Wallet Security

I see from the discussions on Ian’s hack experience that there are a lot of security questions. While I am not an IT expert, I’ve been around the block enough in life as well as computers, crypto, and technology to maybe offer some guidance to newbies. Here are some ideas that can be used individually or in tandem to protect your crypto’s.

First it is incredibly important to manage your passwords thru a management system such as Last Pass. Last Pass allows me to generate very complex passwords for each and every app that requires credentials. It allows me to cut and paste passwords as opposed to manually typing them in, which bypasses malware key logger programs. So there’s only one password you ever need to remember. It doesn’t have to be a complex string of characters. Length is important. Use a saying… “Fourscore and twenty years ago”…”I only regret that I have but one life to give”. Then write it down and put it in a secure place. Last Pass settings allow an auto log out after some period of inactivity as well as an auto log out when you close your browser. This is a feature that is critical as a friend of mine learned. She hired an online computer tech support outfit from India. They had her install Team Viewer on her machine so they could “help” her. She did not have Last Pass configured to auto log out so when they logged on to her PC without her knowledge, Last Pass was open and they cleaned out every wallet on her PC. She lost 16,000 dollars that night.

As a follow up to key loggers, there is malware that can edit your clip board history. This means you can copy a wallet address and before you get to paste it, they can edit the address to theirs, and you paste the bogus address in without knowing. Always, always, ALWAYS, check the first and last 4 or so digits EVERY time you paste an address. Accidents can even happen. I once had 6,000 dollars in Crypto I did not buy show up in my Binance wallet. I told them, but there was nothing they could do. My gain…someone’s pain. Don’t let that be you.

The issues with crypto theft generally revolves around malware thru your active site visitations and clicking on malignant email links. Email is getting to be the worst. Don’t open a link just because it looks like it came from a friend. Does it look funny? Are there spelling errors? Is it out of the norm for this person? When in doubt, email them and ask them if they sent it. I’ve gotten everything from invoices from clients that I would not expect one from to emails from people in companies that I worked with but have not ever spoken to or worked with them specifically. Further probing in both instances showed hacked email accounts.

Depending on the number of coins that you have and wallet availabilities, you could consider either a cheap cell phone (with internet only and no phone service), or a cheap laptop to store your wallets or BOTH! These would be used ONLY for crypto. No email, no surfing, no nothing other than your crypto. I helped the friend above migrate everything to a wallet app or a browser based app on a Samsung Galaxy S7 that cost her 250 bucks refurbished. There’s no SIM card and no phone service. When she’s done, the phone is turned off and goes in her safe.

Over the years, I’ve followed Teeka Tiwari and I’ve put small amounts of money into A LOT of different coins while my primary savings go into only BTC, ETH, LINK, and a couple others. Its almost embarrassing to mention the number of coins Im managing but from a HODL perspective, no one knows what will be the big winner in 5, 10, or even 20 years, so rightly or wrongly, so I’ve done a lot of seeding, and do a lot of staking and I have my first Theta Guardian Node. I’ve thought a lot about security and the hardware wallets are simply too limiting for what I do. What a Ledger will or wont hold, what a Keep Key will or wont hold, etc. For me, I use a multi system approach. I’ve worked from home for a number of years now but I access my company server thru a VPN (Virtual Private Network) and I make it so no one computer holds all the information to do anything. The wallets are kept on my office server, while the keys to the wallets reside on my computer at home. There are also wallets on my cell phone. For anyone to steal anything, they would have to hack my home pc, hack my Last Pass password manager, hack my phone (for the Google Authenticator) and then hack the VPN connection to the office all at the same time. Good luck with that.

I’m sure there are other ways but hopefully this is good primer for you.

1 Like

Thanks for the insights. Definitely extremely important to keep your crypto in a safe place. I do not use Last Pass, but I know people who do and they speak very highly of it’s usability and security features.

From my lips to gods ears. I just received this from Ledger. I bought one but ultimately do not use it as its a pain in the ass, loading and offloading holdings so you can see them, etc. They have been breached. Personal info has been breached. Your assets are at risk. YOUR LEDGER IS NOT DECENTRALIZED PEOPLE. WAKE UP!!!

Dear client,

We’re sorry to inform you that Ledger has fallen victim to a cyber attack and that confidential data belonging to approximately 81,000 customers has been illegally obtained by an unauthorized third party.

You’re receiving this e-mail because the Ledger wallet associated with your e-mail address ( **) has been found within those affected by the breach.

To be more specific, on 11th of November 2020, members of our forensics team have detected malicious software installed on one of the Ledger Live’s administrative servers.

Despite our relentless efforts, as of today, it’s technically impossible to make an accurate assessment of the severity of this data breach. Due to these circumstances, we must assume that your funds could be at immediate risk of theft .

If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Ledger Live and follow the instructions to set up a new PIN for your wallet.

Sincerely,
Ledger

That’s a scam mail

I don’t recall giving ledger any person info when setting up my ledger,

Yep. I should have looked harder. Shame on me.

We all in this together :slight_smile: