Bitcoin Forum

Feel free to list your ideas to improve security to prevent getting hacked and having your crypto stolen. There's a lot of malware out there that can steal your information. Malwarebytes found spyware called AzorUlt on my PC a couple months ago which makes me paranoid about security. Fortunately it was found and removed before it could do any harm to me.


- use a good anti-virus program such as Avast or AVG and antimalware program Malwarebytes to scan your devices regularly

- Enable Authenticator or Security Key options in your Coinbase settings

- use more secure internet browser like Avast or AVG

- store large amounts of crypto offline

- anything else you can think of please list here

================================

From Malwarebytes website:

Spyware.AzorUlt is Malwarebytes’ detection name for a family of spyware that steals information and sometimes downloads additional malware.

Type and source of infection
Spyware.AzorUlt is spyware that can steal banking information, including passwords and credit card details as well as cryptocurrency. Spyware.AzorUlt is typically spread in malspam campaigns.

Aftermath
Data/information about the system may have been stolen
User credentials may have been stolen
Digital coins may have been stolen
Affected system may be susceptible to further attacks

It's an interesting list you have there, but the only measure that is actually effective is:

"store your crypto offline".

Either buy a hardware wallet (they start at ~$50), learn how to properly generate a paper wallet or setup an airgapped setup (can be achieved without using dedicated hardware by booting from a live CD).

If you want any security, stay away from online wallets....
If you want a reasonable amount of security, follow your advices about antivirus, animalware, 2FA, regular updates, firewalling, smart wallet choices....
If you want good security, use a hardware wallet, paper wallet or airgapped setup...

Mostly, the best possible measure towards privacy is having different passwords within different platforms. You wouldn't need to memorize them all, just get a great password manager, and then you could possibly forget every password that you have and just have a master password. Make sure the master is going to be hard to guess and possibly longer than anything else.

I'm with mocacinno on this one. The best security is having a hardware of paper wallet. I'd say the vast majority of the forum store their holdings in one. You may want to do some trading, thus depositing and withdrawing from exchanges that's where the other advice given in the thread comes into play, apart from the fact that they are also good as protection in general.

I have been using various Bitcoin wallets for almost a decade now. I have used online wallets, exchange wallets, desktop wallets, paper wallets and hardware wallets to store my coins. Fortunately till now, no one has been able to hack my coins. There are certain basic precautions that you need to take before setting up a cryptocurrency wallet. If you are opting for an online wallet, the make sure to take the backup of the private key and then go for 2FA with a gmail account (other email providers are not that secure). On the other hand, if you are planning to store your coins in a hardware wallet, first make sure that the wallet reaches you in untouched condition. And then create multiple backups. With hardware wallets, the biggest risk is not getting hacked, but losing access to your coins as a result of carelessness.

Some more tips:

- disable Javascript (you can whitelist trusted websites) and third party cookies in your browser.
- if using Chrome browser enable enhanced security

- disable and/or uninstall flash

- use a good router and firewall (never connect directly to internet).

Also having different mails will truly help us to make sure our wallet safe from certain fraud attacks since sometimes those frauds are using various platform just to gather some leads that can possibly attached our account mail to our exchanger or online wallets. So its better to have multiple to make sure that our money isn truly safe.

I will add. Switch to Linux systems. Although they do not guarantee complete safety, fewer viruses are written on them. I have not trusted Microsoft for a long time, there are too many holes in its systems. You can write a lot about security, and it probably needs to be repeated often, as topics go down in history.  It is better to have a separate computer altogether. Or have two systems on separate disks. Phishing links and emails regularly appear on the net intending to find an uneducated but rich victim. Therefore, the more often you learn about the methods of protecting your information, the more intact your wallets will be.

I agree about using a reliable anti-virus and don't just download in torrent sites free anti-viruses. Because instead of downloading one, you might get caught with a malware.

These are anti-viruses not internet browsers.

Avoid too being active in downloading things on the web. If you don't need the software, don't download it. But if you're like that person and you're also keeping your desktop wallets on the same PC/laptop, use a different PC/laptop for your crypto wallets and make it just a plain device for your wallets.

AV softwares can not protect you.

They work with their data base and heuristic algorithm. Their softwares can fail to fight with totally new threats and can not protect you.

Perfect solutions

• Store your cryptocurrencies offline
• Store back up of your crypto wallets offline
• Dedicate one service to use for crypto wallets and transactions when you need to broadcast. It can not be applied for all but if you can, please do it
• Have a healthy web-surfing behaviour
• Keep your cryptocurrency investment in secrets. The more people know you are crypto investor, the higher prob that you will become a target of someone else
• Don't use cracked softwares or free trial AVs

Different wallets have a different purpose, I won't hesitate my self even I used a web wallet but of course with a small amount to store.  A big amount should be on the offline wallet that you have control over the key or even hardware wallets because I have heard that HW had a feature to protect themselves from malware infections.

Anti-virus might contribute to an increase in the level of security but it doesn't mean you're safe and you can rely upon them, it's always our responsibility to protect our Bitcoin or crypto assets safe.

Lol, it means avoid surfing on adult sites.  :D
They're very prone to malware infection.

Did you use the free or premium version of MB? The premium version has proactive protection and actually protects you from everything in its database, and it is always better to prevent infecting the system than to remove the infection, which is sometimes almost impossible.


I would disagree with you when it comes to Avast or AVG, both companies have been proven to collect data from their users and sell it to interested parties - but what else to expect from software that is free? If you want a somewhat good AV, I suggest not using the ones that are free. As for the browser, my recommendation is Firefox with uBlock Origin, which will be enough unless you want a higher level of privacy - in which case Tor is a great option.

https://www.ibtimes.sg/avast-avg-antivirus-allegedly-gleaned-user-data-sold-it-industry-biggies-including-microsoft-38420

Tips from me  :)

• Keep the e-mail as secret as you can, because if the hacker knows your email address, he will send you malware-affected attachments, links, exe files. etc
• Do not download software that does not have a free version but is offered for free on a website. Because with this you also get a malware which silently installs in your device.
• Never visit websites sent in private messages on Telegram Facebook or Twitter. Because it can have drive by download script... If necessary, use the sandbox.
• If your device is heating up while visiting a website, check the task manager immediately. Because it is possible that crypto currency is being mined with your CPU power ... Close your browser it's cryptojacking.
  
  
• Bookmark your favorite websites so that you can avoid phishing websites.
  
• And of course always avoid public wifi.
  

I will suggest a nice read about the argument of safety and how to prevent get hacked.
It is called glacier protocol www.glacierprotocol.org . Here it is described a fully way for create "the best" cold storage wallet. Plus there are fews useful information about security of wallet in general.
Despite this doesn't appear a simple way to follow, it's for sure an inspiring lecture about security.

My best security measure is, not to save my password on any site and having a 2fa authentication app running for each of my accounts, and websites that allow the second alfa security standards.

Some ideas that seem to have been missed so far:

Use a unique password for every website you visit. Try to use long passwords for anything bitcoin related - include numbers, letters, different cAsEs and even characters like !?#
If you have to write your password down, only store it in a completely secure physical location that only you can access, like a safe.
Be careful if you're using phone based 2FA - do not follow links from text messages and be careful of anything you might download via email. There is software that can compromise your phone just like a PC.
This is personal preference, but if you have a lot of Bitcoin then maybe spread it out across 2-3 wallets kept with different exchanges, so you have less chance of losing it all if something gets hacked.


Not just adult websites - many people use free TV streaming websites which bombard you with pop-ups (that avoid even the best blockers) and might be loaded with exploits to access your device.

Malwarebytes detected a file called ntcstat.exe in one of my Windows 10 folders (Users/.../appData/Local/Temp/nctstat.exe) and flagged it as the AzorUlt spyware.

It is currently in quarantine on my desktop PC. I don't believe the file has been executed on my PC as far as I know so should be harmless as long as it hasn't been run.  

At the time of detection I was using the free version of MB. Currently using the full version 14 day trial but plan to upgrade.

Use Linux and then switch user every time you are not in front of your unit. And also don't just click links inside your email because there is a possibility that hackers are already targeting you from there.  If there is a notification in your email, head over to the website of the company where this notification came from and then verify by login-in.  Most important of all keep your files privately or to another folder that requires password.

Did you download something before or plugged in a flashdisk etc? I don't think that malware went to your PC just like that. It would be a good idea to find out which habit allows your computer to get infected, such as downloading pirated software (not saying you did), using malicious FD, etc.

A free tool to block those ads is dns encryption. Use a list that blocks all ads server and you'll no longer see the ads and the script won't be rendered, but some websites won't allow you to continue to access their service if you do that.

Some hardware wallets store the private keys in a secure environment which is equivalent to cold storage. Even when they are connected to your online machine, the private keys don't leave that safe enclosure.

The feature you are talking about are the two buttons you can find on a Trezor or Ledger hardware wallet. Physical confirmation of transactions by pressing buttons is what keeps your assets safe. An attacker can't sign an outgoing transaction from your hardware wallet without pressing the buttons.

If you are using crypto exchanges to store your coins, you are making a big mistake. Or are you referring to money that is regularly traded with buy/sell orders waiting to be filled?  

Since the OP is clearly a fan of Google services, he probably caught this spy with a fake update. In addition to the fact that his browsers that the OP uses are not reliable enough, but all sorts of updates that appear in Windows 10 regularly put users in an unpleasant position. https://www.bleepingcomputer.com/news/security/azorult-trojan-steals-passwords-while-hiding-as-google-update/

You have listed almost everything that will improve the security of people online but using a good antivirus and antimalware program will still be useless if people still dont prevent human error, stop the use of free stuff online and visiting porn site using the same computer use for their crypto-related business or wallet because every antivirus and antimalware work base on how they are programmed there are still some logic used by hacker to bypass them.

Not really spyware. It informs you on the install screen that they collect anonymous data on you but you have the option to opt out before and/or after the install.


Good points. You are right people make mistakes even if they are usually very security conscious.

But people should strive to be vigilant and security minded at all times. Remember that if you let your guard down even for a minute it can cost you dearly. Many have already paid the price for letting their guard down. Always think before you do. Be self critical and try to break your bad surfing habits. Don't ever go to questionable websites or click on anything that you aren't 110% sure is legit and don't use public wi-fi. Watch out for phishing emails and websites that may be disguised to look legit but is actually not. Do virus and malwares scans on all your devices at least once a day. Use both good hardware and software firewalls. You can never be too careful.

I don't like the idea of storing coins in a PC crypto wallet and sti use that PC for online browsing, the fact is the more you use your PC for browsing online the more they are vulnerable to attacks, this is why I don't like using metamask extension

Just an update. I received an automated email from Coinbase this morning that says all my crypto is now available for withdraw which is what I just did to my Exodus wallet (until I receive my Ledger S hardware wallet). Delivery sure takes a long time since the company that makes Ledger is in France and I'm in US.



I only browse with Avast secure browser and Malwarebytes real-time protection turned on. I also use a paid VPN (Surfshark).
Of course the ideal would be to have one dedicated PC for your crypto activities, and another PC for your non-crypto activity.

I don't have to add more to your list since what I will going to let you add is already been mentioned in previous posts. Here it is, always use different passwords in your account by changing passwords daily if you don't have problem with it but you should use a password manager. I have been using AVG but some viruses or malwares won't be detected but detected in other anti virus.