Today, in SpaceCrew insights, we decided to take a look at the most common security vulnerabilities users come across when dealing with crypto.
Disclaimer: This article is not an investment recommendation. It is based on an analysis of information from open sources for educational and entertainment purposes. DYOR and stay safe.
Main vulnerabilitiesAfter widespread coverage in digital media, bitcoin blogs, and other cryptocurrency media, there was a large increase in news headlines such as: “hackers stole bitcoins”, “bitcoin owner lost access to a cryptocurrency wallet for millions of dollars”, and so forth. Today, the security of cryptocurrency is a topical issue for many investors.
If you do not want to become the main character of a crime story, let’s take a look at the most common threats in the crypto world when buying or storing them:
1. Use of pirated content
This is one of the fundamental points that can undermine all other security measures. Pirated content may also include malware.
By the way, malware is not always a story about instant theft- attackers often steal logs and cookies, store wallet seed phrases, and then monitor the balance. It makes no sense to steal $30 from you if there is a high probability of a balance increase with a deposit.
To overcome the issue, use only licensed software and antivirus, and don’t forget to update it regularly. At the very least, use the built-in antivirus and update it regularly.
2. Mixing crypto, work and leisure
Having a separate device for working with crypto can reduce the risk of it being infected by you or your family members. In this case, it’s better to move everything related to crypto to a separate account(s), or have a second PC to work with finances
Don’t forget to always check the address for receiving/sending funds via CTRL+F. Do not use public Wi-Fi networks. An attacker can intercept your browser data or replace the exchange page where you enter, for example, your email, password, and then 3 codes — all data will be intercepted and used on the real exchange authorization page.
Remember, do not leave your device unattended, and do not use fingerprint/face unlock or Bluetooth. Safety and convenience are often at opposite poles. Accordingly, unlocking your wallet on your phone should be only with a password.
3. Security in messengers and real life
Do not share screenshots of the balance. If someone sees 10.539456 ETH in your screenshot, they will most likely be able to quickly find your address using the holders in the blockchain explorer.
NEVER open links in private messages on Discord, Telegram, or other social networks/messengers/mail services through which you deal with crypto. Be careful with all files, including those from people you know, as they can become a victim to a hacker.
4. Understanding the DeFi structure
Disabling the wallet extension from the site does not mean that you are protected! If you use new applications, it is better to start with small amounts or for free in test networks, there is a risk of losing your cryptocurrency forever.
Revoke endless approvals on sites, no matter how much you trust them. Use only official tools, like Etherscan — the official tool for ETH. Approvals for other EVM blockchains can be manually withdrawn by interacting with the smart contract on the browser page, or by using Revoke.Cash and DeBank.
5. Storing passwords and seed phrases on a device with access to the internet.
So where do you store your passwords and keys then? There are two options:
- Specialized software — open source password managers KeePass and Bitwarden.
- A hardware password manager like Trezor.
Additional tipsWe also included some basic security principles that must be observed when working not only with cryptocurrency assets, but also with fiat funds:
- Remember: 1 service/site = 1 unique password.
- Scam tokens/NFTs will be actively sent to your wallets. Do not go to their site or try to sell them as this can lead to a complete loss of funds. Today, most projects are asked to manually receive their reward, that is, go to the brand’s site. Check if the token/NFT contract address listed in the official source matches what you are trying to brand.
- You can use your old phone as a password store, for Google authentication codes, and receiving SMS.
- Do not give the seed phrase to anyone, store it in different places, have backups, and train trusted people.
This is why we urge you to follow the security rules, monitor your accounts, and use all possible methods to protect your computer and your wallet.