cryptoslate.com
Crypto security is weak across the board, and one wallet provider has a product that can help change that.
Being your own bank is hard
A recently concluded survey by the world’s “coldest” crypto wallet, NGRAVE, sifted out interesting data about the way crypto users handle their assets, passwords, wallets, and funds.
Founded by Ruben Merre, who appeared on a Cryptonites interview (CryptoSlate is the media partner for the edutainment brand) earlier this year, said about his product at the time:
“It is completely immune to any kind of online attacker because nobody can attack it. There is no line of attack possible.”
While crypto security has been a long-held concern among proponents, many in the space fail to take adequate steps when it comes to safeguarding one’s assets. The motto is to “Be your own bank,” but cybersecurity is a hard task, and most users are not adept enough at it.
Such concerns were validated in NGRAVE’s recent survey. It showed the recent Ledger data leak — which saw hackers gain access to the transactional and personal data of millions of users — had a “clear and significant” negative impact on satisfaction with the security setup in the market.
🚨While everyone's looking at growth, returns, you name it, we're all forgetting to look at priority number 1. #Crypto is volatile, but that's ok. The most extreme form of volatility, losing everything, is NOT ok.
A few insights by @RubenMerre for 2021 👉https://t.co/cEtIJoqGX6
— NGRAVE (@ngrave_official) January 14, 2021
Storage of exchange information was dismal as well. 1 out of 3 respondents stored more than 40% of their entire crypto holdings on a single exchange. This meant that if an exchange was to shut down, exit scam, or close withdrawals, a person’s capital would be either stuck or lost forever.
A further 44% of respondents did “white list,” or trust, withdrawal addresses, while 27.5% kept a backup online and 17% did not consistently keep a backup.
Furthermore, 25% of all respondents (1 out of 4 people) holding crypto on an exchange did not make a backup of their 2FA recovery code. The latter is an electronic authentication method in which a user gains access to a website/application only after authenticating themselves two times.
Wallets, age, and demographics
Coming to the wallet side, 2 out of 3 respondents reported having a paper backup of their funds, 4.3% had no backup at all, and 7.4% kept an online backup of their seed phrase.
However, this is a critical security concern. As per NGRAVE, most hardware wallet backups today do not have added security layers and are therefore vulnerable, meaning that if someone were to find a users’ paper backup; they would also know their private key (and gain access to their funds, as a result).
In terms of demographics, the survey found that 50% of all users were older than 35, and 20% of that older than 45. Most users were concentrated in the following age groups: 25-35-year-olds, and 35 years and above.
The gender ratio is heavily skewed in favor of males, who make 90% of the crypto market, with just 10% of female representation.
NGRAVE’s parting thoughts
NGRAVE said the trend for crypto hard wallets was set to move in three directions:
- Hardware wallets will evolve more towards bluetooth, NFC, but likely most of all QR code-based models (versus 3/4 USB today)
- Hardware wallets high reliance on paper wallets will move more to metal, and social backups over time. (NGRAVE GRAPHENE’s aim is to push this towards metal backups.)
- Backups will become more resilient over time against “if someone finds them, their security is compromised” (NGRAVE GRAPHENE is an encrypted metal backup).
The dangers of hacking and losing funds to crypto scams are multifold. Petr Kozyakov, co-Founder and CBDO of the fintech company Mercuryo.io, said in a note to CryptoSlate that there are many methods that hackers can employ to access your crypto wallet and steal your funds.
“From phishing sites to malware email to fake apps – there is no shortage of dangers. There are, however, ways to fight them – plenty of which can be used by anyone, even without any particularly deep technical knowledge,” he said, stating such attacks included social engineering attacks, phishing, and improper KYC measures taken by the users.