To ensure the security of your coins and tokens, I have created the best-practices guideline (if properly implemented) will minimize your vulnerability footprint.
1. Do not invest more than you’re willing to lose.
2. Do not keep coins on exchanges unless you are actively trading them
3. Do not keep coins or wallets on any mobile devices as they are easily hacked
4. Do not access your wallets, coins or bank accounts on any Public network (Too many man-in-the-middle attacks)
5. Use a VPN service (Top 2 = PIA VPN and TorGuard)
4. Avoid keeping coins or paper wallets on computers as they could also be compromised via various exploits (Please view Example #1 regarding wallet obfuscation)
a. Recent Meltdown & Spectre Intel vulnerability means 98% of ALL computers/ servers are vulnerable.
5. When creating a paper wallet make sure you only use the following sites below or a site you are 100% certain is legitimate (too many phishing sites out there)
a.
https://www.myetherwallet.com/#view-wallet-infob.
https://www.bitaddress.org c.
https://bitcoinpaperwallet.com/i. Make sure you bookmark trusted sites / do not continuously “Google” for wallets as you could be going to a scam site
ii. When you are on a “trusted” site make sure not only to look for the green [SSL] padlock in your browser, but make sure that you click on the padlock and view information regarding the security certificate and who the issuing authority is.
6. Paper Wallets are “burn-n-turn”. Once you have unlocked it for any type of transfer (i.e. transferring to app or digital wallet) make sure NEVER re-use it.
7. Be wary of coin forks as in some cases (i.e. Bitcoin Gold) a user can withdraw all of your coins using a replay attack.
a. To retrieve coins from a forked wallet, move all funds to a new paper wallet. Use the “old” wallet to try to retrieve the new forked coins, thereby preventing any replay attacks as your coins are in a new wallet.
8. When sending coins, quadruple check the address (even if you copy and paste). You can’t imagine the millions of dollars of locked-up coins because someone sent funds to either a wrong address, or sent Bitcoin coins to a Bitcoin Cash wallet. Remember, once it is sent there is absolutely no way to retrieve it.
9. Do not disclose to online how much coins you have. People are murdered for few dollars alone. If you have a sizeable amount, it might be worth the risk for a criminal.
10. Make sure to have multiple backups of your private keys. At least 3 on-site and one off-site in case of a fire or theft
a. Might be a good idea to create a PGP public/private key pair and then encrypt your private key and email yourself as an alternative backup.
11. Educate your significant other on how to retrieve the coins in the unlikely event of your death (maybe give your significant other 1/3 of the private key, your attorney another 1/3 and a trusted 3rd party another 3rd) just a suggestion…
12. Create 2 wallets for each coin in case you are forced to give up a private key under duress.
a. Example you have a total of 10 BTC
i. Keep 1 BTC on one wallet
ii. The other 9 on another
iii. If you are forced to reveal your private key, you would give up the wallet with the least amount.
13. When printing out your wallet (or storing it on your computer) make sure to obfuscate the private key and delete the QR Code of the private key. Below are the steps I would take if I owned Bitcoin as an example.
-------------------------------------------------------------
Example of Obfuscation:
1. Think of word that is very memorable to you. In this example I will use the word Bobby (We will call this my secret key)
2. I would go to
https://www.bitaddress.org a. Follow steps to generate address
3. This example the bitcoin address created is:
a. 14V1pAf2XLPu5K1gvKn3Q6DLcANLguuSxe
4. Corresponding bitcoin private key is:
a. L4S2Gn9vqk2d9F7B7utirKKcwrs6ev2RbFNZbgH1EXgFZyfxpzmN
Unfortunately, there are no letters or numbers that correspond to my secret key. I would then continuously click on the “Generate New Address” button on the top left to generate new keys until I found a Private key that includes my secret key (Bobby)
This may take lots of attempts, but I found one close in this particular example.
Public Address: 1AmCCwwdZrbD18RguxPSykZNFSC2CpBbqL
Private Key: L41RdYAS53
B6s2cSadhKED
oBhK2P2SeDFF4fx
bbAanz4C4VoX51
iYou would then replace the letters B-o-b-b-i with asterisks like this below:
O-Private Key: L41RdYAS53*6s2cSadhKED*BhK2P2SeDFF4fx**Aanz4C4VoX51*
Finally, you would add some additional characters and words to the beginning (possible middle) and end to make sure you secure your keys substantially. (make sure to complete this next step as it would NOT be difficult to brute force the original private key if it is missing only a few letters)
Final Key: Exam*L41RdYAS53*6s2cSadhKED*BhK2P2SeDFF4fx**Aanz4C4VoX51*Test*
Using the Final Key as an example, it would be very difficult to brute force this as the attacker would not know where the start or ending would be not to mention the extra asterisks. Obviously the “Exam*” in the beginning and “Test*” is just so you see what I am doing. In reality you would make sure it would be more complex.
At the end of the day, you are the protector of you wallet. If you are a victim of a phishing site or don’t regard security highly you are making yourself a more enticing target. The responsible actions you take will help protect you in the dangerous crypto world.. Where millions of dollars are made every day and millions are stolen every day.
This material is copyrighted by me (mhamidi) and you are not allowed to repost or quote without providing the full text.Mo Crypto from AE is allowed to use this to his heart’s content.