Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Would Stay Extra Vigilant Over the Holidays…

Would Stay Extra Vigilant Over the Holidays…

Officer's BlogOfficer's Blog2023/12/24 07:15
By:Officer's Blog

A few people I know were recently attacked lost their crypto assets, I can’t disclose the details publicly but what they had in common was that their seed phrases were  generated  3–4 years ago, they were all 12 words!

To add, all of the victims were using Windows and were mostly from Asian countries.

The  advice  so far is: Be careful when using Windows, use VM! Or install Linux. Generate a 24 word phrase in a safe way (I’m not sure about this tip, it’s just a little advice based on some concerns). Don’t rely on online Bip32/Bip39 wallet generators.

Who knows, maybe hackers can hack into your  headphones  and hear your  keystrokes ?.. Install an antivirus, —  Malwarebytes  is a good one. Comodo is also reliable enough.

If needed, use  web3_antivirus  dashboard or  RevokeCash  /  @cointool  for an on-chain defense! The trust model around tips above isn’t as weak as you may seem to imply when the right countermeasures are in place:

  • Encrypt the system with VeraCrypt (on a MacOS — FileVault);

  • Install an VPN. Check out  mullvadnet  oVPN or rent a VPN + run it through Outline app;

  • Tend to use a multi-sig solution — can be via either  safe  or  smoldapp  combined with a  delegatedotxyz  tool which is in turn compatible with  AirGap_it  ;

  • Set up alerts either via  AMLBotHQ  or  TenderlyApp  or  FortaNetwork  , as an alternative opinion you may choose  sadspotter ;

  • Install 2FA on everything you can. Forbid password reset in mail, and on all accounts (Google, Proton, X, etc.). Always hide mail under an alias;

  • Generate phrases and keys in core client or node.  Then  import them into hot wallets.  Beware  of  vanity -based attacks;

  • Set up an address book in the wallet — and enter (whitelist) your addresses. At the same time, don’t forget to check and verify them in the settings sometimes;

  • If you have to deal with a potentially  infected  PDF file — ask to download it in  preview  mode in advance (Google drive) or use  anyrun_app  or  dangerzone.rocks . Alternatively, work with VM/Sandbox. You can use VM from VMWare and sandbox from Sandboxie;

  • You can protect yourself from hacking on a logical level as well. Just put a burner bot ( github.com/codywall/Burner-Bot ) at all of your wallets and securely protect it: or put your own Sweeper bot;

  • Never click on links just for fun. Never at all. If necessary, use  anyrun_app  or  urlscanio  (or simply type in the link by hand and open it in incognito under a virtual machine);

  • Put a canarytokens-based honeypot on your work computer. Make an HTML file, name it “seed phrase” and put a tracking pixel in there with  canarytokens  (or iplogger(dot)org). Put open notifications on your phone/bot. I will provide all data on request;

  • Install a “ littlesnitch ” application on your computer/router (under OpenVRT) and configure it correctly;

  • Always update your browser. It is best to use the original Firefox or Chrome. But you can use the solution similar to detect(dot)expert ;

  • Never work when you are sleepy, hungry or sick. If you feel vulnerable or just uneasy — the chance of being hacked increases dramatically. Always double-check the addresses pasted after copying to the clipboard (watch out for the crypto clipper malware).

In doing so, always remember the two golden rules:

  • Personal data protection. When you are active in blockchain and cryptocurrencies, you need to pay  special  attention to protecting your personal data;

  • Software updates. It’s important to update your software regularly, as developers are  constantly  releasing new versions with improved security measures.

I wish you the best of luck! Read  more  on my  blog  and  GitHub ! Happy New Year and Merry Christmas! Stay safe!

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like