|
cannycassiopeia (OP)
|
 |
January 30, 2018, 05:12:50 PM
Last edit: February 18, 2018, 05:47:08 PM by cannycassiopeia Merited by vlom (2), AngelSky (1), musta5a (1) |
|
I've been doing this for years, but I still catch myself leaving some security vulnerabilities to my wallets and email addresses. You would probably think your security is adequate, it's not. Hackers and thieves always find a way to fool even the veterans. Let me tell you if you've been in this space for long enough, you probably had been hacked once or twice before. Hackers are getting very imaginative every year since because the booty they get from a successful hack is very enormous. Wallet security- RE: Online wallet tools/services - NEVER EVER SHARE YOUR PRIVATE KEYS ONLINE - don't even upload your keystore and password.
You might think the site is well-known and trusted like myetherwallet.com (MEW), but their DNS can be hijacked and you can be re-directed to a fake MEW. Once you send your private keys or passphrase, you gave away your wallet access. Etherdelta was a victim of this and thousands of ETH were stolen from Etherdelta traders. Because you can upload your private keys to trade with the Etherdelta smart contracts. Of course, there are also many straight-up imposter sites where the would-be thieves will send you a phishing email and saying you have to click this link to go to their site. Your private keys should never be online as much as possible.
a. For Bitcoin: all you have to do is to generate a transaction and sign it with your private key offline. And then you can broadcast the signed transaction (TX) anywhere online that offers a broadcast service or push transaction.
b. For Ethereum and ETH tokens, a service like Metamask keeps your wallet encrypted in the browser, you can use it directly to send ETH or for tokens you can use it in tandem with MEW. It does not share private keys, only signed transactions.
c. For other types of blockchain, I'm sure there could one or two that provides signed TX broadcasting and propagation. If not, download your own wallet - better be safe than sorry.
- Online Seed Generation - Those online bitcoin/crypto seed generation or address generators - Don't use them online!!!
The site owner of the service you are using can record your seed/address generation and store your private keys. It has happened to new IOTA wallets from certain online services. The best practice here is to turn off your internet access when you generate. - Always encrypt your local wallets. Don't assume it hasn't happened to you, it won't happen to you. And if someone was able to install backdoors to your machine, it's going to be an expensive lesson. Frankly, your personal laptop is the least secure place to store your private keys since you're not a security expert and other people might use your machine too.
Personally I prefer paper wallets. I don't mind the extra hassle as long as its highly secure. Anyway, there are number of ways to encrypt your private keys. Most wallets provide encryption. I'm so paranoid. I even encrypted my paper wallets with PGP encryption.
Exchange account security- Put 2FA on all of them exchanges! - As we become much wired than before, Username/email address/passwords combo are easily hacked nowadays. Especially if you're still using the same email address and username from the year 2005. There is a combo list out in the internet with your username and password hacked from sites you long forgotten.
- Never use the same email address and password for all exchanges and crypto-related sites such as this forum.
- If you use Gmail or your email provider provides 2FA, enable email 2FA. This is the last piece of the puzzle for hackers, after gaining access to your exchange account, they will need access to your email too.
- And lastly, never put all your coins in exchanges! I don't have to tell you the number of exchange hacks that has happended throughout the history of crypto. You're not the exception, if you're in crypto for a long time, you will be targeted, directly or directly.
Good luck!
Update: For Chrome, install Cryptonite by MetaCert https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnigeThe service verifies the correct DNS entries for many crypto-related sites. It will warn you if the site you are on is a phishing site. |
I'll be active when the bull market comes back
|
|
|
CryptoCY3366
Jr. Member
 Offline
Activity: 70
Merit: 1
|
 |
January 30, 2018, 05:18:27 PM |
|
Good post, security is key be smart people...
|
https://deeponion.org/apply.php?ref=1760267
DeepOnion - Tor Integrated - 100% Anonymous
===> Join DeepOnion Team NOW! <=== |
|
|
|
rumexx
|
|
January 30, 2018, 05:23:52 PM |
|
Thanks for the write up on security of our wallets. I have picked some points that i was not observing before now. We keep trying to safe guard our wallets
all the time.
|
|
|
|
|
TotleCrypto
Jr. Member
Offline
Activity: 32
Merit: 4
Crypto Investing Made Easy
|
|
January 30, 2018, 05:27:07 PM |
|
A WHOLE BUNCH of great advice here on security for crypto! So many people get taken by scams and easily avoidable situations. If they just had some of this knowledge they would probably fair a bit better. We have been working on our Totle platform to help with this as well so people can invest safely and securely no matter who they are!
|
https://www.totle.com
|
|
|
|
IlfarIldarovich
|
|
January 30, 2018, 05:35:54 PM |
|
The most important aspect as you say safety , you're right . Now a great many scams . Everyone is trying to cheat and steal our money
|
|
|
|
|
Castlereagh
Member
Offline
Activity: 154
Merit: 25
|
|
January 30, 2018, 05:44:09 PM |
|
Really nice article here and some very sound advice - so thanks very much for sharing. To tell you the truth, I wasn't aware of the potential holes in MyEtherWallet... and I was pretty sure that if I just made sure I was using a service like MetaCert everything would be OK. However, you are quite right that the scammers and criminals are becoming more and more audacious, because the rewards are so incredibly high, so I think I will switch over to using MetaMask. In fact, my long term play (I say long term only because of the fact they are sold out everywhere) is to make sure I put all assets onto a hardware wallet, and I've had a Nano Ledger S on order for about 2 months now.
What do you think of hardware wallets - do you have any particular recommendations or practices you'd use for them?
|
|
|
|
|
|
cannycassiopeia (OP)
|
|
January 30, 2018, 05:52:30 PM |
|
Really nice article here and some very sound advice - so thanks very much for sharing. To tell you the truth, I wasn't aware of the potential holes in MyEtherWallet... and I was pretty sure that if I just made sure I was using a service like MetaCert everything would be OK. However, you are quite right that the scammers and criminals are becoming more and more audacious, because the rewards are so incredibly high, so I think I will switch over to using MetaMask. In fact, my long term play (I say long term only because of the fact they are sold out everywhere) is to make sure I put all assets onto a hardware wallet, and I've had a Nano Ledger S on order for about 2 months now.
What do you think of hardware wallets - do you have any particular recommendations or practices you'd use for them?
Sorry, I'm old school - paper wallets. If I must for convenience's sake, I have another wallet in which I split the private keys/passphase in two and stored into two separate encrypted text files. |
I'll be active when the bull market comes back
|
|
|
mvplol
Newbie
Offline
Activity: 62
Merit: 0
|
|
January 30, 2018, 06:11:51 PM |
|
I bought a nano ledger s which I absolutely love and I would reccomend . The only thing I would add is that if someone is looking to buy one or any hardware wallet please do not buy them from ebay or Amazon as they could be hacked. Only buy one from the official retailer.
|
|
|
|
|
|
bitorama
|
|
January 30, 2018, 06:28:55 PM |
|
do not keep the private keys in emails, or in cloud service like Evernote or Dropbox.
Paper wallet is the best way for security
|
|
|
|
|
stashi
Newbie
Offline
Activity: 23
Merit: 0
|
|
January 30, 2018, 06:30:38 PM |
|
worthy to know.. thanks for the informative post
|
|
|
|
|
BeruchN
Jr. Member
Offline
Activity: 182
Merit: 1
|
|
January 30, 2018, 06:40:35 PM |
|
I've been doing this for years, but I still catch myself leaving some security vulnerabilities to my wallets and email addresses. You would probably think your security is adequate, it's not. Hackers and thieves always find a way to fool even the veterans. Let me tell you if you've been in this space for long enough, you probably had been hacked once or twice before. Hackers are getting very imaginative every year since because the booty they get from a successful hack is very enormous. Wallet security- RE: Online wallet tools/services - NEVER EVER SHARE YOUR PRIVATE KEYS ONLINE - don't even upload your keystore and password.
You might think the site is well-known and trusted like myetherwallet.com (MEW), but their DNS can be hijacked and you can be re-directed to a fake MEW. Once you send your private keys or passphrase, you gave away your wallet access. Etherdelta was a victim of this and thousands of ETH were stolen from Etherdelta traders. Because you can upload your private keys to trade with the Etherdelta smart contracts. Of course, there are also many straight-up imposter sites where the would-be thieves will send you a phishing email and saying you have to click this link to go to their site. Your private keys should never be online as much as possible.
a. For Bitcoin: all you have to do is to generate a transaction and sign it with your private key offline. And then you can broadcast the signed transaction (TX) anywhere online that offers a broadcast service or push transaction.
b. For Ethereum and ETH tokens, a service like Metamask keeps your wallet encrypted in the browser, you can use it directly to send ETH or for tokens you can use it in tandem with MEW. It does not share private keys, only signed transactions.
c. For other types of blockchain, I'm sure there could one or two that provides signed TX broadcasting and propagation. If not, download your own wallet - better be safe than sorry.
- Online Seed Generation - Those online bitcoin/crypto seed generation or address generators - Don't use them online!!!
The site owner of the service you are using can record your seed/address generation and store your private keys. It has happened to new IOTA wallets from certain online services. The best practice here is to turn off your internet access when you generate. - Always encrypt your local wallets. Don't assume it hasn't happened to you, it won't happen to you. And if someone was able to install backdoors to your machine, it's going to be an expensive lesson. Frankly, your personal laptop is the least secure place to store your private keys since you're not a security expert and other people might use your machine too.
Personally I prefer paper wallets. I don't mind the extra hassle as long as its highly secure. Anyway, there are number of ways to encrypt your private keys. Most wallets provide encryption. I'm so paranoid. I even encrypted my paper wallets with PGP encryption.
Exchange account security- Put 2FA on all of them exchanges! - As we become much wired than before, Username/email address/passwords combo are easily hacked nowadays. Especially if you're still using the same email address and username from the year 2005. There is a combo list out in the internet with your username and password hacked from sites you long forgotten.
- Never use the same email address and password for all exchanges and crypto-related sites such as this forum.
- If you use Gmail or your email provider provides 2FA, enable email 2FA. This is the last piece of the puzzle for hackers, after gaining access to your exchange account, they will need access to your email too.
- And lastly, never put all your coins in exchanges! I don't have to tell you the number of exchange hacks that has happended throughout the history of crypto. You're not the exception, if you're in crypto for a long time, you will be targeted, directly or directly.
Good luck! Thanks for the guide. Not enough people are secure when it comes to their wallets/privacy and should definitely read this post! |
---- Hot Crypto Airdrops ---- |
|
|
|
|
|
cannycassiopeia (OP)
|
|
February 18, 2018, 05:46:31 PM |
|
Easily avoided if you apply best practices at OP.  Recently, One of my friends Myetherwallet account got hacked. Then everyone told him to use Metamask, They said Myetherwallet isn't good anymore. They aren't safe, You should avoid MEW and accept Metamask for your all crypto coins and eth. But I just love Myetherwallet, it is very easy and humble. What do you think? which is better here? Any idea to secure Myetherwallet?
Thank You.
|
I'll be active when the bull market comes back
|
|
|
DeadCoin
Sr. Member
Offline
Activity: 1246
Merit: 261
★ Investor | Trader | Promoter
|
|
February 19, 2018, 10:27:56 AM |
|
Good supportive / necessary share on securing wallets. Thanks dude. Yes, has hackers are around looking for loop hole to hack wallets / exchanges / trading sites etc, its individual responsibility to keep his or her wallets and etc secured with all possible option given by the respective wallets sites. Always activate 2FA authentication factor in mobile. This would help keep the wallet so secured.
|
|
|
|
|
Arian247
Member
Offline
Activity: 560
Merit: 11
|
|
February 19, 2018, 02:29:08 PM |
|
This post is really helpful thanks for the advice, just changed my password after reading you just can't be too sure you know  |
|
|
|
|
vlast01
Full Member
Offline
Activity: 364
Merit: 105
Dolphins Finance TRUSTED FINANCE
|
|
February 20, 2018, 03:40:27 PM |
|
I've been doing this for years, but I still catch myself leaving some security vulnerabilities to my wallets and email addresses. You would probably think your security is adequate, it's not. Hackers and thieves always find a way to fool even the veterans. Let me tell you if you've been in this space for long enough, you probably had been hacked once or twice before. Hackers are getting very imaginative every year since because the booty they get from a successful hack is very enormous. Wallet security- RE: Online wallet tools/services - NEVER EVER SHARE YOUR PRIVATE KEYS ONLINE - don't even upload your keystore and password.
You might think the site is well-known and trusted like myetherwallet.com (MEW), but their DNS can be hijacked and you can be re-directed to a fake MEW. Once you send your private keys or passphrase, you gave away your wallet access. Etherdelta was a victim of this and thousands of ETH were stolen from Etherdelta traders. Because you can upload your private keys to trade with the Etherdelta smart contracts. Of course, there are also many straight-up imposter sites where the would-be thieves will send you a phishing email and saying you have to click this link to go to their site. Your private keys should never be online as much as possible.
a. For Bitcoin: all you have to do is to generate a transaction and sign it with your private key offline. And then you can broadcast the signed transaction (TX) anywhere online that offers a broadcast service or push transaction.
b. For Ethereum and ETH tokens, a service like Metamask keeps your wallet encrypted in the browser, you can use it directly to send ETH or for tokens you can use it in tandem with MEW. It does not share private keys, only signed transactions.
c. For other types of blockchain, I'm sure there could one or two that provides signed TX broadcasting and propagation. If not, download your own wallet - better be safe than sorry.
- Online Seed Generation - Those online bitcoin/crypto seed generation or address generators - Don't use them online!!!
The site owner of the service you are using can record your seed/address generation and store your private keys. It has happened to new IOTA wallets from certain online services. The best practice here is to turn off your internet access when you generate. - Always encrypt your local wallets. Don't assume it hasn't happened to you, it won't happen to you. And if someone was able to install backdoors to your machine, it's going to be an expensive lesson. Frankly, your personal laptop is the least secure place to store your private keys since you're not a security expert and other people might use your machine too.
Personally I prefer paper wallets. I don't mind the extra hassle as long as its highly secure. Anyway, there are number of ways to encrypt your private keys. Most wallets provide encryption. I'm so paranoid. I even encrypted my paper wallets with PGP encryption.
Exchange account security- Put 2FA on all of them exchanges! - As we become much wired than before, Username/email address/passwords combo are easily hacked nowadays. Especially if you're still using the same email address and username from the year 2005. There is a combo list out in the internet with your username and password hacked from sites you long forgotten.
- Never use the same email address and password for all exchanges and crypto-related sites such as this forum.
- If you use Gmail or your email provider provides 2FA, enable email 2FA. This is the last piece of the puzzle for hackers, after gaining access to your exchange account, they will need access to your email too.
- And lastly, never put all your coins in exchanges! I don't have to tell you the number of exchange hacks that has happended throughout the history of crypto. You're not the exception, if you're in crypto for a long time, you will be targeted, directly or directly.
Good luck!
Update: For Chrome, install Cryptonite by MetaCert https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnigeThe service verifies the correct DNS entries for many crypto-related sites. It will warn you if the site you are on is a phishing site.This safeness must put on to practice and make this as a hobby to avoid scammers, hackers and wallet Hijackers. For more safety practices on securing your CRYPTOCURRENCIES and WALLETS just hit the link. https://bitcointalk.org/index.php?topic=1631151.0#post_bp |
|
|
|
|
puremage111
|
|
February 20, 2018, 04:19:11 PM |
|
I've been doing this for years, but I still catch myself leaving some security vulnerabilities to my wallets and email addresses. You would probably think your security is adequate, it's not. Hackers and thieves always find a way to fool even the veterans. Let me tell you if you've been in this space for long enough, you probably had been hacked once or twice before. Hackers are getting very imaginative every year since because the booty they get from a successful hack is very enormous. Wallet security- RE: Online wallet tools/services - NEVER EVER SHARE YOUR PRIVATE KEYS ONLINE - don't even upload your keystore and password.
You might think the site is well-known and trusted like myetherwallet.com (MEW), but their DNS can be hijacked and you can be re-directed to a fake MEW. Once you send your private keys or passphrase, you gave away your wallet access. Etherdelta was a victim of this and thousands of ETH were stolen from Etherdelta traders. Because you can upload your private keys to trade with the Etherdelta smart contracts. Of course, there are also many straight-up imposter sites where the would-be thieves will send you a phishing email and saying you have to click this link to go to their site. Your private keys should never be online as much as possible.
a. For Bitcoin: all you have to do is to generate a transaction and sign it with your private key offline. And then you can broadcast the signed transaction (TX) anywhere online that offers a broadcast service or push transaction.
b. For Ethereum and ETH tokens, a service like Metamask keeps your wallet encrypted in the browser, you can use it directly to send ETH or for tokens you can use it in tandem with MEW. It does not share private keys, only signed transactions.
c. For other types of blockchain, I'm sure there could one or two that provides signed TX broadcasting and propagation. If not, download your own wallet - better be safe than sorry.
- Online Seed Generation - Those online bitcoin/crypto seed generation or address generators - Don't use them online!!!
The site owner of the service you are using can record your seed/address generation and store your private keys. It has happened to new IOTA wallets from certain online services. The best practice here is to turn off your internet access when you generate. - Always encrypt your local wallets. Don't assume it hasn't happened to you, it won't happen to you. And if someone was able to install backdoors to your machine, it's going to be an expensive lesson. Frankly, your personal laptop is the least secure place to store your private keys since you're not a security expert and other people might use your machine too.
Personally I prefer paper wallets. I don't mind the extra hassle as long as its highly secure. Anyway, there are number of ways to encrypt your private keys. Most wallets provide encryption. I'm so paranoid. I even encrypted my paper wallets with PGP encryption.
Exchange account security- Put 2FA on all of them exchanges! - As we become much wired than before, Username/email address/passwords combo are easily hacked nowadays. Especially if you're still using the same email address and username from the year 2005. There is a combo list out in the internet with your username and password hacked from sites you long forgotten.
- Never use the same email address and password for all exchanges and crypto-related sites such as this forum.
- If you use Gmail or your email provider provides 2FA, enable email 2FA. This is the last piece of the puzzle for hackers, after gaining access to your exchange account, they will need access to your email too.
- And lastly, never put all your coins in exchanges! I don't have to tell you the number of exchange hacks that has happended throughout the history of crypto. You're not the exception, if you're in crypto for a long time, you will be targeted, directly or directly.
Good luck!
Update: For Chrome, install Cryptonite by MetaCert https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnigeThe service verifies the correct DNS entries for many crypto-related sites. It will warn you if the site you are on is a phishing site.Thanks for all the help, aside from that. Really appreciate for the MetaCert, the DNS Hijack is really something that is kinda hard to avoid because people normally check the URL but not DNS Already installed the MetaCert, thanks! |
|
|
|
|
Daria_daria1992
Member
Offline
Activity: 350
Merit: 11
|
|
February 21, 2018, 10:10:17 AM |
|
Also I would add. If you earn on crypto currency, then get a separate laptop for this. With it you will be go to exchanges and purses with your links in bookmarks. 2. Do not register social networks and messengers to your phone number, which is linked to exchanges. There have already been cases of hacking.
|
|
|
|
alyssa85
Legendary
Offline
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
|
|
February 21, 2018, 01:50:47 PM |
|
- Never use the same email address and password for all exchanges and crypto-related sites such as this forum.
This one is crucial. Bitcointalk was hacked in 2015, and loads of people ended up getting hacked on exchanges because they were using the same email address and password on the exchanges as they were using here. And after Cryptsy went down, there were phishing emails for other exchanges send to email addresses held on Cryptsy - so either these were sold or hacked. Also - don't boast about how much crypto you have. You are just inviting someone to dox you. |
|
|
|
musta5a
Jr. Member
Offline
Activity: 294
Merit: 7
BITDEPOSITARY - Make ICO's , More Secure
|
|
February 21, 2018, 01:58:25 PM |
|
I've been doing this for years, but I still catch myself leaving some security vulnerabilities to my wallets and email addresses. You would probably think your security is adequate, it's not. Hackers and thieves always find a way to fool even the veterans. Let me tell you if you've been in this space for long enough, you probably had been hacked once or twice before. Hackers are getting very imaginative every year since because the booty they get from a successful hack is very enormous. Wallet security- RE: Online wallet tools/services - NEVER EVER SHARE YOUR PRIVATE KEYS ONLINE - don't even upload your keystore and password.
You might think the site is well-known and trusted like myetherwallet.com (MEW), but their DNS can be hijacked and you can be re-directed to a fake MEW. Once you send your private keys or passphrase, you gave away your wallet access. Etherdelta was a victim of this and thousands of ETH were stolen from Etherdelta traders. Because you can upload your private keys to trade with the Etherdelta smart contracts. Of course, there are also many straight-up imposter sites where the would-be thieves will send you a phishing email and saying you have to click this link to go to their site. Your private keys should never be online as much as possible.
a. For Bitcoin: all you have to do is to generate a transaction and sign it with your private key offline. And then you can broadcast the signed transaction (TX) anywhere online that offers a broadcast service or push transaction.
b. For Ethereum and ETH tokens, a service like Metamask keeps your wallet encrypted in the browser, you can use it directly to send ETH or for tokens you can use it in tandem with MEW. It does not share private keys, only signed transactions.
c. For other types of blockchain, I'm sure there could one or two that provides signed TX broadcasting and propagation. If not, download your own wallet - better be safe than sorry.
- Online Seed Generation - Those online bitcoin/crypto seed generation or address generators - Don't use them online!!!
The site owner of the service you are using can record your seed/address generation and store your private keys. It has happened to new IOTA wallets from certain online services. The best practice here is to turn off your internet access when you generate. - Always encrypt your local wallets. Don't assume it hasn't happened to you, it won't happen to you. And if someone was able to install backdoors to your machine, it's going to be an expensive lesson. Frankly, your personal laptop is the least secure place to store your private keys since you're not a security expert and other people might use your machine too.
Personally I prefer paper wallets. I don't mind the extra hassle as long as its highly secure. Anyway, there are number of ways to encrypt your private keys. Most wallets provide encryption. I'm so paranoid. I even encrypted my paper wallets with PGP encryption.
Exchange account security- Put 2FA on all of them exchanges! - As we become much wired than before, Username/email address/passwords combo are easily hacked nowadays. Especially if you're still using the same email address and username from the year 2005. There is a combo list out in the internet with your username and password hacked from sites you long forgotten.
- Never use the same email address and password for all exchanges and crypto-related sites such as this forum.
- If you use Gmail or your email provider provides 2FA, enable email 2FA. This is the last piece of the puzzle for hackers, after gaining access to your exchange account, they will need access to your email too.
- And lastly, never put all your coins in exchanges! I don't have to tell you the number of exchange hacks that has happended throughout the history of crypto. You're not the exception, if you're in crypto for a long time, you will be targeted, directly or directly.
Good luck!
Update: For Chrome, install Cryptonite by MetaCert https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnigeThe service verifies the correct DNS entries for many crypto-related sites. It will warn you if the site you are on is a phishing site.nice article, enjoy your merit  perhaps you can also mention the way you store your keys offliine, that's something I have been pondering recently. How many back ups to do and where to put them. |
BITDEPOSITARY ▬▬▬▬▬▬▬▬▬▬▬▬ - JOIN US -
| ● Q-RATIO MARKET FUNDING COMMUNITY | ● MAKE ICO'S MORE SECURE, STOP SCAMS WITH BITDEPOSITARY | |
|
|
|
