articleStartImage

Remember that sinking feeling when you hit the "Send" button on an email, and it went to the wrong people? Multiply that by a million, and you can imagine what it feels like to make a mistake with your wallet, or see another technical problem where your funds disappear, are locked away or require some technical digging to reach. Imagine closing a wallet to restart the computer, and then the wallet needs some very unnerving 15 minutes to bring back to life.

A cryptocurrency wallet looks like a bank account on the first sight, displaying transactions and balances. But it works more like an email account, and it has its peculiar technical issues and compatibilities. Sometimes, it is the users' fault, and other times, it is the way a wallet is engineered, but coins get locked out or disappear. A wallet is unforgiving- protect well all passwords and encryption data, they are not recoverable. Locking yourself out of a wallet is a newbie mistake. Build a strong password, but also write it down- in at least two places. And then there are other known dangers it's good to be aware of.

The Jaxx Pass Phrase Vulnerability and Theft

Probability: Low to medium

Protection: General computer safety, strong passwords, vigilance.

The Jaxx wallet uses a mnemonic seed to build its security hash. Unfortunately, the seed generation mechanism and the seed discovery are dependent on the general safety of your computer system. This is a known vulnerability in the Jaxx wallet, and it is here to stay. The creators of the wallet see it as a necessary evil to bring a balance between safety and ease of use. Jaxx is a hot wallet, constantly connected to the Internet.

This is how the vulnerability works. Most desktop wallets have a secure, tested method to encrypt the mnemonic seed or 12-word pass phrase. Jaxx, however, uses a hardcoded encryption mechanism, which means there is a key somewhere on your computer. Imagine leaving the keys from your home loosely hidden under the doormat- this is what Jaxx does to your funds, for convenience. The wallet uses a PIN that could be brute-forced. Once the 12-word pass phrase gets stolen, it can re-create your wallet, complete with funds, on another computer, and then the hacker can empty it out.

To be protected, either avoid the Jaxx wallet or only keep limited funds there, for fast transactions, spending or short-term exchanging.

The Poloniex Shave

Probability: Low to Medium

Protection: Avoid storing large sums on exchange-based wallets

No one knows that vulnerabilities exist, until a hacker discovers them. Even when taking precautions, the cryptocurrency software has been built under pressure with the strong growth in the sector. So far, Poloniex has repaired the glitch, but there is no saying what could happen to other exchanges and the funds stored there.

How the draining of funds worked: technically, individual wallets were not attached, but later the Poloniex team enforced cuts to all accounts to spread out the loss. But we include it here, among wallets, because many coins are conveniently stored right on Poloniex, or Bittrex accounts, and remain vulnerable. Coin storage technology does not always ensure that you own all the funds. Because of terms and conditions, or technical glitches, your funds could disappear. And that counts as an unsafe wallet.

For Poloniex, it turned out the sell orders had a vulnerability. The system could receive and perform multiple sell orders made in a single instant and did not check for negative balance. This allowed the hacker to overdraw the account and take away 12.3% of the Bitcoin stored on the network. And because cryptocoins are fungible and anonymous, the Bitcoin was never to be seen again.

Ransomware and Wallets

Probability: Medium to low

Protection: General awareness of malware and specialized malware protection.

Malware attacks come and go. But when it rains, it pours. And now that you have bought some cryptocoins, your computer is suddenly really important. Be aware that ransomware infections are still active. WannaCry and Cerberus still move around, so do not open attachments from sources you do not trust. Currently, Cerberus has seen code additions allowing it to steal wallet files, but so far it cannot do anything to those files.

And then there is a whole slew of malware targeted specifically at Bitcoin wallets. The one way to be protected is to store private keys on offline machines, or on paper. Also, diversified coin holdings mean fewer attacks for lesser-known coins. There are much fewer attacks to steal Litecoin, and some coins and tokens fly under the radar.

Always keep a copy of your wallets in a remote, offline location. Diversify your holdings and never click on untrusted links.

Funds Kidnapping During or After an ICO

Probability: Medium

Protection: Double-checking addresses, taking extra care when taking part in an ICO and sending funds.

Kidnapping funds can happen in many ways. Perhaps the most famous one was the DAO hack when a hacker abused the pooling of funds and creation of tokens. The DAO project allowed for token holders to revert to Ethereum- but a glitch in the software allowed the exchange to happen multiple times.

The Parity Multi-Sig wallets revealed a vulnerability that allowed a hacker to exploit the events happening to a wallet in a single transaction, and then change the owner of the wallet. Three project wallets were attacked that way, compromising the funds of Edgeless Casino, Swarm City, and Aeternity after they gathered ICO funds. Smaller wallets were saved by white-hat hackers who moved the funds for safe storage. In the end, it all came down to the internal logic of a wallet and a tiny omission in book-keeping logic that left the funds open to theft. Events like these serve as lessons on building better security in the future, but until then, users should still be watchful.

If you decide to send coins to an ICO, always double-check the address. Always ask around for the way to receive coins and how to keep them safe.

Corrupted Fake Wallet Apps

Probability: Low

Protection: Research the wallets and read the reviews to know how the software works

As the cryptocurrency market grows bigger, unsafe wallets and scam wallets are receding. In 2014, Bitcoin malware and insecure wallets disguised as apps plagued the market, but with the expansion of the cryptocoin community, good wallets are common knowledge, and people rarely download dubious apps. Plus, online stores regularly clear out unsafe apps. The boom of fake apps affected the Apple store in 2016, but since then, the store has been cleared. Android, for now, shows no data of being affected by fake apps, but we don't know what the future is holding, so better remain vigilant and always seek out relevant community discussions before selecting a wallet.

But in 2017, there are many new coins. Users are advised to read the community talks and check the legitimacy of a wallet or storage solution.