The ultimate security guide for cryptocurrency investors

The biggest challenge in protecting your cryptocurrency is to consider the various attack vectors and layers of protection necessary to truly ensure the safety of your funds.

Coinworld-the ultimate security guide for cryptocurrency investors

With the popularity of cryptocurrency, the level of activity of cybercriminals seeking to steal cryptocurrency in any possible way is also increasing. They launch phishing attacks, find vulnerabilities in the source code, or pretend to be people working for the company to obtain confidential user information. , Such as private keys, passwords, seed phrases, etc.

The biggest challenge in protecting your cryptocurrency is to consider the various attack vectors and layers of protection necessary to truly ensure the safety of your funds. When protecting cryptocurrency funds, three main layers of security need to be considered:

  • Network: Is your private key encryption safe? Is the blockchain safe from cyber attacks (such as 51% attacks)?
  • Application: Does a third party (exchange or application) control your cryptocurrency? How do they store funds? How to ensure your account login security?
  • Real world: Are you vulnerable to offline attacks? Is your computer/device secure and encrypted? Is your mobile phone/2FA account safe? If you died, did you provide recovery instructions to the beneficiary?

Solving all these issues can be very challenging, but the good news is that there are more and more practices and tools designed to help users protect their cryptocurrencies. Every user should be familiar with two key practices: self storage and refrigeration.

As a cryptocurrency holder and investor, ensuring the security of your cryptocurrency is everything you should care about and your main job. If you understand the risks and learn how to control them, you will succeed. Protecting your cryptocurrency is not complicated, but you need to understand how crypto wallets work and how to use them to store your assets. In short, when you own cryptocurrency, what you really have is the private key associated with your cryptocurrency on the blockchain.

Being sloppy about passwords or sensitive information may allow you to be hacked or become another victim of phishing. Most people who lost their cryptocurrency shared/exposed their private key (which is something that should never be done), or if they keep the cryptocurrency in an exchange, they use the same password on too many accounts, and Maybe they did not enable 2FA.

What should you do? Let’s take it step by step:

e-mail:

  • Email provider: use any reputable email provider that provides 2FA (such as gmail, outlook, protonmail)
  • Two-factor authentication (2FA): This is probably the most important thing. It is important to activate 2FA on your email account so that no one can access 2FA even if they know your password.
  • The ideal approach is to create an email dedicated to cryptocurrency, instead of using regular emails, your registered website may leak your data.
  • Watch out for phishing emails. The attacker prayed with your emotions. You started to go crazy when you saw this email and clicked on the link without even thinking about it.

Step 1) Keep calm before analyzing the email. Do not click any links in the email. Open the browser often and enter the official website yourself.

Step 2) Check the sender and mail. Attackers will also try to imitate emails that are similar to legitimate emails.

Step 3) Check the language. In most cases, phishing emails are rushed and full of spelling errors.

Email tips:

  • Don’t trust email links.
  • Double check the address bar of the login page.
  • Many crypto exchanges allow the use of anti-phishing banners, which display the email code you set
  • You can check haveibeenpwned.com to see what data breaches have affected your email. If your email appears and the password is also listed on the leaked data, it will be even worse, change the password, no longer use it, and other accounts that use the password.

Password/PIN:

  • Don’t use the same password everywhere.
  • Use strong security passwords. The password manager makes these easy to manage and generate passwords. This includes your phone and 2FA application. If your phone has a weak password and someone takes it, please remember your 2FA application and then it is available (if the same password, or no password/PIN settings), you Your email will be automatically logged in (the same other account is automatically logged in), and they can access all content.
  • Password managers: They have wonderful effects when managing passwords securely. They generate random strong passwords that can be adjusted, and all passwords are stored in an encrypted database file, so even if an attacker can access it, they will not be able to access it without a password.
  • Do not save the password in the browser. Some vulnerabilities, bugs and problems appeared on the browser.

Famous password manager:

KeePass

BitWarden

LastPass

1Password

Two-factor authentication (2 FA):

  • Enable 2FA (email, exchanges, social media and all accounts or applications with sensitive information) wherever possible.
  • Do not use SMS authentication. Always use 2FA applications such as Google authentication (SMS disabled). The SIM swap attack is a very common attack method, which is vulnerable to attacks.
  • Backup codes: When you activate 2FA on any account, you should have the ability to generate backup codes. These are used when you lose access to your phone or verify the app (accidentally delete it or anything). These serve as your encrypted private key/recovery phrase. This is the only way to get them back.
  • Don’t take photos of your QR code. If you take a screenshot, it may be synced to a place you don’t want. If it is damaged, they have the ability to continue to receive your 2FA code.
  • Do not use your work or school email address to register your 2FA application or any encryption service. If you cannot access the email, then all accounts are considered invalid, because if you change your device, you will not be able to access the password.

Crypto wallet

  • Do not store your cryptocurrency in the exchange, especially a large amount of cryptocurrency. Always have your own key and become your own bank. Hardware wallets are the safest wallets.
  • Cold wallets (hardware wallets) are always more secure than hot wallets because they are not connected to the Internet.
  • Verify that you are confirming the details of your hardware wallet device. The wallet application and the cold wallet interaction device may be damaged (especially if you have not updated to the latest version of the firmware), but you will still be safe to use it, as long as you confirm each mobile device on the cold wallet and refuse the transaction If there is any abnormality. There is a known malware that replaces encrypted addresses with one address owned by others. Before sending a transaction, be sure to check whether the receiving address is correct.

Private key-the most important thing

  • Always write your private key on paper or/and physical objects, prepare multiple copies, and keep them in different secure locations. There are also fireproof and waterproof devices, capsules, and safes to protect your private keys. Another good solution is Safe Haven’s Inheriti.com, which is the first and only decentralized inheritance and backup platform.
  • Do not write or save them online or on mobile phones, PCs or cloud devices.
  • The private key should always be kept private, only you know it. Never share them with anyone or enter them on any website that promises to give away.

Browser:

  • The top three browsers in terms of privacy protection are Firefox, Epic and Brave.
  • The best privacy search engine is DuckDuckGo.
  • Expansion: One of the most dangerous threats is expansion. These can start legally and then become malicious through updates. Especially if you use an online/browser wallet like metamask and copy and paste your text or anything similar, the extension can steal your copied data. Turning malicious in an extension may be removed from the website store, but not your browser. If you have Google Sync activated, these extensions will also be synced to all these devices. Delete unnecessary extensions to see if they are still available in the store, or even search for them to see if there are security articles about it. Check the extended privacy practices tab to see what data it collects.

phone:

  •  Please always update your phone every time an update is available.
  • Never store important and sensitive data on your phone.
  •  The unique PIN/password of the phone.
  •  Pay attention to what you click and download.
  • Avoid using apps that you don’t need or may be dangerous.
  • Pay attention to the wifi you are connecting to.
  • Watch out for phishing.
  • Call your service provider to see if they can lock your SIM card and prevent SIM replacement.

Other general safety tips:

  • Strengthen your personal computer (this guide is for Windows 10, but can also be translated into other operating systems) Update the operating system and any software, as long as there are updates available. Everything you download is a vector of attack.
  • Whitelisted addresses on the exchange (some exchanges allow you to designate an address as “safe” for any other transactions, except those that will not pass).
  • Do not publicly disclose your cryptocurrency assets and earnings online.
  • Do not access your cryptocurrency (exchange or online wallet) on a computer that is not yours and may not be trusted.

In the crypto world, real hacker attacks are very rare, and the most common ways to steal cryptocurrency are phishing and fraud. Usually, users themselves provide private information without suspicion that an intruder appears in front of them. For example, you cannot “crack” a cold wallet unless you handed over your private key and became a victim of a phishing scam, or you saved your private key online and the hacker stole your information.

Security is not a chore, but an opportunity. We often find that good security measures are a burden, but a better mindset is that you see security as an opportunity to bring yourself a calm mindset in an uncertain and turbulent world. Whatever you choose, critically consider the threats you face and make sure that you are not the cause of the sudden disappearance of cryptocurrencies. be careful.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/the-ultimate-security-guide-for-cryptocurrency-investors/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-07-12 13:40
Next 2021-07-12 13:42

Related articles