Zhao Changpeng: How to ensure the security of cryptocurrency assets?

This article was published on February 23, 2020, on the Binance Official Blog, authored by Binance CEO Changpeng Zhao.

Security is paramount. While this is an obvious fact, it pains me to see that most ordinary people lack security awareness. Many experts assume that everyone has a deep understanding of security issues and then design or recommend advanced features that are not only difficult to use but can easily be messed up if not handled carefully, which also troubles me. Security is a broad topic, and while I am not an expert in many related fields, I have witnessed many people encounter security problems. Recently, with the rise in cryptocurrency prices and increasing market activity, many newcomers are returning to the cryptocurrency space. In this article, I will do my best to explain some security concepts related to holding cryptocurrencies in plain and understandable language. They include:

1. Some basic concepts regarding security

2. Whether we should/should not hold cryptocurrencies ourselves and how to hold them

3. Whether we should/should not hold cryptocurrencies on trading platforms and how to hold them

4. Other topics

First, nothing is 100% secure. For example, if an asteroid were to hit Earth one day, no matter how you save your funds, they are unlikely to be safe. Yes, you could store your funds in space, but how long could that savings last? And if Earth is gone, does it still have value? Perhaps by then, you wouldn't care about it anymore. So, when we talk about security, we are actually asking the question: "Is this secure enough?"

Let’s define the concept of "secure enough." Its definition varies for different people and different purposes. If you deposit $100 into a spending wallet, you might not need ultra-high security; a mobile wallet would suffice. However, for millions of dollars or life-and-death funds, you need to take stronger security measures. In the following content, we will explore security measures for larger amounts of funds.

To ensure the security of the cryptocurrencies you hold, you only need to do the following three things:

1. Prevent others from stealing them.

2. Prevent yourself from losing them.

3. Find a way to transfer the funds so that if you are no longer around, they can still be passed on to your loved ones.

Sounds simple, right? But actually achieving these three things requires a certain level of knowledge, effort, and wisdom, which most people either do not understand or overlook.

Now, let’s elaborate on this.

Whether we should/should not hold cryptocurrencies ourselves and how to hold them

"My keys, my funds." Is it really that simple?

Many original cryptocurrency advocates insist that only holding cryptocurrencies yourself is secure, but they never consider how much of a technical challenge this poses for ordinary people. Is this really the best advice? Let’s discuss this approach.

Let me ask you a question: What does a Bitcoin private key look like? If you don’t know, please keep reading.

A Bitcoin private key looks like this: KxBacM22hLi3o8W8nQFk6gpWZ6c3C2N9VAr1e3buYGpBVNZaft2p

It is just a combination of numbers and letters. Owning it allows you to transfer Bitcoin from that address.

Another concept is "mnemonic phrase," which consists of 12 or 24 English words combined in a specific order. They can be used to generate a series of private keys. Many wallets use mnemonic phrases. In the following content, we will use the term "private key," but most processes and recommendations mentioned in the article also apply to "mnemonic phrases."

Back to the main topic. To ensure the security of the cryptocurrencies you hold, you need to:

1. Prevent others from obtaining your private key; prevent hacking, prevent your computer from suffering from viruses and network attacks, etc.

2. Prevent yourself from losing your private key; back up your data to prevent loss or device damage, and ensure proper backups.

3. Find a way to transfer the funds so that if you unfortunately pass away, you can transfer the private key to your loved ones. This idea is not very pleasant, but as responsible adults towards our loved ones, we must manage this risk.

Now let’s analyze each point in detail.

1. Prevent others from obtaining your private key

This is an obvious risk. We have all heard of hackers, viruses, trojans, etc. We do not want these things near where we store our tokens.

To fully achieve this, our devices should not be connected to the internet, nor should we download any files from the web. So how can we securely send and receive cryptocurrencies?

Let’s talk about some different devices that can be used.

A computer is one option, which typically has more functionality. If you use a computer to store tokens, it should not be connected to the internet or any other network. Once connected to the network, hackers may exploit vulnerabilities in the operating system or other applications to find opportunities for attack. Remember, all software has vulnerabilities.

So, if the computer is not connected to the internet, how do we install software? We can use a CD ROM or USB drive and install at least three antivirus programs to ensure they are clean. Download the software (operating system or wallet) to the USB drive, wait 72 hours, continuously check for update notifications, and ensure that the downloaded software or the website from which it was downloaded has no security issues. It is very common for official websites to be hacked or download packages to be replaced by trojans. We must download software only from official websites. Additionally, using open-source software can reduce the likelihood of worms appearing. Although we are not programmers, open-source software has been reviewed by other programmers, making the probability of worms lower. Therefore, we should use a stable version of Linux (rather than Windows or Mac) and only use open-source wallet software.

Once all software and the operating system are installed, we can use a clean USB drive for offline signing of transactions. The operation methods vary for different wallets, which is beyond the scope of this article. Many other tokens, besides Bitcoin, do not have wallets that can perform offline signing.

At the same time, we need to ensure the physical security of the devices used. If someone steals this device, they can directly access it. Therefore, we must ensure strong encryption of the hard drive so that even if someone obtains the hard drive, they cannot read it. Different operating systems have different encryption tools. Hard drive encryption tutorials are also beyond the scope of this article, but they can be easily found online.

If you have done all of the above, you may not need to read the following content. But if you don’t like these options, there are a few others.

The next option is a mobile phone. Now, with sandbox-designed mobile operating systems, non-rooted/jailbroken phones are much safer than computers. There are too many versions of Android to track individually, so I usually recommend using an iPhone. We should have a phone dedicated solely to wallet installation, not used for any other purposes. This phone should always be in airplane mode and only turned on when conducting wallet transactions. I also recommend equipping this phone with a separate SIM card and only using 4G to access the internet; never connect to any Wi-Fi. Only connect to the network when signing transactions and upgrading software. If the amount in the account is not too large, this approach is generally fine.

Some mobile wallets have offline signing capabilities (via QR code scanning), so our phone does not need to be connected to the internet during the process of downloading the wallet app and generating the private key. This ensures that the private key has never existed on a phone that has been connected to the internet. This avoids the wallet app being infected by worm viruses or sending data back to developers. Many wallets have experienced such issues in the past, even official versions. However, the downside is that we cannot upgrade the wallet app or operating system. To upgrade the software, we need to install the latest version of the app on another phone, set it to airplane mode, generate a new address, back it up (which will be discussed later), and then transfer the funds to the new phone. This process is cumbersome. Additionally, the number of tokens/blockchains supported by these wallets is also limited.

At the same time, we need to ensure the physical security of the phone. Although the latest versions of iPhone hard drives are fully encrypted, there are reportedly devices that can unlock iPhones by cracking the PIN code.

Hardware Wallets

We can also use hardware wallets. These devices are designed to permanently store private keys, eliminating the need for computer backups. Transaction signing is also done directly on the hardware. However, not everything is 100% perfect. Hardware wallets can also have hardware and software vulnerabilities. There are many different hardware wallets on the market. We generally recommend choosing those with a longer history and higher brand recognition, as they have undergone more scrutiny. Among the two mainstream hardware wallet brands, there have been reports that one can easily obtain the private key once it falls into the hands of a hacker. Therefore, we must ensure their physical security. Additionally, almost all hardware wallets require interaction with computer (or mobile) software to complete operations. So, we also need to ensure that the computer is free of viruses and not under hacker attack. Some viruses can alter the destination address to that of the hacker at the last moment of a transaction. Therefore, we must carefully verify that the transaction's destination address is correct on the device. Even so, ensuring the security of the computer is essential. Having a hardware wallet can indeed avoid some of the simplest hacker operations to steal private keys, but I still strongly recommend preparing a clean computer as a dedicated machine and keeping all firewall functions turned on. Overall, if you want to hold tokens yourself, a hardware wallet is a good option. However, it is more troublesome to manage backups, which we will discuss in the next section.

There are many types of wallets and devices. I cannot cover them all here, but the ones mentioned above are the most standard types. Now that we have discussed how to reduce (rather than eliminate) the probability of others stealing your private key, we have answered 1/3 of the question regarding how to hold tokens yourself.

2. Prevent yourself from losing your keys

We may encounter situations where we lose the device storing the tokens or the device is damaged. Therefore, we need: backups.

There are many different methods here too. Each has pros and cons.

Backups also come in many forms, and each has its advantages and disadvantages. Fundamentally, we want to achieve multiple backups in different geographical locations that are not visible to others (encrypted).

We can write it down on a piece of paper. Some wallets using mnemonic phrases recommend this method because writing down 12 or 24 English words is relatively easy. However, for private keys, we can easily make mistakes with uppercase and lowercase letters, or our handwriting may be too sloppy (for example, confusing O and 0), making it difficult to determine where the problem lies later. However, writing on paper has many more serious issues. These papers can be:

• Lost -- lost along with other papers

• Destroyed -- burned in a fire or washed away in a flood

• Easily readable by others -- not encrypted

Some people store their key papers in bank safes, but for the reasons mentioned above, I usually do not recommend doing so.

Do not think that taking a photo of the paper (or screenshot) or uploading it to the cloud is a secure backup. If hackers attack your email or computer, they can easily find your keys. Additionally, cloud service providers may also perform multiple backups, storing them in different locations, and their employees may also see this information.

Some specially designed metal tags can be used for backing up mnemonic phrases. These metal tags are generally not destructible, thus largely avoiding the risks of fire or flood. However, they do not solve the issues of physical loss or easy readability. Many people store metal tags in bank safes, usually alongside gold and other metals. I guess people who like to buy metal products are likely to do this. If you adopt this method, be aware of its limitations and risks.

My recommended approach is to use several USB drives. This does not require any technical means (the typical "designed for experts" fallacy). There are shockproof/waterproof/fireproof/magnetic-proof USB drives on the market. We can store encrypted versions of the private key backups in several such USB drives and keep them in different locations (at a friend's or relative's house). This solves all the problems mentioned earlier: multiple locations, not easily damaged or lost, and not easily readable by others. The key to this approach is strong encryption. There are many corresponding tools available on the market, and they will continue to become more advanced. VeraCrypt is one such entry-level tool with decent encryption. Its predecessor, TrueCrypt, was popular for a while but was later found to have some security vulnerabilities in peer reviews, leading to its discontinuation. Therefore, we recommend that users familiarize themselves with different products and choose the best and latest encryption tool for themselves. Additionally, do not share your backup with anyone, even if it is encrypted. Furthermore, we recommend rotating your private keys periodically (i.e., generating new private keys and sending funds from the old address to the new address).

3. Providing security for loved ones

Humans cannot live forever. Therefore, we need an inheritance/estate plan. In fact, cryptocurrencies can make wealth transfer simpler and reduce third-party involvement. Similarly, there are several different ways to achieve this:

If you are using low-security paper or metal tags, you can directly hand them over to your heirs. However, this certainly has some potential downsides. If they are too young or lack technical skills, they may mishandle the backup. If the security is messed up by them, hackers can easily steal funds through them. Additionally, heirs can take your funds at any time. Whether you want them to do so depends on the trust relationship between you.

I strongly advise against sharing private keys with others, no matter how close your relationship is. The reason is simple: if funds are withdrawn/stolen, it is impossible to determine who the operator is or who mishandled the storage, leading to confusion.

We can place the paper or metal tags in a bank safe or give them to a lawyer. However, as mentioned above, if any intermediary learns the key, they can withdraw funds without leaving a trace. This is completely different from a lawyer needing to go to the bank to transfer funds to the heir.

But if we use the USB drive method mentioned above, we can transfer funds more securely. However, this will require more setup steps.

There is an online service called "Deadman's switch." They will periodically (e.g., monthly) send messages to users, who need to click a link or log in to respond. If there is no response for a certain period, the account will be considered "dead," and the system will automatically send emails to the recipients and content previously set by the user. I do not recommend this service, but if you are interested, you can Google it for more information and try it out. In fact, Google itself has such a service. Among its many settings, there is an option that allows others to access the account if the user has not logged in for more than three months. I personally have not tried this option, so I cannot comment. Please verify it yourself. If you are thinking, "Oh! Great! I can just put the key in an email to pass it on to my child," then please read this article from the beginning again.

You might think, I can put the password for the encrypted USB drive in an email, so my partner or child can unlock it. This is very close to the correct approach, but not quite enough. Just as we cannot keep the password together with the backup on an internet server, as this would greatly weaken the security of the backup/funds.

If you are thinking, then I can scramble/encrypt the email containing the USB drive password and set another password to inform my loved ones. This is the right idea. In fact, you do not need a second password. At this point, you can use a tried-and-true encryption tool called PGP (or GPG). PGP is one of the early tools that adopted asymmetric encryption (which Bitcoin also uses). Here, I will not introduce the PGP usage tutorial; you can find it easily online. In summary, have your partner or child generate their own PGP private key, and then you use their public key to encrypt the "dead" information. This way, only they can read the information. This method is relatively secure, but it requires them to ensure the security of their PGP private key and not lose it. Of course, they also need to know how to use PGP email, which requires a certain level of technical skill and is somewhat complicated.

If you understand the above suggestions, then your ability to hold a large amount of cryptocurrency yourself has reached a basic level (rather than an advanced level). Regarding some of the issues mentioned above, we still have many solutions to discuss, including multi-signature, threshold signatures, etc., but they belong to more advanced guides.

4. Using Trading Platforms

In this article, "trading platforms" refers to centralized trading platforms that hold funds in custody.

After reading the previous parts of the article, you might say, "Oh my, that sounds too complicated. I’ll just store my tokens on a trading platform." However, trading platforms are not without risks. While trading platforms are responsible for the custody of funds and system security, we still need to take some actions to ensure the security of our accounts.

Only use reputable large trading platforms. From my perspective, of course, I would say this because Binance is one of the largest trading platforms in the world. But there are many other strong reasons as well. Not all trading platforms are the same.

Large trading platforms invest heavily in infrastructure security. Binance has invested hundreds of millions of dollars, which is a reasonable figure for our business scale. Security involves many aspects, including devices, networks, processes, personnel, risk monitoring, big data, AI, training, research, testing, third-party partners, and even the relationship between the platform and global law enforcement agencies. Maintaining platform security requires a significant investment of funds, manpower, and energy. Smaller platforms simply do not have the corresponding scale or economic capability. I may face some controversy for saying this, but I often say that compared to holding funds yourself, this is the reason why most ordinary people choose to use trusted centralized trading platforms.

Trading platforms have counterparty risks. Many small/new trading platforms may initially create an exit scam. They may run away after collecting users' deposits. Therefore, be sure to stay away from those "non-profit," zero trading fees, high discounts, and/or rebate reward trading platforms. If these platforms do not aim to generate normal business income, then your funds may be their only target. Proper security measures require significant investment, so it is essential for platforms to have a sustainable business model. Do not take your asset security lightly. Profitable large trading platforms will not create exit scams; they have no incentive to do so. If a platform is profitable, has a sustainable business model, and has a business worth billions of dollars, what reason would there be to steal millions of dollars and then live in hiding and fear?

Large trading platforms have also undergone more scrutiny regarding security. Yes, large platforms are more likely to become targets for hackers, which is a risk. However, hackers also target smaller platforms, and some of them are easier to exploit. Large trading platforms typically rotate and collaborate with 5-10 external security companies to conduct penetration testing and security assessments.

Binance is more advanced in security than most trading platforms. We invest heavily in big data and AI to defend against hackers and fraud. We have successfully helped many users who suffered from SIM card swapping avoid losing funds. According to some users who use multiple platforms, after their email was hacked, funds on other platforms were stolen, but their funds on Binance remained intact because AI prevented hackers from withdrawing the stolen funds. Smaller trading platforms would not be able to achieve this, simply because they do not have as much data.

When using trading platforms, ensuring account security is obviously very important. Let’s start with some basic knowledge.

1. Ensure Computer Security

Generally speaking, the computer is the weakest link in the entire security chain. If possible, use a dedicated computer to log into trading accounts. Install commercial antivirus software on the computer (yes, ensuring security requires investment) and try to minimize the number of junk software. Turn on all firewall functions.

Use another computer for gaming, surfing the web, downloading, etc., and ensure that antivirus software and firewalls are also fully operational. Viruses on this computer could potentially allow hackers to infiltrate other computers on the same network. So, please ensure that this computer is also clean.

• Avoid downloading files

Even if you do not have a wallet installed on the computer, I strongly recommend not downloading any files on the computer or phone. If someone sends you a Word file, ask them to send it as a Google Doc link. If they send a PDF, open it in Google Drive in the browser, not on the computer. If they send you a funny video, ask them to send it as a link on a video platform. Yes, I know this is tedious, but ensuring security is not free, and losing funds is real money. View all files in the cloud; do not download anything locally.

Additionally, please turn off the "auto-save photos and videos" feature in instant messaging software. Many software have default settings that automatically download emojis and videos, which can impact security.

• Keep software updated

I know that operating system updates can be annoying, but updates can fix known security vulnerabilities. Hackers also pay attention to these updates and exploit discovered vulnerabilities to invade the computers of users who are lazy to update. Wallet software or trading platform apps usually follow the same pattern. So, make sure the software you use is up to date.

2. Ensure Email Account Security

I recommend using Gmail or ProtonMail accounts. These two email service providers are generally more secure than others. We have seen more security incidents occurring on other email platforms.

I strongly advise users to create a dedicated email account for each trading platform and use some obscure names. This way, even if other trading platforms experience security incidents, your account on Binance will not be affected. This also reduces the probability of email phishing scams.

Enable 2FA services in your email service. I strongly recommend using Yubikey. It can defend against many types of hacker attacks, including phishing sites. We will discuss more about 2FA later.

If SIM card swapping scams have occurred in your country, do not bind your phone number as a recovery method for your email account. We have seen many victims of SIM swapping scams suffer from email account password resets and account hacks. Overall, I do not recommend binding phone numbers and email accounts. Please keep them separate.

3. Ensure Password Security

Assign a unique strong password for each platform account. Do not be afraid of forgetting passwords. Use a password management tool. For most people, LastPass or 1Password will suffice. Both of these software integrate well with browsers, phones, etc. Both claim to store passwords only locally, but they sync between devices using encrypted passwords. If you want a more professional tool, you can use KeePass or its version suitable for your operating system. KeePass stores information only locally. It does not sync between devices, and mobile support is limited. It is open-source, so you do not have to worry about worms or other security vulnerabilities. Please familiarize yourself with and choose a tool that suits you. But do not use simple passwords or the same password across all platforms just to "save time." Always use strong passwords; otherwise, the time you save may cost you a significant loss of funds.

With these tools, if your computer still gets infected with a virus, you are in trouble. So, please use good antivirus software and keep it running.

4. Enable 2FA Verification

I strongly recommend enabling 2FA (two-factor authentication) immediately after creating your Binance account. If you haven’t done this yet, please do it right now. Since the 2FA code is usually stored on your phone, it can provide a certain level of protection when your email and password are hacked.

However, 2FA does not provide complete protection. For example, if a computer virus steals your email address and password, it can continue to steal your 2FA code by tracking your keyboard input. For instance, if you enter a phishing site and input your email address, password, and 2FA code, hackers can use this information to log into your real Binance account. There are many possible scenarios, and we cannot list them all. Therefore, we still need to protect our computers and be wary of phishing sites (more related content will follow).

5. Install U2F

U2F is a hardware device that generates a unique time-based, domain-specific code. Yubikey is arguably the most suitable device for U2F. (Although many hardware wallets can also use U2F, the user experience is not as good, requiring app installation, and the entire process is relatively slow.)

U2F has three major advantages. First, it is hardware-based, so the secrets stored on the device are almost impossible to steal. Second, it is specific to a domain. Even if you accidentally enter a phishing site, it can still provide protection. Finally, it is very easy to use.

For these reasons, I strongly recommend binding Yubikey to your Binance account. It provides one of the best security measures against hackers stealing funds.

Also, please bind Yubikey to your Gmail account, LastPass, and other supported accounts to ensure their security.

6. Stop Using SMS Verification

There was a time when SMS verification was very popular. But times have changed. With the rise of SIM swapping scams, we recommend that everyone stop using SMS verification and switch to the aforementioned 2FA or U2F verification methods.

7. Create a Withdrawal Address Whitelist

We strongly recommend using Binance's withdrawal whitelist feature. Once enabled, users can quickly withdraw to verified addresses, making it more difficult for hackers to add new withdrawal addresses.

8. API Security

Many of our users use APIs for trading and withdrawals. Binance offers different versions of APIs, with the latest version supporting asymmetric encryption, meaning we only need to know the user's public key. This way, users can retain their private keys and only provide us with public key information. We determine order ownership through the public key and will never ask for the user's private key. Please keep your private key secure.

If you use a trading platform, we do not need to perform API backups like we do for self-holding. If the API key is lost, you can create a new key at any time. Just ensure that others do not know your API key.

9. Complete L2 KYC Verification

One of the best ways to ensure account security is to complete L2 KYC verification. This way, we can know what you look like and use advanced automated video verification technology to verify when our big data risk engine detects anomalies in your account.

This is also very important for the scenario of "unfortunate passing." After proper verification, Binance can help family members access the accounts of deceased relatives.

10. Ensure the Physical Security of Phones and Other Devices

Make sure to secure your phone. Because your email app, Binance app, 2FA passwords, etc., may be installed on it. Do not jailbreak your phone. That would greatly reduce security. Additionally, ensure that the phone is not lost and has a screen lock. The same goes for other devices. Ensure they do not fall into the hands of others.

11. Be Wary of Online Scams

Be cautious of online scams. These actions usually occur through emails, messages, or social media, where clicking a link will pop up a page that looks very much like the Binance website, prompting you to enter identification information, and hackers can use this information to access your real Binance account.

We can avoid scams by being careful. Do not click on any links in emails or social media pages. Manually enter the web address when accessing the Binance website, or use bookmarks. Do not share your email with others. Do not use the same email across different websites. If a stranger (especially someone named CZ or similar) suddenly contacts you in a Telegram group or on Instagram, be very cautious.

Overall, as long as you follow the above advice, your Binance account can achieve relatively high security.

So, which is better? I usually recommend using both centralized trading platforms and your own wallets. If you are not very tech-savvy, I suggest keeping larger amounts on Binance and preparing a separate spending wallet (TrustWallet). If you are more technically skilled, you can adjust the ratio accordingly.

Centralized trading platforms occasionally undergo maintenance, so having another usable wallet prepared is convenient during those times.

4. Other Topics

Scams are rampant. Scammers create fake social media accounts and make them look like celebrity accounts, such as @czbinance, and then try to persuade you to send money to them. Remember this principle: unless it is your intention, do not send funds to anyone. When trading, always verify the other party's true identity through two different channels.

If CZ suddenly contacts you and persuades you to send some tokens to him for compelling reasons, please report that account immediately.

If a friend suddenly messages you asking for some cryptocurrency in an emergency, be sure to call to verify, or ask them to send a short video for verification. At this point, we should consider whether the friend's instant messaging software could have been hacked or if their phone was stolen.

1. YouTube Fraud

YouTube scammers are becoming increasingly sophisticated; they even edit fake videos of CZ doing airdrops. If you see these, just report them.

2. Social Fraud

If a reward activity requires you to send some tokens to a certain address first and then promises to return more, do not believe it; you will not receive a return.

Remember a simple principle: always be cautious when sending cryptocurrency.

3. Do not click links in emails

Do not click links in emails and then enter your username or password on the pop-up page. This is definitely a trap. So, do not click follow links on social media websites, nor log in on their pop-up pages.

Automatically consider them as phishing sites. Just ignore them.

When entering commonly used cryptocurrency trading platform websites, always manually enter the web address.