How to prevent security risks when playing blockchain?

[Tim-BTC]

I use my superficial knowledge to talk about the risks that may be encountered. If there are errors, please correct me, thank you.

If you talk about the blockchain regardless of security, it's a "rogue"; if you promote the blockchain in the name of security, but you don't have any substantial actions, you are brazen.

The theft of digital currency and exchange security incidents occur so frequently that it has become a reason for the public to question the security of its underlying technology, the blockchain. So, let's take a look at the possible blockchain security risks of blockchain technology.

• the risk of Wallet
  All mainstream digital currencies have corresponding digital asset management tools-wallets. Take Bitcoin as an example. At present, there are dozens of mainstream wallets that support Bitcoin, and they are also divided into Online wallets/hot wallet and Offline wallet/cold wallet.
  
  Due to issues such as historical data, network synchronization, and inconvenience, it is very cumbersome and unrealistic for individuals to run and maintain a huge Bitcoin client to manage assets. More and more digital currency asset management vendors have developed wallet applications or hardware.
  
  In this world, there are always some people who have forgotten the initial key or lost the hard disk due to bad luck or other factors, resulting in the permanent disappearance of digital assets from the network. There are many such cases, and they are often seen in recent news or narratives.
  Charles-TIM Suggestions about the best ways to backup seed phrase More professional and detailed introduction from the forum
  
  
  The mainstream exchange or wallet management software all provide copying or scanning codes to obtain the receiving address, but if the computer terminal is implanted with a Trojan horse, then the receiving address is also at risk of being replaced during the process of copying or executing the transfer.
  
  In addition to security issues such as "passwords", keys and wallet addresses, the wallet app itself also has greater risks. When using digital currency wallets, you should choose officially recommended wallet software, and resolutely do not use wallet software developed by unknown manufacturers or from unknown sources in social networks.
  
• the risk of Mining
  
  1. The domain name of the mining pool server is hijacked, and the client has joined a fake mining pool for mining;
  
  2. If there is a virus in the mining server, the wallet address will be replaced during the mining process;
  
  3. The mining software itself is abnormal, and the wallet address is secretly changed;
  
  4. The mining pool server was hacked, resulting in the transfer of the cryptocurrency obtained from mining.
  
  
  Although distributed ledger technologies are known for their excellent security, this does not mean that they are completely secure. They may still be attacked, and data or information may still be stolen. You should know that blockchain is not 100% secure, and precautions should be taken to ensure security.
  
  
  
  
  

source
https://blog.fearcat.in/a?ID=00001-d30edf63-baa4-49ee-add8-a3368ae8477e
https://bitcointalk.org/index.php?topic=5256197.msg54635541#msg54635541

[Tim-BTC]

Similarly, there are always some people in this world who are careless, leading to the leak of the wallet key file and causing themselves heavy losses. On Twitter, someone once demonstrated using the AWS S3 resource scanning tool and found multiple Bitcoin wallet key files, wallet.dat, which can be downloaded publicly! Anyone who downloads the file and imports it into the Bitcoin client can transfer encrypted digital assets!

If it's encrypted, simply having the wallet file isn't enough to steal the cryptocurrency. The hacker need to brute-force the wallet and it'll take long time unless it's encrypted with weak password or hint/part of the password is known.

Thank you very much for your correction, I am going to modify it now.

[Charles-Tim]

The theft of digital currency and exchange security incidents occur so frequently that it has become a reason for the public to question the security of its underlying technology, the blockchain. So, let's take a look at the possible blockchain security risks of blockchain technology.

If I will be specific, Bitcoin blockchain has no security risk, the security risk is 51% attack which is not possible with the hashrate generated by bitcoin miners. But for other cryptocurrencies, there has been some reported 51% blockchain attacks due to inadequate mining hashrate.

and they are also divided into "software and hardware", "online and offline", "PC and mobile" and other forms.

The types of wallets are limited and specific. They are:

1. Online wallets/hot wallet
Web wallet, accessed through broswers
Mobile wallet, mobile phone app wallet
Desktop wallet, wallet on computer

2. Offline wallet/cold wallet
Paper wallet
Hardware wallet
Wallets on airgapped devices

Due to issues such as historical data, network synchronization, and inconvenience, it is very cumbersome and unrealistic for individuals to run and maintain a huge Bitcoin client to manage assets. More and more digital currency asset management vendors have developed wallet applications or hardware.

What you want to comment about here is that people do  not like to run full node wallet like Bitcoin Core because of the large memery space needed to download the full blockchain while people like to make use of Simplified Payment Verification (SPV wallet) which connects to central server and require no full blockchain download. But, for high privacy, running full node wallet like Bitcoin core is the best as it does not connect to central server but run as a node connecting to other nodes directly.

In this world, there are always some people who have forgotten the initial key or lost the hard disk due to bad luck or other factors, resulting in the permanent disappearance of digital assets from the network. There are many such cases, and they are often seen in recent news or narratives.

To make this understandable, make use of seed phrase and private key. It is not good to store these on hard disk or online, just save it offline. To check people's opinions about this, you can check this thread.

The mainstream exchange or wallet management software all provide copying or scanning codes to obtain the receiving address, but if the computer terminal is implanted with a Trojan horse, then the receiving address is also at risk of being replaced during the process of copying or executing the transfer.

That is why Bitcoin users need to be very careful and avoid malware. Also, it is very good to check and recheck the recipient's address before seeding to notice any change of address.

[Tim-BTC]

The theft of digital currency and exchange security incidents occur so frequently that it has become a reason for the public to question the security of its underlying technology, the blockchain. So, let's take a look at the possible blockchain security risks of blockchain technology.

If I will be specific, Bitcoin blockchain has no security risk, the security risk is 51% attack which is not possible with the hashrate generated by bitcoin miners. But for other cryptocurrencies, there has been some reported 51% blockchain attacks due to inadequate mining hashrate.

and they are also divided into "software and hardware", "online and offline", "PC and mobile" and other forms.

The types of wallets are limited and specific. They are:

1. Online wallets/hot wallet
Web wallet, accessed through broswers
Mobile wallet, mobile phone app wallet
Desktop wallet, wallet on computer

2. Offline wallet/cold wallet
Paper wallet
Hardware wallet
Wallets on airgapped devices

Due to issues such as historical data, network synchronization, and inconvenience, it is very cumbersome and unrealistic for individuals to run and maintain a huge Bitcoin client to manage assets. More and more digital currency asset management vendors have developed wallet applications or hardware.

What you want to comment about here is that people do  not like to run full node wallet like Bitcoin Core because of the large memery space needed to download the full blockchain while people like to make use of Simplified Payment Verification (SPV wallet) which connects to central server and require no full blockchain download. But, for high privacy, running full node wallet like Bitcoin core is the best as it does not connect to central server but run as a node connecting to other nodes directly.

In this world, there are always some people who have forgotten the initial key or lost the hard disk due to bad luck or other factors, resulting in the permanent disappearance of digital assets from the network. There are many such cases, and they are often seen in recent news or narratives.

To make this understandable, make use of seed phrase and private key. It is not good to store these on hard disk or online, just save it offline. To check people's opinions about this, you can check this thread.

The mainstream exchange or wallet management software all provide copying or scanning codes to obtain the receiving address, but if the computer terminal is implanted with a Trojan horse, then the receiving address is also at risk of being replaced during the process of copying or executing the transfer.

That is why Bitcoin users need to be very careful and avoid malware. Also, it is very good to check and recheck the recipient's address before seeding to notice any change of address.

Thank you very much for your correction, I think you are a highly skilled technical expert.
I would copy the seed phrase by hand in a notebook, and then put the notebook in a safe place. Usually I would copy two copies in case I lost it.

[Maus0728]

I would copy the seed phrase by hand in a notebook, and then put the notebook in a safe place. Usually I would copy two copies in case I lost it.

You fail to laminate the paper, at the very least, to protect it. Let's face it, we all know that paper isn't the most durable material available. Paper is readily shredded when it comes into contact with spilt liquids. Another reason is to keep them secure and maintain their look for several years.

Alternatively, if you have the funds, you might want to consider investing in a metal seed plate.

[bob123]

If I will be specific, Bitcoin blockchain has no security risk, the security risk is 51% attack which is not possible with the hashrate generated by bitcoin miners.

To be fair, that is not true.
There are more risks than just a 51% attack.

Stale blocks themselves are already a risk for the bitcoin economy. Waiting for a reasonable amount of blocks is just a countermeasure.
And still, the probability of an attacker with a reasonable amount of hashrate generating 6 blocks is "quite high". At least in cryptographic terms. In cryptography you want to have it as small as possible - negligible. With Bitcoin and 6 confirmations this is not the case.

It works in the real world, don't get me wrong. But it is by far not perfect and it by far is not true that it "has no security risk".

[Pmalek]

When it comes to security risks, you mentioned clipboard hijackers that change the destination address of a transaction. There are other types of malware people need to be careful with.

You can get keylogged. In that case, an attacker could receive the passwords you use for the sites you visit. That can lead to your emails getting hacked and everything associated with those accounts. It's especially dangerous for people who keep everything tied to just one email address or reuse the same password across multiple sites. Both things shouldn't be done.

There is also the issue with fake apps and phishing where the users are tricked into revealing and importing private keys and recovery phrases in fake apps that ultimately leads to the loss of funds.

Fake notifications and pop-up messages informing people that their software is outdated and needs to be upgraded asap to fix vulnerabilities and security risks should never be trusted and clicked on. Always verify with official sites and sources if there are new updates and ensure you verify what you downloaded before you install it or import your private data into it.

[tranthidung]

If 51% attacks can happen with altcoin networks, it can happen with Bitcoin network.

The Bitcoin network fortunately does not have any single attack of such so far, because in early years, when Bitcoin network is small, it is unpopular, so there was no attack. Nowadays, when the network is huge, the risk is lower significantly because the cost to run 51% attack on it is very expensive & somewhat unprofitable. The community nowadays with better technologies & tools are able to fastly response to such attacks.

Imagine if nowadays, Bitcoin network has small hashrate like 8 years ago, it would be attacked very easily. Fortunately, again, it is unrealistic.