Hi all, Happy New Year! Another year rolls over and the bear market continues. From a macro standpoint 2023 may be a tough year overall for a lot of people. I’m going to write a quick article on keeping your assets safe in the new year. This may not be all encompassing as new ways to phish and hack someone are constantly coming out. However, if this prevents one person from being drained I’ll be happy.
Guide on avoiding being hacked or phished for your crypto / NFTS
- Use a hardware wallet: A hardware wallet is a physical device that stores your private keys offline and signs transactions when you connect it to a computer. This makes it much harder for hackers to steal your private keys, as they would need to physically steal the hardware wallet in order to do so.
- A few examples of hardware wallets are Trezor or Ledger. Each have their pros and cons and come with different models. Some models have greater support for certain tokens, some have less.
- Other items to consider when buying a hardware wallet is to buy straight from the vendor. Do not buy it from 3rd party websites as they may be tampered with. Always double check to ensure that your wallet is not tampered with at all.
- Also, make sure you don’t store your seedphrase online in plain text. Big no no!
- Enable two-factor authentication: Two-factor authentication (2FA) adds an extra layer of security to your account by requiring you to enter a code that is sent to your phone or email in addition to your password. This makes it much harder for hackers to gain access to your account, even if they manage to guess your password.
- A quick tip on 2FA. Ensure you have app authentication rather than SMS. SMS is prone to being sim swapped and you can lose your assets that way. Sim swapping generally happens when a thief / hacker knows a bit about you and contacts your mobile carrier. They could say things such as “i lost my sim, my sim doesn’t work etc”
- For an in depth guide on sim swapping check out Mozilla explains Sim Swapping
- Use strong and unique passwords: Make sure to use strong and unique passwords for all of your accounts, including your cryptocurrency accounts. Avoid using the same password for multiple accounts, and consider using a password manager to help generate and store strong passwords for you. Strong passwords generally consist of upper case, lower case, numbers and special characters of a certain length.
- Keep your software up to date: Make sure to keep your software (including your operating system and any cryptocurrency-related software) up to date with the latest security patches. This helps to protect you against known vulnerabilities that hackers might try to exploit. An example of this could be an out of date chrome browser
- Be cautious when clicking links: Be careful when clicking on links, especially if you receive them via email or online. Hackers may try to trick you into giving them access to your account by sending you a link that looks legitimate but actually takes you to a fake website. This is notorious in discord where if you do not turn off private messages in public channels you will get bombarded with fake phishing attempts that want to drain your wallet. Always be careful as the messages declare some sort of urgency always with a link that looks very close to the original
- Avoid public WiFi: Avoid conducting sensitive transactions (such as logging into your cryptocurrency accounts or making trades) while connected to public WiFi. These networks are often unsecured and can be easily monitored by hackers.
- Enable recovery options: Enable recovery options such as phone number or email recovery in case you lose access to your account. This will allow you to regain access to your account if you lose your password or if your account is compromised.
- Be aware of social social engineering. Social engineering is when the attacker manipulates someone into letting their guard down or giving information they normally wouldn’t. This is very common on discord / crypto twitter. If it’s too good to be true, avoid it!
- If you still want to mint something and you’re unsure about it. Use a burner wallet. A burner wallet is easily created via metamask or your favourite wallet. Don’t have anything in the wallet and don’t give any permissions more than necessary. Don’t keep using it at all afterwards.
I hope these security tips help someone in the future. It’s always good to refresh each year as the need for higher security is going to get higher and higher as we onboard more individuals into web3 / crypto.
A while back I spoke about what is MTTR and MTTD and why they matter in software delivery or at an organization. Today I’ll go in a bit more in depth and talk about how to reduce incident resolution time at your company. First, I’ll go into some general basics but this article assumes you…
Welcome back! Here with another article today and to discuss some of the problems with isolated team level kanban and why you should aim to go as high as possible in the organization. I’ll discuss some of my experiences and go into the downsides of isolated team level kanban vs the organization level. This article…
Have you ever worked somewhere where they deployed once a quarter? I have. It sucks and it’s super risky. On the other hand, I’ve been at places where we push to production over 1000+ times a week. “But we have 75 people on the call and they’re all paying attention”. Yeah, OK. I’ve been on…