Crypto Security – How to stay Safe in Crypto
Recently, our crypto community must have had a panic attack when they just had to go through the bankruptcy crisis and lock money from the FTX exchange. And then facing the risk of losing property with the information because this exchange’s mobile application is manipulated by hackers to install malware intent to steal important personal data from victims who are users of the exchange.
The collapse of FTX also caused a series of bankruns from related exchanges and projects, making us question the ability to optimize asset security on CEX in a state of anxiety. and extreme loss of confidence.
There will be many people choosing to trust Binance, while most follow the advice of experts and withdraw money to personal wallets (non-custodial wallets) also known as hot/cold wallets. However, no matter how you store your assets, don’t forget to equip yourself with knowledge about risks and ways to avoid them. Before writing the article myself, I have been hacked twice in a row and lost my personal wallet and suffered damage to saved assets, so there are also bloody lessons. So today I want to write again in the group to help everyone gain more knowledge from the methods to secure your crypto efficiently.
To secure assets on a good blockchain wallet, you need to do the following 2 bullet points:
– Prevent hackers from accessing data in personal devices (seed phrase, password, private key, …)
– Have a reasonable storage plan for important data (avoid exposing private confidential information)
First, don’t let others infiltrate the data in your personal device
As you know, our personal wallets will have 2 types, hot wallets (eg metamask wallet, safepal, trust wallet) and cold wallets (eg ledger, trezor). The basic difference between these two wallets is that the hot wallet will connect to the internet, while the cold wallet will store it offline. Cold wallets are therefore seen as a safer storage option, as there is no frequent interaction with the internet. However, it will also have its own disadvantages (I will talk about it below) and the safety of both wallets will also depend on the device you interact with it.
For example, if you want to store on a hot wallet (like a metamask wallet) on a device (ex: a Phone or a PC), it’s best not to download any applications, files online or even connect to the internet, especially the public internet/wifi (you’ll notice that the public internet often has to give permission for it to provide the network => other people can easily infiltrate to get the key)
Personally, I’m using a blockchain hot wallet on a separate phone because it’s more flexible (I can carry it, PC must leave it at home) + store more types of assets, because I often hold low-mid cap goods, so I’m using it to transfer money quickly for convenience.
For phones, it is recommended that you use an Iphone or Samsung, security is ok. And of course, this is just a device to install wallet applications to store assets, not for daily interaction like normal phones you often use. The phone must be completely new, brand new, unboxed, or else, reset the whole thing by erasing “all contents and settings” (this is what you search online to find out how). Then just download every popular wallet app like Metamask, or Trust Wallet, don’t download anything else (emphasize not to download anything else)
You should leave airplane mode on full time, and only connect to the internet when you need to transfer money or approve transactions. In addition, you should also use a new 4G registered sim to use your own network, and do not connect to any external internet network.
Personally, I currently also use another application, Gnosis Safe, to increase security, because it will allow multiple wallet addresses to participate as the owner, that is, if you want to transfer When money goes out, all wallet addresses designated as owner wallets must sign the transaction. Hence if a hacker can access the main fund address, it can’t do anything because it has to hack the other wallet to confirm the transaction.
In addition to using your own hot wallet, you can use a cold wallet to store coins for greater safety because the seeds and private keys will be stored offline. However, with most cold wallets, in order to transact, it is necessary to connect to the software provided by the issuer on the computer (or a mobile phone). Therefore, you also need to make sure that the computer is not infected with a virus to avoid hackers from entering. In addition, the hardware wallet only supports storing certain popular assets such as BTC, ETH, USDT, etc., so you can consider more. See the coins that Ledger supports:
Second, secure private key storage.
A wallet on a blockchain or a cold wallet will have a seed phrase and a private key – you have 2 options:
- Write down 12/24-character clusters by hand, do not take pictures or save them in any electronic form, and DO NOT type and print out (if a hacker can log in, it will be easy to find out). Okay). When writing down, you can consider adding 1 more letter or changing the position of the letters, if someone gets the paper, nothing can be done. Think about storing 2 copies of the keys or more and put them in different places. If the other copy catches fire or anything, there’s still the other one.
- Save the key in the USB and encrypt it – this one will require a bit of technicality. Simply save the key to the USB and use software (eg VeraCrypt) to encrypt it. Using USB is safer and not affected by physical influences like writing on paper (you can learn more about this option yourself)
However, the above solutions are only for large capital reserve, and long-medium-term investment, most of us will also trade on the floor, as well as hunt for low cap goods, interact with projects every day on another device using a hot wallet.
So how to ensure safety on these devices from cyber attacks?
Note: once you have put the fund on a device that interacts frequently in the market, it increases the likelihood of being hacked. Therefore, I recommend that you only spend a part of your capital in this device, if you want to buy stored coins, then you must transfer them to your wallet immediately.
How Hackers Can Scam You
First, I will list some cases and perspectives on the issue of cyberattacks in the market, so that everyone can better understand:
- Send strange tokens into the wallet. Every once in a while, you check your account on blockscan, you will find that there are some strange tokens in the wallet, and when the swap is over, the amount will be extremely large, but when you swap it is also the time. ae give the hacker the right to break into the account and transfer all the money
⇒ Don’t swap right away, but check the contract carefully to see if there is a transaction, no transaction or volume, please be careful as it is possible that you received the token from the airdrop but don’t remember.
- Spoofing and sending scam links. This is something you are probably familiar with when there are so many scammers impersonating boss Ryan to cheat, send links to phishing websites. Phishing websites are fake websites used to steal user accounts, it will often be very similar to the main websites and if you connect your wallet or enter any information, or download something, the hacker will hack it. Log into your account right away
⇒ always be on the lookout when clicking on links, entering accounts, passwords from online links, gmail or sending money to anyone. Use web virustotal to check if the URL is safe.
In general, there are many ways for hackers to attack and cheat, but in general, these methods will have the following directions:
- Promising to bring huge profits – “Nothing in the world is free” – you should remember, suddenly one day there is a chance x2 fortune, money falls from the sky when you don’t Whatever you do, always be careful.
- Ask for your Private Keys or Seed Phrase – Never share your passwords, private keys or security phrases. Any individual, project or ICO that asks for your password, private key or security phrase is a scam.
- Had been a scam – A scam will always be a scam. If a project or a company has been accused of fraud in the past, beware of their future projects because
And of course, to avoid these unfortunate cases, in addition to prevention we will also need:
- Machine security – Invest in using anti-virus software and scan regularly, turn on firewall and max security on google chrome. Only use web trading, or related applications.
- Avoid file downloads – Try to limit downloading files from the internet as low as possible, if your friends send docs files, please tell them to transfer the google docs link to read. Also, turn off “automatically save photos and videos” in messaging apps as it is not good for security. In short, anyone who sends a file can never click on it, and download it, whether it’s a close friend or a partnership.
- Use copyrighted goods – do not use any pirated, poor quality, unreliable goods from the internet because there will always be risks.
- Enable 2FA (Two-factor authentication) – use google authenticator for related accounts like Binance, gmail, etc.
- Set a strong password and save it offline – Do not save the password online, if you do, you must use reputable software to encrypt it, just save it on paper and save it as a seed phrase. Do not repeat passwords on different pages, no need to remember anything, save it and manage it on your own paper or software like Keeper, Lastpass.
- Check smart contract and revoke wallet regularly
For those of you who play and use DeFi frequently, sometimes dApps will ask you to sign a contract to be able to use the feature, and of course it will allow the project some rights to access your money. If a hacker can find a vulnerability, they can easily steal funds from authorized wallet addresses.
To be safe, try to go to Cointool to check the apps, tokens you have licensed, and delete some of the ones we don’t like every day. It will take work, especially those who play airdrop, and like I said, store big money in another device and this device only holds a small amount of capital to play regularly.
Hopefully this article will give you more perspective and awareness about investing in security and keeping assets in the market. Blockchain gives us the opportunity to really own our assets, but we need to be conscious, responsible, and full of knowledge to avoid unfortunate situations.
If you do not have enough security knowledge on blockchain wallets, I encourage you to only store funds on reputable large CEX exchanges like Binance, use a little money to try first. After that, if you have enough knowledge, you can boldly store your fund outside.