Safe Trading on Cryptocurrency Exchanges: 20 Security Tips

By David Balaban
Contributor, InCyberDefense

Note: This article was originally published on InCyberDefense.

While cryptocurrency is a useful way to move money from one place to another, web wallets, cryptocurrency processing systems and exchange services are all susceptible to compromise by bad actors. So crypto-traders should examine the security features of an online service before adopting a cryptocurrency exchange service. Also, it is just as important to adopt user-end security practices.

There are many techniques available that you can use to safeguard your account. However, while they instill a sense of confidence in the security aspects of cryptocurrency exchanges, these techniques tend to be cumbersome and might diminish your experience.

Here are 20 best practice tips to keep you safe when dealing with cryptocurrency exchanges:

• Use a new computer for trading and install reliable antivirus software. Apply operating system patches and antivirus definition updates as soon as they are released. Also, back up your data to offline storage sites on a regular basis.
• After you register with an exchange service, use Google Authenticator with only one IP address whitelisted.
• Enable two-factor authentication for logging in.
• Use a VPN (virtual private network) solution for trading and private communications. (This tip is particularly relevant when you’re conducting transactions with a poorly secured public Wi-Fi because a VPN renders man-in-the-middle attacks futile.)
• Refrain from openly mentioning your personal email. Exchange services usually submit notifications to your registered email ID when you purchase or sell cryptocurrency. By compromising your email account, attackers can track your transactions and perhaps gain unauthorized access to your crypto wallets.
• Safeguard your email account by using a strong password containing uppercase and lowercase letters and special characters. Multi-factor authentication will add an extra layer of security to your email. Keep in mind that the overwhelming majority of cryptocurrency-related hacks are accomplished by compromising a user’s email.
• Use your smartphone wisely. It might be a good idea to get a separate mobile phone exclusively for trading. Also, do not conduct transactions from a smartphone with many apps. By hacking one of these apps, cyber crooks could obtain sufficient privileges to access your private data and blackmail you.
• Do not keep your cryptocurrency on exchanges when you aren’t actively trading. You are much better off storing your own digital cash in cold storage.
• Use a tamper-proof hardware wallet for high-frequency trading.
• Bear in mind that a dependable exchange service requires new users to verify their identity and location prior to making a deposit.
• A reputable exchange provides evidence of cryptocurrency kept in cold storage.
• A trustworthy exchange also participates in cryptocurrency-related events, hackathons and other academic initiatives in this domain.
• Diversify your risks to make sure your trading posture has no single point of failure:
  • Consider using more than one exchange service.
  • Use decentralized peer-to-peer exchanges.
  • Invest in several different cryptocurrencies.

• Stay on top of the markets. Keep track of industry news, examine charts and visit dedicated discussion forums. Familiarize yourself with algorithmic trading. Abstain from trading with more than 30% of your cryptocurrency. Have a plan to convert your coins to fiat money if necessary.
• Follow your intuition to identify red flags. If some big names in the industry quit their jobs, it might speak volumes about the cryptocurrency exchange’s future prospects. For instance, William Dennis Atwood, the director of Hong Kong-based MyCoin exchange, resigned just before the service was revealed as a Ponzi scheme.
• However, if you see reputable people in the industry join a cryptocurrency exchange, it probably means you are on the right track.
• Steer clear of shady exchanges that ”coincidentally” react to Bitcoin price fluctuations by crashing. When they are back up and running, users might discover that their transactions were completed at a worse rate than they anticipated.
• If it takes the exchange’s customer service operators a long time to respond to helpdesk tickets, that’s a clue suggesting that the service might not be trustworthy.
• In case the exchange engages in high-volume trade campaigns involving altcoins [an alternative to Bitcoins] with a fishy reputation, treat the cryptocurrency exchange with caution. Furthermore, participation in ventures like Initial Coin Offerings may be a sign of a shady exchange. Keep in mind that trading new coins is a slippery slope.
• The cryptocurrency market is full of pseudo-coins and rogue services. Take your time and do your own scrupulous due diligence before trusting an exchange service with your cryptocurrency. Some healthy paranoia is a good thing.

Online exchanges are all very different, and every investortrader has a special set of goals and circumstances. In addition to security, it is important to think about fees, liquidity and accessibility as well as your own personal situation when choosing an exchange.

About the Author

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com website, which presents expert opinions on information security matters, social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.