For consumers and crypto buyers, the crypto-jungle is a real mess as far as security is concerned. If you have ever threaded the waters of any crypto service you will have to go through a tedious security on-boarding which includes complex and long phrases and codes to remember or store securely somewhere (whatever this means). Yes, you are in control of your own assets but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed — without knowing. I am always amazed to see around me how many people, even tech savvy ones, don’t take basic security measures. You are at risk, even with a super secure Hardware Wallet, which is supposed to the the gold standard for security today. Indeed most issues happen in the “points of connection” with your wallet, not with the wallet itself. What is at risk is not necessarily your set up but your attention. Here are a few tricks that hackers like to use to steal your private keys (the information required to steal your cryptos) or even trick you in wiring coins/tokens to the wrong destination. it’s dangerous out there. Attacks from all over. : you see an address you want to send some bitcoins to. You copy/paste this address into your wallet. Except there are things like that will replace the address you just copied with another that has nothing to do with the original. It would work to with any type of passwords including copying you master pass for your password manager (eg last pass) 1.Copy Paste CryptoShuffler , a small program, : Painful but verify the address after you pasted it. Use the QR code if you know how to. Tip Don’t install funky soft, or apps you’re not sure of. Run regularly an anti Malware on your computer (Bitdefender, MalwareByte) to clean your computer Tip #2: use an instead of a prone-to-error impossible-to-verify address. Some are cheap to buy, Some are not. But this is peace of mind. Pro-tip 2: official ENS (more on this below) Hackers can publish to buy assets on a crypto-exchange (eg Poloniex) but you re trading nowhere…you just sending money to a dummy hacker account. 2. Hacked mobile Apps: real fake trading apps More generally Android is really prone to hack (more than iOS). you need to be careful on what you install and make sure to regularly clean your device of any junk. Don’t get too fancy here. it’s obvious (but not for all), you need to protect your device with a PIN, Touch ID and/or FaceID, add add 2 factor authentication to any app you have that offer that, and avoid downloading junk. Tips: Bots on slack . They will reach out warning about a security alert on your wallet (which of course does not exist) and they will link you to a URL where they will ask you your private key. Don’t touch 3.Slack Hacking bots: are a plague : ignore bots on Slack. Report them when they contact you. Also use to protect your slack channels Tip Metacert Some are claiming they will improve your user experience on trading sites. Except they may read at the same time all your typing there. Stick with the ugly user experience, you’ll be safer. 4. Browser extensions extensions do NOT download any crypto extensions. Browser in “Private mode” where usually extensions are disabled. Or use a fresh browser only for this. You can take a look at Brave which is a Blockchain native browser with built-in wallet Tip: you start to type the URL of a website, then your URL bar has been hacked by another close URL pointing to a very similar website with the same exact look and feel and logo. Careful. 5.Clone Websites: Cryptonite Chrome extension > look for the https certificate + use Cryptonite / extension that can highlight fake URLS Tip Chrome Firefox It’s a technic. You’re searching for your favorite (or not) crypto sites on Google but hackers will squat the top paid results (or organic) with similar URLs (including a small change) and will trick you in going to their site instead. 6.Fake Google Ads/SEO: known fake URL in Google ads Tip> read carefully the URL after the click : Careful there, only follow verified accounts or simply click on the social links from the official websites of the service you want to follow. even Twitter/Facebook recommendation algorithms which could push new fake accounts. 7.Fake Social accounts Don’t trust any other source 8.Mobile SMS 2FA This is a widely known issue. Services will ask your mobile phone number to register or activate 2FA (two factor security), but, especially in the USA, some hackers are support team and getting your credentials and from there getting access to any account linked to your mobile phone. very talented at fooling mobile operators : ask your operator how your phone is protected tip never EVER use any service that requires your phone number and never set 2FA with SMS (use a software solution instead) tip#2: 9.Email Phishing You get an email from a service you know, . They will use the exact same format, template, design. Many times the service does not even have your email, but it does not matter, you will not remember. Remember, don’t click blindly except this is not from them fake pay attention to the link you click on, watch them in the browser link section. If it looks weird, get out. tip: 10.Wifi hacking You may have seen the news but WPA, the security protocol for most wifi routers used has been compromised. With that anyone can see all the data that goes through your wifi network. Similar issues happen in public Wifi (eg airport wifi). “krack attack” : fix your router, check for updates and never trade in public wifi areas (at least not without a secure VPN) tip Bonus 1 : Fake ENS ENS is the equivalent of emails/DNS for a wallet address (a long post on the topic will come soon). Many good ICOs have used it instead of a prone-to-error address. It is something like . But some hackers will make it look like they own the original ENS with a close name ( thisICO.eth instead of thatICO.eth). whatever.eth will post fake ENS on forums : make sure to reference only to the ENS provided by the company and double check it before Tip if you set an ICO, get your ENS for yourself (including typos), even if you don’t plan to use it Pro tip: Bonus 2: Free Airdrops Airdrops is the random distribution of free tokens to reward existing token holders or to engage more users in a bootstrapped crypto-service. this sounds great. You open your wallet. Surprise! Free tokens. will claim there is an airdrop when there is not. Some will provide actual tokens to get you to register to their scammy site and get your private information. Be very careful Some Only one tip to summarize all this: BE extra careful ps: did i miss anything? please comment/complete/correct if you know of any other trick?
