Pages:
Author

Topic: Must Read by Everyone - Securing your Crypto 2018 - page 2. (Read 356 times)

full member
Activity: 448
Merit: 100
The most important aspect as you say safety , you're right . Now a great many scams . Everyone is trying to cheat and steal our money
jr. member
Activity: 32
Merit: 4
Crypto Investing Made Easy
A WHOLE BUNCH of great advice here on security for crypto! So many people get taken by scams and easily avoidable situations. If they just had some of this knowledge they would probably fair a bit better. We have been working on our Totle platform to help with this as well so people can invest safely and securely no matter who they are!
full member
Activity: 476
Merit: 100
Thanks for the write up on security of our wallets. I  have picked some points that i was not observing before now. We keep trying to safe guard our wallets
all the time.
jr. member
Activity: 70
Merit: 1
Good post, security is key be smart people...
full member
Activity: 266
Merit: 105
I've been doing this for years, but I still catch myself leaving some security vulnerabilities to my wallets and email addresses. You would probably think your security is adequate, it's not. Hackers and thieves always find a way to fool even the veterans. Let me tell you if you've been in this space for long enough, you probably had been hacked once or twice before. Hackers are getting very imaginative every year since because the booty they get from a successful hack is very enormous.

Wallet security

  • RE: Online wallet tools/services - NEVER EVER SHARE YOUR PRIVATE KEYS ONLINE - don't even upload your keystore and password.

    You might think the site is well-known and trusted like myetherwallet.com (MEW), but their DNS can be hijacked and you can be re-directed to a fake MEW. Once you send your private keys or passphrase, you gave away your wallet access. Etherdelta was a victim of this and thousands of ETH were stolen from Etherdelta traders. Because you can upload your private keys to trade with the Etherdelta smart contracts. Of course, there are also many straight-up imposter sites where the would-be thieves will send you a phishing email and saying you have to click this link to go to their site. Your private keys should never be online as much as possible.

    a. For Bitcoin: all you have to do is to generate a transaction and sign it with your private key offline. And then you can broadcast the signed transaction (TX) anywhere online that offers a broadcast service or push transaction.

    b. For Ethereum and ETH tokens, a service like Metamask keeps your wallet encrypted in the browser, you can use it directly to send ETH or for tokens you can use it in tandem with MEW. It does not share private keys, only signed transactions.

    c. For other types of blockchain, I'm sure there could one or two that provides signed TX broadcasting and propagation. If not, download your own wallet - better be safe than sorry.
  • Online Seed Generation - Those online bitcoin/crypto seed generation or address generators - Don't use them online!!!

    The site owner of the service you are using can record your seed/address generation and store your private keys. It has happened to new IOTA wallets from certain online services. The best practice here is to turn off your internet access when you generate.
  • Always encrypt your local wallets. Don't assume it hasn't happened to you, it won't happen to you. And if someone was able to install backdoors to your machine, it's going to be an expensive lesson. Frankly, your personal laptop is the least secure place to store your private keys since you're not a security expert and other people might use your machine too.

    Personally I prefer paper wallets. I don't mind the extra hassle as long as its highly secure. Anyway, there are number of ways to encrypt your private keys. Most wallets provide encryption. I'm so paranoid. I even encrypted my paper wallets with PGP encryption.

Exchange account security

  • Put 2FA on all of them exchanges! - As we become much wired than before, Username/email address/passwords combo are easily hacked nowadays. Especially if you're still using the same email address and username from the year 2005. There is a combo list out in the internet with your username and password hacked from sites you long forgotten.
  • Never use the same email address and password for all exchanges and crypto-related sites such as this forum.
  • If you use Gmail or your email provider provides 2FA, enable email 2FA. This is the last piece of the puzzle for hackers, after gaining access to your exchange account, they will need access to your email too.
  • And lastly, never put all your coins in exchanges!  I don't have to tell you the number of exchange hacks that has happended throughout the history of crypto. You're not the exception, if you're in crypto for a long time, you will be targeted, directly or directly.

Good luck!

Update:

For Chrome, install Cryptonite by MetaCert https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnige

The service verifies the correct DNS entries for many crypto-related sites. It will warn you if the site you are on is a phishing site.
Pages:
Jump to: