Best practices to prevent hackers from stealing our crypto assets

[Mr. Magkaisa]

How do we keep our cryptocurrency assets? Because I researched various good practices that we can apply as holders. Because it is not enough that we know how to find good coins and which one to buy. But we don't know how to protect it.

In the cryptocurrency case, there are many hacked incidents although when I was just starting, I experienced my laptop being hacked and fortunately, I didn't have much important stuff saved in my file there. Because others can be considered experts here but they still get hacked, how about the people who always start here?

So this will be our guide to protecting our cryptocurrencies. And it applies to long-term and short-term holders.

1. Keep your seed phrase safe and secure :

     private and seed phrase is the most important aspect ofcryptocurrency owners. Because this is what we use. so we can access our crypto assets in the wallet, Hardware wallets and Non-custodial wallets all have seed phrase and private key.

That's why if we create a new wallet, the seed phrase we need to keep and hide so it doesn't end up to others or disappear. The mistake is because others put it they do it online, in notepad or google Sheets. After all, it's easy it's accessible. But it can also be easily accessed by those hackers, so it is not recommended. So the advise of most people put it in "Secure offline storage" Just write the risk on paper, it's an easy break, lose or burn. We have put it offline it's easy to break the paper, but it will still result in the loss of our cryptos.

2. Hardware wallet :

      This is advisable if we want to hold for a long period. It is a physical device specifically designed to securely store our crypto assets offline without being connected to internet and potential cyber threats.

It is also one of the safest and most secure methods of a strong large amount of cryptocurrency it is much better. This is an option compared to other cold storage, Normally, it has a built-in display button. And the offline storage device that is not connected to the internet is a USB drive or Encrypted hard drive. It is recommended for people with big holds of cryptocurrencies.

And if you are also planning to buy a hardware wallet, make sure you buy from the manufacturer, not either It is advisable that you buy it secondhand the hardware wallet has been compromised.

3. Two-Factor Authentication :

    We an adding security measures to also protect our cryptocurrency account. Particularly the centralized crypto exchange. In exchanges, normally there is a way to turn on our 2FA authentication. The most common 2FA is the one-time password OTP generated via SMS or APP to mobile users.

 And with bank accounts normally, it has OTP through SMS or text message when we log in to the new device or
Let's transact online and we'll receive something for it can proceed and it is also applicable to the rest of us account online, social media account, and cryptocurrency exchange, mobile wallet, etc.

2FA via apps like google is a more recommendable authenticator or Authy. And not via text message, because otp text message is easy to hack. Some are used hackers are just as devising to intercept that and theirs get the OTP.

   Anyway, as long as we have 2FA enabled it's much better than not having it. But if we base it on security, google authenticator is more secure. But if you want the safest google authenticator you can use "Yubikey"

source: https://www.techtarget.com/searchsecurity/definition/two-factor-authentication


4. Strong password :

  We can say that a password is strong if it has upper and lowercase, number and special characters. Then its length is at least 12 characters long, it is more difficult for hackers to guess it or extract the password.

Another risk we take is using the same password in different accounts. Once the hacker has access to one password he has access to all accounts. And it is dangerous in cryptocurrency accounts. Imagine if a hacker has access to one of your accounts in an exchange because you only have one password, there is a possibility that he can also access your other accounts.

Sometimes it's hard to think of complex passwords and then we need many more, and this is where password managers come in because it automatically generates a random and secure password for each account, it's also encrypted and accessible only with a master password. This will also help to avoid the risk of forgetting the password because we don't need to memorize it and always provide a convenient way to manage all of our passwords in one place.

5. Software update :

This is also one of the procedures that we sometimes forget to update. Updating our software and wallet regularly is also a crucial part to protect our cryptocurrency. Sometimes when the software is outdated, it has vulnerabilities, because the software used by hackers is also updated and they may discover a way to exploit the software.

And to address this issue, software developers always release security patches to fix them. So we have to update that we have security measures on our device.

And not only that, but we also often use operating systems and web browsers, and we also need to update them. Because hackers also use it to hack us, so we need to regularly check if there is something new or if we need to install it in the software and web browsers.

6. Reputable Exchange :

How do we know if an exchange is reputable based on its track record? There must be "Robust security measures" such as encryption, 2 Factor Authentication, and secure storage of funds in a cold wallet.

They need to be transparent in their operation and have a clear policy for handling security breaches and user funds. It also adds reputation if a cryptocurrency exchange is regulated by a financial authority. And just a few of the reputable exchanges here that I can say are Binance, Okex, crypto.com, and others, it just depends on the user's preference.

7. Be careful with email and links :

This is where phishing attacks often come from, which are used by cybercriminals to steal sensitive information, credentials, and private keys.

Those phishing emails or links may appear from a reputable source such as a crypto exchange or wallet provider, and those who receive them will think it is the original website but it turns out to be a trap. There are so many incidents like this, that even crypto holders when they search on google, many fake websites will appear that they don't know are malware.

8. Educate yourself :

This is our most important weapon to protect our crypto is our knowledge about this industry. And the crypto space is rapidly evolving, along with security threats and vulnerabilities. By staying informed and educated about what is happening in crypto we can think of necessary steps to protect our cryptocurrency assets. The ones who are often hacked are the new ones because they don't have enough knowledge to protect their crypto, they have not updated with the new things that hackers do to trick users.

I hope this information has helped some of our communities to protect our crypto assets

[Zergal]

Thank you @OP for creating this thread, I will try to learn more.

[hd49728]

3. Two-Factor Authentication :

But if you want the safest google authenticator you can use "Yubikey"

You can use open source Two-Factor Authentication alternative application than Google Authenticator or Authy. Aegis is a good alternative in my opinion for you.
Aegis Authenticator, a decent alternative to Google Authenticator and Authy.

Link for download Aegis: https://getaegis.app/ on Google Play or FDroid.

[JeromeTash]

6. Reputable Exchange :

How do we know if an exchange is reputable based on its track record? There must be "Robust security measures" such as encryption, 2 Factor Authentication, and secure storage of funds in a cold wallet.

They need to be transparent in their operation and have a clear policy for handling security breaches and user funds. It also adds reputation if a cryptocurrency exchange is regulated by a financial authority. And just a few of the reputable exchanges here that I can say are Binance, Okex, crypto.com, and others, it just depends on the user's preference.

There is nothing like a safe "reputable exchange"

I think you are familiar with the phrase Not your keys, not your coins

Do you know how many people though that FTX, BlockFi and Celcius network were reputable platforms until they filed for bankruptcy?

All the Robust security measure won't matter if the exchange itself decided to go offline or exit scam. A simple measure is do not at any one point think an exchange is your wallet.

[Lanatsa]

8. Educate yourself :

This would be including all the things that been stated above on which on the time that you do make yourself educated for whatever things that is related when it comes to security
then it would be definitely be known.Make yourself that updated and make yourself that know even with the basics of the basics which if you do stick with those
sentiments then you would be able to make yourself that avoid on possible hacking or loss of funds into your wallet. Be sensible into your actions.

[DoublerHunter]

~snip~
6. Reputable Exchange :

^ In all said above was right except this, I did not agree with this.
There is no reputable exchange that could be trusted to store your crypto assets, all of them will become scams in the end if they wanted to.
So I think there is no way to trust centralized exchange, store your assets in a hardware wallet and you are the one who is responsible for keeping your seed phrase, not a third-party exchange.
Nevertheless, the rest you have mentioned was right and must people learn.

[KennyR]

8. Educate yourself :

This would be including all the things that been stated above on which on the time that you do make yourself educated for whatever things that is related when it comes to security
then it would be definitely be known.Make yourself that updated and make yourself that know even with the basics of the basics which if you do stick with those
sentiments then you would be able to make yourself that avoid on possible hacking or loss of funds into your wallet. Be sensible into your actions.

This is the primary thing one needs to focus even if he/she had entered the cryptomarket without knowing anything. Just the learning and keeping ourselves updated along with the changes happening around, we'll get to know about securing the crypto holdings.

When one educate themselves automatically one can identify the scam and the real market. In recent days more funds were scammed than hacks. Just the beginners were targeted and easily made the prey. Through education these problems can be solved.

[o48o]

There is nothing like a safe "reputable exchange"
-cut-

If we are going that road then there's no place safe enough for your private key either. If someone really wants your money they might just do some long con clever social engineering. Thing with exchanges and banks is that they are more resistant and trained to protect their data for any of that kind of attact then any pleb with a hard wallet that can lost everything in a fire or an accident.

As a disclaimer, i am not saying cex:es would be better for everyone. I am just saying that some people lose their house keys and important papers all the time. It's not that different with privatekeys

[bittick]

I think that there shall be another point just like people shall rarely or even never participated in the airdrop randomly.

Sometimes scammers were using the airdrop just to attack the wallet that already owned by others. It can be seen from how many airdrop participants who got dusting attack or various attack from the scammers. People shall be carefully to share their address to any project that claimed to hold airdrop for the participants. This gonna be a very important point too.

[Silberman]

How do we keep our cryptocurrency assets? Because I researched various good practices that we can apply as holders. Because it is not enough that we know how to find good coins and which one to buy. But we don't know how to protect it.

In the cryptocurrency case, there are many hacked incidents although when I was just starting, I experienced my laptop being hacked and fortunately, I didn't have much important stuff saved in my file there. Because others can be considered experts here but they still get hacked, how about the people who always start here?

So this will be our guide to protecting our cryptocurrencies. And it applies to long-term and short-term holders.

...

If the purpose of doing all of this is to keep our coins secure then it is key to use Linux over Windows, people think of Linux as a complex OS, and while it can be more difficult to use than Windows it is many times more secure, as the majority of the computers running Windows are running a pirated copy which could be full of viruses, so install Linux in a computer you may not use much and then install your wallets there, this simple step will make it harder for hackers to get to your coins.

[el kaka22]

While I believe that it is good to have alternatives, I think google is doing a good job and I have never heard of anyone who got their 2fa hacked, you can get hacked in any different type of ways, but not with your 2fa being hacked, that doesn't really happen that easily.

However, between mails, passwords, 2fa and so forth, it's really hard to crack into someone, and when you want to withdraw, they need to hack into your email as well as your 2fa at the same time, that is how binance does it. But if you want to make sure, Ledger is the way to go because they really do a good job preventing any hacks, even when your ledger gets stolen, it's near impossible to hack into it.

[adzino]

Those are basic practices and anyone that uses crypto currencies should be aware of those methods to keep their assets safe not only from hackers but themselves. I am saying themselves because people most often lose their coins because they end up losing their private keys and they have no backups! They should know how to properly create a backup and store backups safely.

And one more thing, reputable exchange doesn't mean that your coins are safe from hackers. No matter how much the exchange claim that your coins are safe with them, it is not. Look at the exchange hacks and collapses.

[Cryptoababe]

All the above you mentioned above are good. Although, I know most of them but prefer to use only reputable exchanges because, no matter how careful you are, If the exchange you're using got hacked, thats all. So, I just use the most reputable exchanges like Coinbase, MEXC and Binance. And I always practice all the other steps you mentioned.

[JeromeTash]

If we are going that road then there's no place safe enough for your private key either. If someone really wants your money they might just do some long con clever social engineering.

Why would you be so dumb enough to let someone pull off a social engineering trick in order to access your private keys in the first place?

Thing with exchanges and banks is that they are more resistant and trained to protect their data for any of that kind of attact then any pleb with a hard wallet that can lost everything in a fire or an accident.

Please tell me another joke 

I am just saying that some people lose their house keys and important papers all the time. It's not that different with privatekeys

If you lose the private keys, then that's on you. It's more like losing a bundle of dollar bills. You have no one to blame except your carelessness. But don't ever let a third party lose the money on your behalf.

I have never lost or leaked a single private key and seed phrase since my newbie days in 2017. Should I call it a miracle?

[blockman]

Being educated in what we do is the best asset to have and the best protection that we can have. Because when you're aware on how to avoid all of those unknown links, and surprising emails that you don't know the source of then that means you've been educating yourself on preventing being hacked.
This also covers how to be away from scammers. It's one thing you need to have but you can use it for so many things so, the known quote about one stone hitting two birds.

[Baofeng]

Well said, but if I may add and this is increasing as well, we all think that we should protect ourselves at all cost specially online. But there is this so called:

https://cryptosec.info/wrench-attack/

What is a $5 Wrench Attack?

Basically, if someone finds out that you own a significant amount of coins, they can straight-off physically attack you, or threaten you to hand over your wallet’s private keys, or threaten you to send over the funds to them by using a deadly weapon or a basic tool that can be used for harm like a kitchen knife, a hammer, a screwdriver, or a cheap and rusty $5 wrench.

No matter how secure your funds are in your hardware wallet or on any of your devices, no computer security can save you from this type of attack.

So just be careful who you talk to in public with regards to your crypto assets or how much you have.

Because there are also crypto criminals in the offline world and you don't want to be a victim because it could cost you your lives, just saying.

[Silberman]

Well said, but if I may add and this is increasing as well, we all think that we should protect ourselves at all cost specially online. But there is this so called:

https://cryptosec.info/wrench-attack/

What is a $5 Wrench Attack?

Basically, if someone finds out that you own a significant amount of coins, they can straight-off physically attack you, or threaten you to hand over your wallet’s private keys, or threaten you to send over the funds to them by using a deadly weapon or a basic tool that can be used for harm like a kitchen knife, a hammer, a screwdriver, or a cheap and rusty $5 wrench.

No matter how secure your funds are in your hardware wallet or on any of your devices, no computer security can save you from this type of attack.

So just be careful who you talk to in public with regards to your crypto assets or how much you have.

Because there are also crypto criminals in the offline world and you don't want to be a victim because it could cost you your lives, just saying.

This is important as well, just as there are many misconceptions about this market in general there are also misconceptions about their participants, many of the people I have listened taking about bitcoin think those that are part of this market are either scammers or awfully rich, so if someone outside of your circle of friends found out that you hold bitcoin they may think you have a lot of it and they may try to steal from you while using violent means to obtain your coins, and if you do not have the amount they believe you have you could find yourself in an extremely dangerous situation.

[fuguebtc]

3. Two-Factor Authentication :

But if you want the safest google authenticator you can use "Yubikey"

You can use open source Two-Factor Authentication alternative application than Google Authenticator or Authy. Aegis is a good alternative in my opinion for you.
Aegis Authenticator, a decent alternative to Google Authenticator and Authy.

Link for download Aegis: https://getaegis.app/ on Google Play or FDroid.

Currently, I am using Google Authenticator, and I have also heard about Aegis, but unfortunately, it is only for android OS. I was expecting them to release an iOS version, but so far, there hasn't been one. I would like to ask if you have any recommendations for people using iPhones or Mac.

~snip~
6. Reputable Exchange :

^ In all said above was right except this, I did not agree with this.
There is no reputable exchange that could be trusted to store your crypto assets, all of them will become scams in the end if they wanted to.
So I think there is no way to trust centralized exchange, store your assets in a hardware wallet and you are the one who is responsible for keeping your seed phrase, not a third-party exchange.
Nevertheless, the rest you have mentioned was right and must people learn.

Are you using an exchange? I believe you have no choice. Binance is a reputable exchange, if it weren't, it wouldn't be able to dominate the market today. As long as you don't use them to store assets in the long term, use them to exchange, P2P, or use them for the proper purposes, then they are worth using.

[gunhell16]

~snip~
6. Reputable Exchange :

^ In all said above was right except this, I did not agree with this.
There is no reputable exchange that could be trusted to store your crypto assets, all of them will become scams in the end if they wanted to.
So I think there is no way to trust centralized exchange, store your assets in a hardware wallet and you are the one who is responsible for keeping your seed phrase, not a third-party exchange.
Nevertheless, the rest you have mentioned was right and must people learn.

How did you say that all exchanges will eventually end up with the scam dude? Don't say you don't use exchange here. you don't buy cryptocurrency or bitcoin?

In my understanding, we individual investors, for example, I am one of them, and I believe in bitcoin, of course, I will buy bitcoin in an exchange that I know has been tested and has gone through a lot of tests and in the end, it is still resolved they still maintain the trust of their traders, and this exchange is binance.

Is this the only exchange where no matter how many times a hacker entered their platform, they quickly resolved the issue and did not let their clients lose trust in them? So I can say that this is a reputable exchange for me, and the risk depends on us.

[Wexnident]

#8 is all you need, that's the most generalized answer one can give out, educate yourself about the whats and hows of keeping your pc safe, even spending money to buy a separate one to keep whatever you want to stay permanently hidden could work. Identify how to use sandboxes/VMs in case you ever need to access an external site you're not sure is safe. It'll come a long way, not just in terms of being safe in storing crypto assets.

If we are going that road then there's no place safe enough for your private key either. If someone really wants your money they might just do some long con clever social engineering.

Why would you be so dumb enough to let someone pull off a social engineering trick in order to access your private keys in the first place?

To be fair there are dumb enough people to fall for it, that's just how it is, can't exactly expect everyone to have the same strong mentality to not fall for it. Though I reckon any sane educated person about crypto wouldn't do that, it's like giving the keys to your house lmao.