Topic: How to Secure Our Wallet to Prevent Being Hacked! (Read 636 times)
I just wanna add one point to this security mechanism for securing the wallets. A chain is as strong as its weakest link and in cyber world this weakest link is human. Trust me nothing can happen to your wallets unless you do something that is prohibited. We are missing one key aspect of hacking here i.e. social engineering. Hackers these days are mixing hacking tools with social engineering for there and I m saying this since it happened with me. Never download a file sent to you by stranger.
Previously im just using with an executable file with the electrum and well its a good thing because before I don't have a hardware wallet most of the people suggest storing your seed phrase into a piece of paper it's an ideal too but its better if we store it with multiple copies and we know the physical texture of the paper so it's better to find some more ideal to write it not easily damage. Now I'm using with a hardware wallet which is more reliable than using a google extension or browser extension this feels make more safe.
Quote from: Charles-Tim link=topic=5333463.msg58553602# msg58553602 date=1638075527
My bad, that is true. The idea of paper wallet is the fact that the private key is not online but offline and is written on a paper. The idea of generating a HD wallet on an airgapped device and having the seed phrase properly backup on paper should truly makes it a paper wallet too, while many addresses can be saved and be used for transaction.
I have my mew wallet created on 2018 and during the time I am using it is that I don't have any problems with. It is true that paper wallet like mew, metamask important files, private key or mnemonic phrase is not stored online though it is generated through the extension or mew website/app online. Didn't try generating offline yet on metamask but on mew tried many times already and works good on website (did not try app offline). 
A paper wallet is whatever you want it to be, you are not forced to print a single private key (WIF) on paper, you can simply generate a mnemonic and write that down on a piece of paper which makes it your HD-paper-wallet so you can generate as many keys as you want.
My bad, that is true. The idea of paper wallet is the fact that the private key is not online but offline and is written on a paper. The idea of generating a HD wallet on an airgapped device and having the seed phrase properly backup on paper should truly makes it a paper wallet too, while many addresses can be saved and be used for transaction. 
Paper wallet only generate one private key, unlike the hardware wallets which are HD wallets generating several keys
A paper wallet is whatever you want it to be, you are not forced to print a single private key (WIF) on paper, you can simply generate a mnemonic and write that down on a piece of paper which makes it your HD-paper-wallet so you can generate as many keys as you want.
If I may add, we should also be very careful to not download a random application even if it's listed on google play, cause it may consist of malware or virus too. Second, many people save their private keys on cellular notes, cloud, or other media. It's still has a chance to be hacked. Third, always double-check some popular websites or sites that are frequently being used like mew, etherscan, other explorers cause some people to try to input phishing links, and sometimes it's difficult to differentiate it. Don't just google it and immediately click the site on the very top, cause it's not always the right one, better to bookmark the real site like you've said.
but still im a traditionalist and i perosnally prefer the paper wallet instead.Its about the trust in breaking in my personal cash space
Why did you prefer paper wallet exactly over hardware wallet? If you know how to operate hardware wallet, it can give convenience while you can still decide to have both. Paper wallet only generate one private key, unlike the hardware wallets which are HD wallets generating several keys and addresses which can also help you in maintaining privacy if other ways to privacy are considered. It is your choice, paper wallet is also safe as the key is also offline. 
If your OS version is not updated with the latest security upgrades, it can be compromised when this is detected by the hacker.
Even if it is updated it could still be compromised, so you shouldn't assume because your up to date in the latest software that you aren't a potential target. Although, what your saying is possible, its much more likely that the hacker will look at the unencrypted information you are entering on the WIFI, and therefore look for passwords, rather than actually compromising your machine itself. Security is important, but we tend to put emphasis on hackers like they are geniuses, when in reality most hackers are using well known exploits, or using someone else's script. There's not too many hackers which are adept enough to code their own sophisticated attacks, especially since their opponent is either Apple, Microsoft or Linux, which constantly monitor the space, and make improvements.
I do not know how true this information is, but any browser hung with various add-ons will always pose a danger to the owner.
Any extension that you have installed which isn't open sourced, and hasn't been verified by either yourself or others has the potential of compromising your data. Therefore, you shouldn't just install any extension, plus personally I don't see the need to install several extensions at a time. Honestly, I could only recommend security/privacy open sourced extensions such as Ublock Origin, potentially a No Script extension if that suits your purposes. We store our valuable cryptocurrencies in various wallets. In this case, it is important to ensure the security of our wallet. I have come up with some points that can help you to secure your wallet:
1. Hardware Wallet
It is better to use hardware wallet because it is more secure than software wallet. Yes, we have to pay for this but if you think about safety of your assets, you'll be ready to buy hardware wallet like Ledger Nano S/ TREZOR.
2. Install/ Download Chrome Extension
We can prevent being hacked if we download and install chrome extension. Mew chrome extension and MetaMask chrome extension are available to install.
3. Bookmark Original Website
We can bookmark all the important/legit websites that we have to access regularly. We can use those bookmarked website safely without input manually.
4. Check Balance
It is not necessary to check our balance everytime by entering our private key. We can easily be able to check our balance and transaction from:
(a) https://etherscan.io/
(b) https://bscscan.com/
(c) https://tronscan.org/
(d) https://www.blockchain.com/explorer
At the time of transaction, we can use our private key. If possible, store private key offline.
5. Don't Trust SSL Only
Just because a website uses an SSL certificate does not mean that the website is completely secure. Buying an SSL certificate is not a complicated matter. We should double check the website before entering private key.
6. Don't Click on Attractive Offers
At the time of browsing, we see many interesting offers that we should not click on because no one will give you free money without doing anything. Sometimes we get such kind of shit offers on gmail/social media. Also, we should more conscious about downloading any app or file.
7. Enable 2FA
It is important to enable 2fa if our wallet serve this feature. We can use google authenticator, mobile number and gmail as 2fa method.
8. Free Wifi
We shouldn't use free wifi at all and by using free wifi, we can lose valuable personal data. Hackers can collect those data for entering your wallet.
Lastly, we should use our brain. Awareness can keep us safe on the internet.
"I might be wrong, please pardon my mistakes."
1. Hardware Wallet
It is better to use hardware wallet because it is more secure than software wallet. Yes, we have to pay for this but if you think about safety of your assets, you'll be ready to buy hardware wallet like Ledger Nano S/ TREZOR.
2. Install/ Download Chrome Extension
We can prevent being hacked if we download and install chrome extension. Mew chrome extension and MetaMask chrome extension are available to install.
3. Bookmark Original Website
We can bookmark all the important/legit websites that we have to access regularly. We can use those bookmarked website safely without input manually.
4. Check Balance
It is not necessary to check our balance everytime by entering our private key. We can easily be able to check our balance and transaction from:
(a) https://etherscan.io/
(b) https://bscscan.com/
(c) https://tronscan.org/
(d) https://www.blockchain.com/explorer
At the time of transaction, we can use our private key. If possible, store private key offline.
5. Don't Trust SSL Only
Just because a website uses an SSL certificate does not mean that the website is completely secure. Buying an SSL certificate is not a complicated matter. We should double check the website before entering private key.
6. Don't Click on Attractive Offers
At the time of browsing, we see many interesting offers that we should not click on because no one will give you free money without doing anything. Sometimes we get such kind of shit offers on gmail/social media. Also, we should more conscious about downloading any app or file.
7. Enable 2FA
It is important to enable 2fa if our wallet serve this feature. We can use google authenticator, mobile number and gmail as 2fa method.
8. Free Wifi
We shouldn't use free wifi at all and by using free wifi, we can lose valuable personal data. Hackers can collect those data for entering your wallet.
Lastly, we should use our brain. Awareness can keep us safe on the internet.
"I might be wrong, please pardon my mistakes."
Thanks for the cautions especially that of not using free WiFi,most times people become too gullible that they jump into any free WiFi they see,not knowing it has some hazardous effects,by giving hackers access into personal and financial information on their phone
I totally disagree with this. Dont install any browser extension. It is not always clear what kind of information it collects. Even if you use browser extensions, go through them and check for old/rarely used and delete them.
When you export your browsers settings, these extensions like to migrate with you. Sometimes old extensions are being sold or bought on purpose by hackers and their code is being modded. Next time when your old "neat old browser theme" asks for update, think twice before you update it. Because behind it you might get a bot, keylogger and other crap.
In addition to the fact that the Chrome browser itself is not completely secure, all its extensions often collect information about users contrary to privacy rules. Recently, there was a story on reddit.com where users complained that an installed Chrome extension was accused of stealing cryptocurrencies.
https://www.reddit.com/r/Metamask/comments/mvtdbe/2_different_friends_have_been_hacked_someone_got/
I do not know how true this information is, but any browser hung with various add-ons will always pose a danger to the owner.
2. Install/ Download Chrome Extension
We can prevent being hacked if we download and install chrome extension. Mew chrome extension and MetaMask chrome extension are available to install.
We can prevent being hacked if we download and install chrome extension. Mew chrome extension and MetaMask chrome extension are available to install.
I totally disagree with this. Dont install any browser extension. It is not always clear what kind of information it collects. Even if you use browser extensions, go through them and check for old/rarely used and delete them.
When you export your browsers settings, these extensions like to migrate with you. Sometimes old extensions are being sold or bought on purpose by hackers and their code is being modded. Next time when your old "neat old browser theme" asks for update, think twice before you update it. Because behind it you might get a bot, keylogger and other crap.
Im confused what that person means here. They say you could enter your btc address to check balance right? The way this person phrased it was like you could enter your wallet seed into it and check it.
Only addresses can be used to check balance, electrum can be used for this ourpose in a way you will import the addreses on electrum, this will sychronize with the blockchain that will result to the balance that will show up. This is more secure because nobody can spend from such wallet which are called watch only wallet but only used to track transactions. But seed phrase can be used to check balance too if it is imported into a bitcoin supported wallet, in this case, someone will be able to spend from the wallet. But this should not make someone confused and input the seed phrase on a site that requested for it, any site that requested for your seed phrase only want to scam you. We can prevent being hacked if we download and install chrome extension. Mew chrome extension and MetaMask chrome extension are available to install.
No. Chrome extensions are why people are getting hacked.It is not necessary to check our balance everytime by entering our private key. We can easily be able to check our balance and transaction from:
(a) https://etherscan.io/
(b) https://bscscan.com/
(c) https://tronscan.org/
(d) https://www.blockchain.com/explorer
At the time of transaction, we can use our private key. If possible, store private key offline.
5. Don't Trust SSL Only
Just because a website uses an SSL certificate does not mean that the website is completely secure. Buying an SSL certificate is not a complicated matter. We should double check the website before entering private key.
Please DO NOT key your private key into any website.(a) https://etherscan.io/
(b) https://bscscan.com/
(c) https://tronscan.org/
(d) https://www.blockchain.com/explorer
At the time of transaction, we can use our private key. If possible, store private key offline.
5. Don't Trust SSL Only
Just because a website uses an SSL certificate does not mean that the website is completely secure. Buying an SSL certificate is not a complicated matter. We should double check the website before entering private key.
Storing your private keys offline doesn't make anything more secure. You'll probably be looking at making an air-gapped wallet in this case.
7. Enable 2FA
It is important to enable 2fa if our wallet serve this feature. We can use google authenticator, mobile number and gmail as 2fa method.
2FA is not perfectly bulletproof against malware attacks. There are many variants of malwares which seeks to exploit the user differently and the most common one is a clipboard malware which your 2FA won't protect unless you double check your transactions.It is important to enable 2fa if our wallet serve this feature. We can use google authenticator, mobile number and gmail as 2fa method.
Im confused what that person means here. They say you could enter your btc address to check balance right? The way this person phrased it was like you could enter your wallet seed into it and check it.
Many blame wallets hacks on the wallet but honestly most times this happens because of mistakes and carelessness on the users, the only crypto wallets that aren't safe are the centralised wallets but others that gives seed or private keys and still got hacked is due to users fault
You are not wrong, many wallet hack is as a result of people themselves which are careless, carelessness is one of the reasons for some of the hack. But having offline wallets still reduced the chances of the carelessness, using mobile or desktop wallet is also still better but yet vulnerable as they are both online wallets. Web wallets are just the most vulnerable, and they are not recommendable in case of safety, it makes people to be more vulnerable to their carelessness. But, yet, people need to be very careful and protect their wallet perfectly. You only need your seed/private key to access your wallet. Any wallet software that has 2FA feature is a custodial wallet which are not safe and you should not use them if you care about the security of your funds. A better alternative for 2FA is to set up a 2of2 multisig wallet and keep each co-signing private key/seed on a different device.
Wack, fully disagree with that. Even inoffensive chrome extension means your private keys are inside browser cashe for some time. This is the additional hole to their security that can be used for sophisticated methods to steal them. Apart of that there are malicious extensions that disguise themselves as true wallets. They are able to inject malicious code and steal sensitive data like passwords. priv keys etc.
[moderator's note: consecutive posts merged]
1. If your wallet is a add-on like metamask make sure you don't use the browser to browse online at all, dedicate the browser for metamask only, in fact I prefer using the mobile app instead
2. Avoid clicking on links either online or through emails
3. Safeguide your recovery seed and private keys, they should never be shared with anyone and make sure you don't store them in places where it's easier to people to reach
2. Avoid clicking on links either online or through emails
3. Safeguide your recovery seed and private keys, they should never be shared with anyone and make sure you don't store them in places where it's easier to people to reach
Many blame wallets hacks on the wallet but honestly most times this happens because of mistakes and carelessness on the users, the only crypto wallets that aren't safe are the centralised wallets but others that gives seed or private keys and still got hacked is due to users fault
Sometimes the storage of the seed or private key is ignored and has no security. this is what will become a gap to be stolen and hacked. Hacking of personal wallets is indeed due to the recklessness of the wallet choosers.Being exposed to phishing is also the reason why personal wallets are hacked. Because the phishing page will ask to enter a private key. this needs to be paid attention to, make sure the page used is a genuine page and not phishing.
Like the metamask extension wallet, from the past until now there are fake extensions created by scammers. Make sure everything is original and you should pay attention to it.
It is very important to protect our wallets from hacking, by choosing strong passwords, activating more than one protection method to enter the wallet, such as a PIN code and fingerprint, and to avoid sending our private keys to any unknown person or website.
If you have no other option but to connect to a public WIFI, then at least connect to it with a reliable and secure VPN.
Even then, there's a small chance that you could be compromised since you have to connect to the internet before you connect to the wifi. If you can, its better to use a cellular data connection, connect to the VPN, and then connect to the free wifi. Cellular data connections are secured differently, and generally are more secure than wifi connections, which see a lot of traffic throughout the day. Jump to: