Buying cryptocurrency comes with risk. For the most part, risk mitigation is the key to buying safely. The crypto exchange industry has boomed in recent years, leaving beginners with many options. But not all exchanges are equal from a user security and cyber security perspective.
Additionally, with decentralised exchanges (DEXes) becoming increasingly popular, it’s important to understand how security factors into choosing where to buy or sell and, specifically, how to access DEXes.
Your computer is exposed to increased risk from the moment it goes online. This risk goes up significantly when you use a search engine like Google to find information.
The big risk here is that your computer becomes compromised by a nasty virus. If you’ve chosen to be your own bank like most crypto enthusiasts, you need to take cyber security extremely seriously.
Some general cyber security tips to strongly consider:
If you’re looking to on-ramp from fiat—that is, exchange your local currency for cryptocurrency—you’ll most likely need to consider using a centralised exchange (CEX). There are some benefits of using a CEX, mainly that they are run by registered companies—many of which operate in developed countries with a strong legal system such as Australia and the U.S.
If you choose an exchange that’s registered in a country with consumer rights laws that you aren’t familiar with, you could be left without any leg to stand on if something does go wrong. Conversely, for example, if you live within Australia and choose a CEX that’s run by a registered Australian business, you’re protected somewhat by the Australian Competition and Consumer Commission. As not all CEXes are set up in sensible jurisdictions, so it’s important to do your own research.
On the other hand, if you‘re looking to buy your new favorite altcoin but don’t need to worry about on-ramps since you already have some ETH in a wallet, you may opt for a DEX.
A DEX is inherently not owned or operated by a company and simply exists as an internet entity. A global organisation which is run by users around the globe and not governed by any country or government’s laws. That is however the biggest strength of a DEX in that it is independent and run by the global community.
You may find using a DEX is too complex and want to use the simpler CEX method where you visit their site, make an account—or log in if you have one already—deposit your cryptocurrency for exchanging and make the relevant buy or sell order.
The majority of exchanges are relatively illiquid, meaning they have little volume in their order books. These exchanges are also more likely to list thinly traded altcoins that offer a higher risk profile.
Exotic exchanges that operate in near-lawless jurisdictions are equally high risk in that they can shut operations or become ‘compromised’ and close up shop, leaving any user cryptocurrency left on the exchange at the hands of attackers or exit scammers.
It’s for these reasons that you check the reputation and legitimacy of the crypto exchange before choosing to use them. Some things to consider before choosing whether to use an exchange such as this:
Review the exchange’s privacy policy and terms and conditions. This may sound daunting or even torturous given how these policies are typically worded. However they can contain clues which you can follow to get a good sense for the exchange’s reputation.
See if you can determine the entity that is behind the exchange and search to see where they are registered/domiciled. If this information is either unavailable or very difficult to find, your warning signs will likely be going off.
Checking exchanges’ social media accounts and their level of activity can also help you gauge reputability.
Many popular crypto resource sites like CoinGecko and CoinMarketCap offer reputation scores for various exchanges. This can be a good indicator to kickstart your research. It’s important not to trust someone else’s opinion and to always do your own research into the exchange you’re thinking about using.
Regardless of which CEX or DEX you choose, you’ll have to visit their website. While most people find exchange websites via Google, this method is prone to attack.
Google often shows ads above the search results.. These ads can be nefarious ones that Google was unable to filter. Clicking on these ads can dramatically increase your computer’s security risk as well as the risk your cryptocurrency is stolen.
It’s also possible that you search for the exchange’s name but make a typo, causing a phishing website to become the top result and, without noticing, you visit the phishing website and put your computer security at greater risk of attack.
Avoid having to use Google or another search engine by bookmarking exchange websites.
If you’ve had to go down the search engine path, as you browse the search results be sure that the URL is what you are expecting it to be, checking each letter in the sequence to ensure it’s legitimate. Phishing websites will often take advantage of the human brain’s ability to auto-correct spelling errors without us even noticing.
You may look at ‘shapshift’ and think you’re reading ‘shapeshift’. It could be that the URL contains non-standard characters which appear almost exactly like the standard ‘ASCII’ character-set on your keyboard.
The URL may have replaced a single letter with one of these non-standard characters to make ‘uniswaρ’ look almost exactly like ‘uniswap’. However, the link takes you to the website of a bad actor who wants to steal all the cryptocurrencies you own.
Ensure your browser shows a ‘https’ prefix on the URL and that there are no security warnings regarding the website’s certificate. Often, scam websites will be unable to pass certificate authenticity checks—which all good browsers perform—and so a warning will typically appear when you go to visit their website.
Often users will skip the computer and go straight to their mobile device to search the App Store/Play Store for an exchange. Just like a search engine, these marketplaces are susceptible to fake apps appearing in results. Always check the publisher of the app which you are planning to download to make sure it’s the authorised publisher. (You may even want to check what other apps they have published as a reference point.)
One of the more secure ways to install the right app is to visit the official website and use the shared links.
The same things should be considered for browser extensions where you’re browsing a marketplace and using a search engine to find what you’re after.. The most secure way is to visit the official website of the relevant software to find their official extension marketplace link. This will help ensure you instal the authentic app.