Tuesday’s $41 million Binance hack was a stark reminder that even the most sophisticated security is susceptible to patient, dedicated hackers. Every security plan has weaknesses, and all too often the error is human – in the case of the Binance hack they seem to have compromised a large number of user accounts, including passwords and two-factor authentication (2FA) details, through phishing, intrusive hacking, and more.

It is therefore a good time to remind ourselves of some basic practices we should employ in order to keep our crypto as safe as possible. The following list should give you the best chance of making sure that your crypto stays in your wallet and doesn’t end up in the hands of hackers.

• Leave as little as possible on exchanges/internet-connected wallets. Keep the bulk of your assets in some form of cold wallet, for example Ledger/Trezor.
• Use two-factor authentication (2FA) on everywhere that offers it, and think carefully about using services that don’t. Google Authenticator and Authy are the two best examples of 2FA software, and you don’t need an internet connection to use them. TypingDNA is another option if you want to access your 2FA passwords on a computer rather than a mobile device.
• Try to avoid using a 2FA device that regularly connects to an external data connection – e.g. 4g, Wi-Fi. In an ideal world, a brand new or freshly wiped device with no other apps and that never connects to an external data source post-install is ideal. This could be a cheap smartphone or similar.
• 2FA accounts generate backup codes, which you must keep safe. DO NOT leave these on your computer, upload them to a cloud storage service, or store them in an online password manager. Keep them on an offline storage device (e.g. USB drive) that you encrypt with a password and store safely and securely. To protect against hardware failure, store the backups on two different makes/models of USB drive. That way if one fails you have a separate backup.
• Only use SMS-based authentication if no other option is available and you absolutely have to use that service. SMS authentication may seem safe, but this method is much more susceptible to hackers though methods such as sim-swapping. To guard against this, enable the “do not port” option for any new SIM card.
• Try to only send your crypto to reputable and secure exchange/holding facility. If you intend to use a certain one regularly, for example with a crypto casino like BitStarz, conduct research into their processes and policies with regard to crypto storage, and also look into the experience of other users.
  Use long, complex passwords that aren’t easy to guess. Hackers use sophisticated tools to cycle thousands of potential passwords a minute. Ideally, you should use a password manager like LastPass to create complex passwords for you that you don’t have to remember. Use this site to test how strong your existing passwords are – you might be unpleasantly surprised.
• Use a leading anti-virus provider and make sure you keep it updated, along with Windows/Mac/Linux software. VPNs can also offer a further layer of protection is required.
• Be alert for suspicious emails and app update alerts. If you receive an email or an in-app message requesting that you update the software, head to the product’s website to confirm the update is legitimate before installing.
• Be careful what you reveal on social media about your crypto activity. Do not boast about big wins, and do not reveal which exchanges, wallets/storage devices you use. This is like throwing chum into hacker-infested waters.

Enabling 2FA at BitStarz

Protecting your BitStarz account with 2FA couldn’t be easier. Open your authenticator of choice and choose ‘new’ or ‘add’ from in the app. The app will request a QR code to scan. Log in to your BitStarz account, go to My Account and then Profile Info. At the bottom of the page you’ll see ”Configure Google Authenticator” (don’t worry, you can use Authy with this). Scan the QR code displayed from your authenticator app, add the code within the app to confirm and you’re good to go.

No Solutions Are Perfect

It’s sad to say that you can take all the precautions above and still be hacked, but by following the rules above you hugely reduce the chances of your funds being stolen. Also, keep an eye out for hacks in the news, see how the hackers did it, and learn from that. Good luck, and stay safe.