As more and more newbies jump into the field for the first time ever, I wanted to share some security tips outside the typical “not your keys, not your wallet”
There are multiple ways that your credentials, and therefore your crypto, might be compromised. With these simple tips, you are much less likely to get hit by hackers.
Enter your email and see what data breaches your email(s) have been a part of. I recently helped a fellow Reddit user who said his account was hacked, turns out he was part of a breach where a crypto site was hacked and his password was exposed, he reused this password on another crypto site that the attacker crossed referenced with his email/pass from the other site and didn’t have 2FA activated.
With that don’t reuse passwords, and use auto-generated passwords / store them in an encrypted password manager (I use KeePass)
2.) Every single program/software is essentially an attack vector
Keep your OS updated, keep your software updated, and uninstall ANYTHING you don’t use anymore. Just look up the SolarWinds hack and see how supply chain attacks work.
3.) Don’t download random stuff from this site or any other (especially suspicious ones)
If you must, check the hash of the software. This can be done using “Certutil -hashfile ‘filename’ sha256” in the windows cmd (Linux you can use “sha256sum ‘filename’”) you can then enter the hash into VirusTotal.com to see if it comes back malicious.
4.) Keeping your seed phrase safe
I personally store it in a KeePass database file (encrypted) then put that file on 2 USB drives and store it in 2 different secure locations.
5.) Typical advice: Don’t engage too much
Reddit messages, don’t disclose your portfolio, cold wallets, and activate 2FA on your Reddit account to keep your moons safe. Be careful about discord conversations, never tell too much if you don’t need to or have no reason to do so.
6.) Don’t trust email links
I’ve actually worked with the owner of haveibeenpwned owned on a “breach” once. I found over 12K emails that were entered into phishing sites, and reported them to him. Always go to the site directly through the URL address (and double-check it).
7.) One of the most important ones, chrome extensions
These can have keyloggers, take screenshots, and track you. It might not be malicious when you downloaded it, but attackers generally update them with malicious code with those capabilities or aren’t updated at all which leads to potential unfixed vulnerabilities. Double-check the ones you have installed, and remove any you don’t need.
8.) VPN / Browser,
Use a VPN with a no-log policy to encrypt your network traffic. I personally use ProtonVPN and it’s worth the few bucks a month for a paid version, brave also allows you to use TOR in the browser. Another option is hardening Firefox to use as a browser if brave doesn’t suit your needs which a guide can be found here.