Pages:
Author

Topic: Be careful with security! I learned my lesson. (Read 727 times)

hero member
Activity: 2954
Merit: 796
November 26, 2019, 06:58:10 AM
#42
It is a reality that our funds in online wallet is not safe, the hackers and scammers are becoming more intelligence and skillful than before and it can break the security that we have nowadays. I still also prefer to store my cryptocurrencies in hardware wallet for me to ensure the safety of my fund.
Hardware wallet should be have by every crypto users, we should invest in having hardware wallet for our security if we wanted to last long in crypto as hackers scammers were attacking every crypto users that's why need to secure our wallets, don't dare to put too much amount in one exchange or wallet that are accessible online as hackers have their own ways on attacking.
sr. member
Activity: 952
Merit: 274
It is a reality that our funds in online wallet is not safe, the hackers and scammers are becoming more intelligence and skillful than before and it can break the security that we have nowadays. I still also prefer to store my cryptocurrencies in hardware wallet for me to ensure the safety of my fund.
legendary
Activity: 1904
Merit: 1074
So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.

You already made one mistake by storing your Crypto information online and you are about to make a second mistake by following your own

advice, namely : "Write down on paper secret codes & keys." Just remember one thing, paper is a very vulnerable material and it can get damaged

by water, direct sunlight and even someone cleaning the house and throwing it away by accident. If you have to write or print it, make sure you

laminate it and store it away from direct sunlight. Also make sure you have duplicate copies and it is stored in 2 or more separate locations for

some redundancy.  Shocked
jr. member
Activity: 175
Merit: 1
Great tips and thank you for that. I totally agree that storing your funds in the hardware wallet is the best way. Cold storage only. Moreover, it's good to take care which cryptocurrency exchange do you use and how safe it is. Use only a reliable ones, like for example Kraken, CoinDeal or KuCoin.
legendary
Activity: 2296
Merit: 1014
Don't use sim verification ever it's pointless there are multiple ways to break it.
I wouldn't advise that. I would advise to use all security possibilities there is. If SMS verification can be "hacked", so be it, but its a one more barrier that must be defeated before your funds will be endangered.
Many times news writers give some of defenses to public knowledge to let hackers try other defenses of theirs. Always they end up with many problems/got hacked coz they wanted it, lowered defenses on purpose.
member
Activity: 375
Merit: 10
Really sad story and I hope that it wasn`t your last money. I have similar case when I was keeping my private key in Word file (yeah, I`m fool) and then someone hacked my computer, because I downloaded untrusted app. Fortunately, I didn`t keep a lot of money on that wallet and I lost not much money, but since that I`ve been keeping everything on paper in secret place)

I suppose that many newbies are careless so we need to make treads like this to teach them how to keep money safely
sr. member
Activity: 1022
Merit: 280
So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.

Even with the 2fa SMS or Google Authentication, you need to enforce some of your own precautionary measures.

1- Keep a separate email for exchanges / online crypto wallets and never display that email on social media etc so no one will know that email belongs to a person who holds the crypto.

2- Writing down secret keys on a paper is also risky, even if you do ,then make them duplicate and also do not write the code in a sequence.

3- Keep the backup codes for 2fa in a separate place because you do not want yourself to be locked out if you ever lost your 2fa device.
sr. member
Activity: 896
Merit: 267
★Bitvest.io★ Play Plinko or Invest!
i have seen many threads about hacking and precaution stuff  , 20 k is lot of money and pains to be losing
spending some money and buying a hardware wallet is better then losing money and regret after , i have separate notebook to have all private keys written

i would say you lost a lot of money to learn this lesson

In OP's case, it really doesn't matter what wallet he's using. Even if OP's using the most ultra securest hardware wallet in the history of mankind, it still wouldn't really matter if the mnemonic seed was written down or stored somewhere not-so-secure and easily-accessible-for-hackers as an email account.

When we are online we should always keep in mind that we are public and we are connected to every people around the world so every information we have stored online isn't 100% safe so it is really true that no matter how secured your wallet is if the key into it is stored and placed somewhere isn't secured then your like giving away money to hackers.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
i have seen many threads about hacking and precaution stuff  , 20 k is lot of money and pains to be losing
spending some money and buying a hardware wallet is better then losing money and regret after , i have separate notebook to have all private keys written

i would say you lost a lot of money to learn this lesson

In OP's case, it really doesn't matter what wallet he's using. Even if OP's using the most ultra securest hardware wallet in the history of mankind, it still wouldn't really matter if the mnemonic seed was written down or stored somewhere not-so-secure and easily-accessible-for-hackers as an email account.
sr. member
Activity: 756
Merit: 268
So weeks ago I lost over 20k USD in Crypto.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.

If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.

Again be very careful with security, If you keep anything online then you're putting yourself at risk.
It should be one of your main priority as you enter investment in crypto. All of the things you are working hard for will go to waste if you are going to be careless with your security. There are a lot of stories here already narrating how they ended up loosing all the money they have as they avoided paying attention on the safety of their keys. If you know you are having a hard time on being a responsible investor, you should avoid storing large amount of money in your hardware wallet to avoid massive loss of money and regrets.
sr. member
Activity: 714
Merit: 251
Err. We literally had the past few years flooded with news of funds getting stolen due to carelessness of the holders. Not sure how this is still happening knowing that you're on Bitcointalk, which is pretty up to date with hackings and breaches. A lot of people have been very very very vocal about security.

Oh well, painful mistake for you I guess. Look at the bright side. While 20k is a good amount of money, better learn a hard lesson losing the $20k rather than learning your lesson when you already have like $100k+ or more. Best of luck moving forward.
i have seen many threads about hacking and precaution stuff  , 20 k is lot of money and pains to be losing
spending some money and buying a hardware wallet is better then losing money and regret after , i have separate notebook to have all private keys written

i would say you lost a lot of money to learn this lesson
sr. member
Activity: 1078
Merit: 310
I actually removed my phone number from all my Google accounts, because it seems to be much more of a vulnerability than a security or safety measure these days. It's just ridiculous how easy it is to steal someone's phone number.
I think this is a good information to boost our security and now I have plans to do the same in the upcoming days since it makes sense that I think it could significantly lessen any attack vector that the attackers would use to do a security breach on our systems.

Instead of using Google's 2FA app, you might want to check Aegis authenticator instead though. I made a quick topic about it here: https://bitcointalksearch.org/topic/aegis-authenticator-a-decent-alternative-to-google-authenticator-and-authy-5192978
Thanks for this tip. I think this app is a great alternative to Google's Authenticator and Authy and I find it having a good balance between security and functionality. Will try this asap. Smiley
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
It sure is really surprising. Not saying that high rank & early registration date = smart, but you'd really expect a bit more security awareness from someone who's been in the forum for some time already. My guess that in the case of OP, it's more of the "ehh, no ones going to hack me" reasons. Because hot damn storing very very sensitive information on an email account is a very very very novice move.

I don't consider myself to be a great security/crypto expert, but over the years of using the internet/computer and by reading/posting on this forum I have learned a lot of good and useful things, I try to apply them in the best way possible. I'm not surprised when things like this happen to a beginner, but experienced members should not allow themselves something like this.

I always consider myself a potential target, by those I know and by strangers lurking across the internet. They're always looking for ways to get their hands our coins, and those who are not constantly alert will remain short-sleeved sooner or later.
jr. member
Activity: 30
Merit: 1
Damn, feel sorry for you. Storing any important data online is very risky. However there are opportunities to recover stolen funds by some companies. The key is to find reliable one like Coinfirm, they handles strictly with reclaiming stolen cryptocurrencies by wallet verification and are working on a new blockchain system for PKO Bank Polski- one of the biggest banks in Eastern Europe.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
Another way of getting bypass 2FA is SIM swap this will work only is the actual owner of that number lost access to it or lost mobile, so scammer doesn't need physical access to the mobile.

Not actually. It can work even if the owner of the mobile number still has access to his/her mobile number. The hacker can still gain access if the hacker did his/her social engineering well enough to convince the customer service representative of the telecommunications company that the victim is registered on. People are honestly underestimating this attack.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
If it is not a case of phishing email than what could be other ways except a known person?
Another way of getting bypass 2FA is SIM swap this will work only is the actual owner of that number lost access to it or lost mobile, so scammer doesn't need physical access to the mobile.
sr. member
Activity: 939
Merit: 256
I am sorry for your loss. We should not rely on a certain type of security, it is best to divide the account into different parts and keep it separate in many places. I never leave the private key and password in one place, the private key and the password are always shared in many places. Besides, the private key of the most wealthy wallet was written down 2 pieces of paper and stored in the most reliable places.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
Is this for real? I'm very sorry to hear that. I just can't believe that this could be possible. How come hackers now can even crack the sim verification on OUR phone well its on our possession unless it got stolen or lost and found by someone who good in hacking.

I appreciate that you share youre experience about that. Many will know that this incident could happened. So I must disconnect all phone attachment on my email just to be safe. I'm disappointed how hackers evolve fast also on doing this kind of stealing.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
I use Google 2FA app for all my important accounts, and I hope there's no vulnerabilities in it that can allow attackers to bypass it like the do with phones.

Great move from disconnecting your mobile numbers to your Google account. Instead of using Google's 2FA app, you might want to check Aegis authenticator instead though. I made a quick topic about it here: https://bitcointalksearch.org/topic/aegis-authenticator-a-decent-alternative-to-google-authenticator-and-authy-5192978
hero member
Activity: 2366
Merit: 838
So weeks ago I lost over 20k USD in Crypto.
I deeply regret for your big loss.
Quote
I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.
Can you tell us where you store your data, please? Did you store them online, on Cloud-storage services, ie.?
Quote
If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.

Write down on paper secret codes & keys.

Use different passwords.
Using throw-away emails for new services when you want to try them.
Using different emails and different passwords for different services.
Don't store all your money on one account, on one service/exchange/ wallet. Decentralize your funds over wallets/services/ exchanges.

Above all, security is most important and "Prevention is always better than cure".
Pages:
Jump to: