sure you're comfortable with the preventative measures in place to protect your money (and data).
You can also check the company registration with authorities, like FCA in the UK, as an additional check-up to make sure the company is credible.
Step two: Protect yourself from hackers
Great security doesn't stop with finding a reputable company. If you don’t do your part to protect your account, no amount of back-end security will prevent hackers stealing your Bitcoin.
It’s a bit like keeping your home safe. Even the most high-tech door lock won’t keep you safe if you leave the door wide open. Hackers tend to exploit the weakest link in any security system.
With a few simple considerations, you can improve your security by tenfolds:
- Stronger password security: use an unusual password with at least 16 characters and never ever share it
- Turn on two-factor authentication: this means no one can access your account without access to your phone
- Protect your email account: use a secure, unique and complex password and turn on two-factor authentication
- Lock your account: if you suspect your account is compromised, lock it.
Step three: Learn to spot scams and phishing
Phishing attacks happen when criminals create a website or email that looks like it belongs to a trusted company. Using this imitation, they then deceive you into giving them important details, including your sign-in or payment information.
You might receive an email from your Bitcoin Wallet provider asking you to check some recent activity. When you click the link in the email, it might ask you to re-enter your payment details. If you do this, the criminals have your information.
This isn't limited to Bitcoin or cryptocurrencies
Phishing activity has been a growing concern across the whole of the internet.
They look real at first glance and ask customers to sign-in to their accounts. If someone does this, criminals can then log into their account and steal from it.
While it's not the fault of the company the phishers are pretending to be, phishing can still harm the reputation of a legitimate company because people may not understand that the attack came from elsewhere. The only step trustworthy companies can take is to try to educate everyone about phishing. But it’s up to you to take extra care of your access details.
To avoid becoming victim to a phishing attack:
- Always check the URL of a website before signing in or clicking an ad
- Enter the URL directly rather than googling the company name
- Never share your password or payment details by email or message
- Pay attention to your intuition — if something feels wrong, double check it
- Don’t offer your details without reason and be careful with sensitive information (e.g. your PIN)
- Check the address before replying to emails
- If you’re unsure about a website, try signing in with a fake password
Luno takes security seriously
At Luno, protecting our customers' money and data is our top priority. We've built some of the world's most sophisticated Bitcoin security systems and have never been compromised.
Some of the security measures we have in place to protect your Bitcoin include:
- Deep freeze storage: we store private keys in multi-signature wallets, spread across different bank vaults
- Hot wallet: to let you withdraw Bitcoin instantly, we maintain a multi-signature wallet with the key split between Luno and BitGo
- Passwords: we store passwords in a hashed form and encourage customers to use strong passwords
- Two-factor authentication (2FA): we support 2FA so you can keep your account extra safe
- Encryption: all web services and communication happen over SSL-secured channels and wallets are stored with PGP encryption. All personally identifiable information is encrypted and securely stored.
This means that all sensitive customer information is encrypted. No individual or employee has direct access to customer Bitcoin funds.
All our employees pass a background check and receive regular and thorough security training. Furthermore, we also carry out regular financial and security audits to test the integrity of our systems.
All in all, Luno’s security is bank-grade. It's in our best interest to set our customers up for success. We go beyond the necessary to protect your money and data.