[2018-02-17] Aviya Arika: "not your keys – not your coins!"

[S3cco]

There is a saying in the crypto world: not your keys – not your coins! – Aviya Arika:
https://bitcoingarden.org/saying-crypto-world-not-keys-not-coins-aviya-arika/

To protect their funds from hacker attacks, wallet owners should keep their keys in offline wallets, and cryptocurrency exchanges must use secure servers and trusted payment systems. This is an opinion stated by Head of Blockchain Innovation at Nir Porat & Co. Law Firm Aviya Arika. Aviya will present at Blockchain & Bitcoin Conference Switzerland, so we talked to her about cyber security of cryptocurrency exchanges and practices of regulating such organizations.

Q) Hello, Aviya! We can see from the media that it is not uncommon for hackers to steal funds from the wallets of ordinary cryptocurrency exchange users. What do you think people should do in order to minimize the risk of losing funds from their stock exchange accounts?

AA) Hello! If you, as a user, choose to keep your coins on the exchange itself instead of sending it to an external wallet of which private keys’ you have the control over, then you are automatically increasing your risk level. There is a saying in the crypto world: “not your keys — not your coins!” and this is essentially true, because when you keep your coins on the exchange, practically it means that the coins are stored in the exchange’s wallet, a wallet (and private keys) which is within the exchange’s control. An exchange at its most currently common centralised form has a single point of failure, and if this point of failure is compromised (for example, gets hacked), then the hacker gets control over the private keys, meaning control over the exchange’s wallets, meaning your coins are gone.

Therefore, to minimise risk it’s always better to get your coins out of the exchange and into your own wallet, the private keys of which you and only you have control over. If you can’t do this because, for example, you want to have available balances of coins for trading on the exchange, then at least make sure you use 2 factor authentication and other control measures, to protect your account as much as possible....

[1714935133]

1714935133

[1714935133]

1714935133

[1714935133]

1714935133

[hatshepsut93]

To protect their funds from hacker attacks, wallet owners should keep their keys in offline wallets, and cryptocurrency exchanges must use secure servers and trusted payment systems. This is an opinion stated by Head of Blockchain Innovation at Nir Porat & Co. Law Firm Aviya Arika.

I think at this point every Bitcoin business stores their coins in cold wallets, but they also always have a hot wallet for quick withdrawals for their customers and this is usually the target of hackers.
Now, saying "use secure servers and trusted payment systems", but it doesn't show the bigger picture - the fact that big amounts of coins attract attention of hackers, so their system must be perfect from a security point of view. To achieve this, companies must invest a lot of resource in security, they should hire consultants and testers and engineers and so on. It may be very expensive, but this is insurance against devastating loses of hacking incidents.

[entemeister]

This is the first thing that newcomers should learn before investing in bitcoin or any other cryptocurrency

[Jating]

This is the first thing that newcomers should learn before investing in bitcoin or any other cryptocurrency

Exactly, how many times we Senior and up members are preaching this? A million times.

This article should be like the first thing that every newbies in the market. Don't put all your funds in a trading platform, just have enough money in a exchange for your trading purposes and withdraw most of it in a wallet in which you have total control. Because in case of a hack, who will only likely to lose a small percentage of your investments.

I really don't understand people bitching around when an exchange was hacked and them losing all their hard earn money (literally thousands of dollars). You didn't do your homework so don't cry and blame the system.

[jamids]

When I am quite new to the forum, this is the thing that I always read from the senior members because they knew how important it is to store your coins in your wallet than in exchanges because of the Mt. Gox hack. I am not yet in crypto world when that happened but when I read that they always reiterate that one "not your keys-not your coins" then I make sure I store only in the exchange the coins that are for trading and the rest would be for cold storage. I also advice the people who needs some tips to store their coins in their wallet if they want to hold it for the long term and not in the exchange because of this very reason.

[Samarkand]

...

I think at this point every Bitcoin business stores their coins in cold wallets, but they also always have a hot wallet for quick withdrawals for their customers and this is usually the target of hackers.
...

There are a few services that don´t offer a hot wallet and are even proud of that
idiosyncracy. E.g. BitMEX (probably the biggest trading site for BTC derivatives) doesn´t have
a hot wallet and withdrawals are processed manually once a day.

0 Bitcoin lost through intrusion or hacking. BitMEX keeps all funds in cold storage.

According to their own claims they have never lost a single Bitcoin
through hacking. Depending on the kind of service this might actually
be a good option for many other Bitcoin businesses (of course it is
not feasible for an exchange with thousands of withdrawals per day).