In an Aug. 16 LinkedIn post, Germany’s Federal Office for Information Security, also known as BSI, explained the best practices for crypto storage and ultimately told users that a crypto hardware wallet was the most secure way to store private keys.
The post began with exchange-linked wallets, also known as “hot” wallets, and explained that while keeping crypto in an exchange wallet may be convenient for the end-user, it is also the least secure way of storing keys. This is because these wallets are always connected to the internet, creating an attractive target for hackers.
Next were self-custodial wallets on a user’s computer or smartphone. While this colder storage method is safer than keeping crypto on exchanges and allows users to control their keys, self-custodial wallet applications still suffer from “security gaps,” according to the BSI.
Once again, the main attack vector for these wallets is the internet, where hackers can download malicious programs to the computer or the smartphone where the application is installed and steal the user’s private keys.
The post concluded by noting that hardware wallets were “secure and protected by PIN,” before also advising users to create backups of their seed phrases or private keys and store those copies in a safe place.
Related: Ronin Network exploited for $9.8M in ETH, white hat hacker suspected
Crypto hacks on the rise in 2024
According to a 2024 Chainalysis crypto crime update, hacks rose by 2.8% compared to a year earlier. However, due to increased digital asset prices in 2024, the total value stolen rose by 84.4%.
Cybersecurity firm Halborn recently told Cointelegraph that private key exploits accounted for 52.2% of hacks in 2024 and represented 57.5% of the value stolen from the 100 largest decentralized finance hacks.
Several high-profile attacks impact crypto in July
In July, funds stolen via cryptocurrency hacks totaled $266 million, mostly attributable to the hack of a popular Indian crypto exchange WazirX.
Malicious actors believed to be linked to North Korea’s Lazarus hacking group breached WazirX’s multisignature wallet and stole $235 million from the exchange.
The Casper Network was also forced to halt operations on July 31 after an exploit tainted two blocks. The network’s validators later removed them in a reboot and synchronized upgrade of the node software. At the time of this writing, the incident has been resolved.
Magazine: Backlash as WazirX ‘socializes’ $235M loss, $10B metaverse plan for shut-ins: Asia Express