IN THIS CHAPTER

Discovering your legal vulnerabilities

Understanding the technical shortcomings of blockchains

Identifying thieves best points of attack on your systems

Developing your security best practices

In this chapter, I dig into the things you should take into account while working with blockchain technology and the cryptocurrencies that run them.

Always consult your CPA and attorney before making financial decisions. This technology is new, and the rules that govern it are not fully developed.

Don’t Use Cryptocurrency or Blockchains to Skirt the Law

The legality and the legal zoning of cryptocurrencies are still fluctuating in many places of the world. I’m not kidding when I tell you to talk to your CPA and your attorney. It will be money well spent and will keep you out of trouble.

Here are three very silly questions that I get asked frighteningly often:

• Can I use cryptocurrency as a way to hide money? This idea is a dangerous one. Remember: Blockchains keep records of all transactions forever, so even if you think you came up with a clever way to hide some tokens, those looking for bad behavior have time to find it.
• Can I use blockchains as a way to smuggle money out of my country? Many countries have limitations on the funds citizens can take out of the country. You don’t want to do this for the same reason as I just mentioned: Blockchains keep records of all transactions forever.
• Can I use cryptocurrency to buy illicit goods? The answer is — you guessed it — no! Blockchains keep a trail of your actions forever! Even law enforcement that stole Bitcoin from the infamous Silk Road marketplace got caught.

Don’t do anything with cryptocurrency and blockchains that would be illegal to do with real money.

Keep Your Contracts as Simple as Possible

Decentralized autonomous organizations (DAOs), smart contracts, and chaincode are all the rage at the moment. The promise of cutting administration and legal cost is very enticing to many corporations. A sometimes overlooked characteristic of this technology is that it is just code. That means that there is no human being interpreting the rules that you’ve laid out for everyone to follow. The code becomes law, and the law only stretches to what is incorporated into the blockchain contract. The “fat” that was cut can sometimes be very important.

There is no one to interpret the code. That means that if the code is executed in a fashion that you did not expect, there is also no one to enforce the intent of the contract. The code is law and nothing unlawful occurred. That’s why you should to keep your contracts simple and modular in nature to contain and predict the outcomes of contract fulfillment. It’s also a good idea to have your contract tested and beaten up even by other developers who are incentivized to break it.

The reach of the blockchain you’re building your project on matters, too. You can think of it like jurisdictions. Sure, a smart contract can execute on outside data, but the smart contract cannot demand funds from accounts that they do not have access to. That means that all the value must be set aside in some manner, which may encumber cash flow.

Another thing to think about is the source of information that your contract uses to execute against. If it’s weather data for an insurance contract, do you trust and agree on the source? Is it possible to manipulate the source data? A lot of thought should go into the oracle source before implementation. When building a smart contract keep in mind that your data channels may be dynamic. For example, APIs are updated frequently, and if your contract is calling one that has changed it may break your smart contract.

Publish with Great Caution

The whole point of blockchains is that once data is put in, it’s hard to take it out. That means that what you put in will be around for a long time. If you publish encrypted sensitive information, you need to be okay with the fact that the encrypted data may one day be broken and what you published may be readable to anyone.

Think about this before you publish:

• Would I be comfortable with this information being decrypted at some point?
• Am I comfortable sharing this information for all eternity with anyone who wants to review it?
• Is this data harmful to a third party and something that I could be liable for if published?

There is work being done in cryptography to make quantum proof encryption, but because both quantum computing and quantum proof encryption are still in the testing phase, it’s difficult to say what the technology will be capable of 20 years from now.

Back Up, Back Up, Back Up Your Private Keys

Blockchains are very unforgiving creatures. They don’t care if you lost your private keys or passwords. Many a crypto nerd has been laid bare and given up countless tokens to the great blockchain oceans — treasure that will never be recovered.

The private keys that control your cryptocurrency often live inside your wallets, so it’s important to protect and secure them. Be careful with online services that store your money for you. Many cryptocurrency exchanges and online wallets have had their funds stolen. Also, taking a screenshot or image and storing it on the cloud is the same thing as sending yourself an email. Whatever you do, do not do this. It will compromise your keys. You should make a plan so your loved ones can access your keys should something happen to you. A healthy 30-year-old CEO of a cryptocurrency exchange died and locked up $190 million worth of assets because he did not have a succession plan. Also, don’t overlook Bluetooth connectivity as a hidden door to your cold storage. Make sure your device is completely inaccessible from the Internet.

Only store small amounts of tokens for everyday use online or in an Internet-accessible device. Think of cryptocurrency wallets like your cash wallet. Don’t keep more money in it than you’re willing to lose at any given time. More than a hundred known malware applications are looking to get ahold of your private keys and steal your tokens.

Keep the rest of your currency in cold storage — completely offline with zero access to the Internet. This could be in a paper wallet, on a computer that can’t access the Internet, or in a unique hardware device built for securing cryptocurrency.

If you choose to use a paper wallet to secure your cryptocurrency, laminate it and make copies. Also keep in mind that printers often have access to the Internet and their data can be retrieved by third parties. The truly paranoid only use printers that have no access to the web. Keep your paper wallet copies in different locations such as a bank vault and a secure location in your home.

Back up your digital wallets and store them in a safe place. A backup is in case your computer fails, or you make a mistake and delete the wrong file. The backup will allow you to recover your wallet in case your device was corrupted or stolen. Also, don’t forget to encrypt your wallet. Encrypting your wallet allows you to set a password for withdrawing tokens.

Encryption is a helpful measure to protect you against thieves, but it can’t shield you against keylogging software. Always use a secure password that contains letters, numbers, punctuation marks, and is at least 16 characters long. The most secure passwords are those generated by programs designed specifically for that purpose. Strong passwords are harder to remember. You might consider writing down your password and laminating it like your private keys. There are limited password recovery options within cryptocurrency, and a forgotten password could mean lost tokens.

Triple-Check the Address Before Sending Currency

Cryptocurrency has attracted a fair number of scoundrels, so be careful when you send money. As soon as the money is out of your wallet, it’s gone forever, and there is no way to get it back. There are no chargebacks and you can’t call customer support. Your money is gone.

Triple-check the wallet address before sending. You want to make sure you’re sending it to the right address. Also double check the address even if you copy and paste it. There is malicious software out there that can swap your addresses for Ctrl+C/Ctrl+V commands.

Take Care When Using Exchanges

Cryptocurrency exchanges are central points that hackers like to target to steal tokens. They’re seen as pots of gold just ripe for the picking, and more than 150 of them have been compromised.

Keep this in mind while using exchanges, and follow the best practices laid out in this book to keep your tokens safe. Do a little research on the exchange you’re using to see what security measures it has in place.

Two-factor authentication is critical. You may also consider setting up a secret phrase with your telecom provider to help prevent social engineering. You don’t want to be the victim of a SIM card swap. Your phone number doesn’t have to be your backup; Google and several other companies also offer a two-factor authentication option (check out the Google Authenticator app).

Finally, just use exchanges to move your funds in and out. Don’t use the exchange as a place to store value. Instead, hold significant amounts of crypto in cold storage or in a laminated paper wallet with several copies.

Beware Wi-Fi

If your router wasn’t set up correctly, it’s possible for someone to see a log of all your activity. Also, when you’re on an unsecured or public portal, you may also be exposed to malware. You must assume that the owner of the network can see your activity.

Only use trusted Wi-Fi networks and make sure you’ve changed the password on your router to something as secure as a password. Most Wi-Fi router passwords are set to a factory default of “admin” and can easily be taken over by a third party.

Identify Your Blockchain Dev

Blockchain technology is new, and there just aren’t that many people who have a lot of experience when it comes to building blockchain applications.

If you’re thinking about hiring a developer to help you with a project, check out her GitHub and see what work she’s done before you get started. She may not need to be experienced with blockchain specifically, but if she isn’t, she should be a very experienced developer outside of the blockchain world.

There aren’t many resources out there yet to help developers when they get stuck. Inexperienced developers may struggle, and at this point most are inexperienced and will take longer to develop your application.

Don’t Get Suckered

The blockchain industry as a whole does not have the same protection and security measures that banks and other financial institutions have, and there are not the same laws for your protection and financial welfare. There is no consumer protection and no FDIC bank insurance of funds from the government. If you get robbed or conned, you may not be able to turn to anyone for help.

Also, the industry has had a lot of hype in the last few years without much delivery of things of real value. The year 2016 saw over a thousand new blockchain companies pop up overnight claiming expertise. When you’re looking at developing a project and trying to decide if it’s worth the investment, it’s always a good idea to take a minute and make sure it even makes sense. Ask yourself the following questions:

• Is there real value generated?
• Is the value created in the way that benefits you?
• Why hasn’t it been done already?
• Are there other more tested technologies that could be used to accomplish the same thing with the same efficiency or better?

Blockchain technology holds a lot of promise and power and, as such, should be approached thoughtfully and carefully.

Don’t Trade Tokens Unless You Know What You’re Doing

Cryptocurrencies are very volatile and will swing wildly in value at any given time and sometimes for no discernable reason. Many of the cryptocurrencies have little depth, and trading large amounts can crash the market value. Working with public blockchains means that you’ll likely need to hold some amount of the currency to utilize them.

Don’t get caught up in trading the tokens unless you take the time to understand the market well. A good rule of thumb is if you haven’t traded traditional assets like stock before, be sure to take extra time to understand cryptocurrency. You need to dive just as deep into it as you would to learn about the stock market before you get started. Consider reading Cryptocurrency Investing For Dummies by Kiana Danial (Wiley). If you do choose to trade the tokens and cryptocurrencies, don’t forget to report this activity to your accountant. You may need to report your gains or loses on your income tax return.