21 Ways To Get Hacked in Crypto
I’m sure you’ve seen people saying “That’s how you get hacked!” or “Do ____ so you won’t get hacked.” The list of ways to get hacked in crypto is endless but there are some not-so-common sense measures to prevent getting hacked in crypto.
Let's (not) Get Hacked:
- Not Turning On Two Factor Authentication (2FA)
- Using SMS based 2FA
- Publicly Disclosing Portfolio Value
- Publicly Disclosing Email
- Using an Email Multiple Places
- Using a Password Multiple Places
- Clicking Links in Your Email
- Clicking Links in Slack
- Clicking Google Ad Links
- Clicking Links in Chat Groups
- Showing Private Keys
- Using a Public Network
- Using a Compromised Network
- Using a Compromised Device
- Using a Web Wallet
- Using a Simple Password
- Not Whitelisting IP’s
- Allowing Physical Access to Wallets
- Allowing Physical Access to Devices
- Replying to “Customer Service” Emails
- Keeping Crypto on Exchange
Two- Factor Authentication Explained
Two Factor Authentication (2FA) confirms you are the user you say you are, twice. The first confirmation is your password. The second is through a code sent to somewhere secure. Some variations of 2FA use an app, SMS, or your email. These methods aren’t created equally. I recommend using Google Authenticator, or next best, Authy for 2FA. SMS is vulnerable because can be compromised through various service providers. If your email address is compromised then having a confirmation sent there is no security at all. I recommend securing your email with 2FA as well.
Publicly Disclosing… Anything
Its great to be a vocal cryptocurrency enthusiast. It isn’t great to make yourself a target by disclosing the value of your portfolio. If I were a hacker I’d much rather target someone with a large balance than a few spare satoshis.
Email Security
Don’t click on anything unless you know what it is for. Specifically. Don’t disclose an email you use for crypto logins. Don’t use your regular email for crypto logins. Don’t use your exchange emails on ico lists or forums or anywhere else. Use a different, complex password for every account. Enable 2FA on anything that offers it.
Passwords
The best passwords are sentence length with letters, numbers, and special characters. Even better if it looks like a private key because it’s that complex. Don’t use the same password in two or more places. Change passwords regularly and don’t share them with anyone.
Links, Links, and More Links
Don’t click on links that are sent to you. Don’t click on links in Slack, your email, Google Search, or anywhere else. Find the legitimate site, bookmark it, and never leave it to chance again. Don’t click links. Just don’t. MyEtherWallet does not need you to click that link, I promise. Neither does the ICO, the exchange, or any other company.
Playing Loosey Goosey with Private Keys
Accidentally exposing private keys is the easiest way to get hacked. Some have done it on video, others in pictures. If doing a how to, talking about crypto on video, use a dummy account made specifically for that purpose and use wallets created for the same purpose. Keep your real info away from anything that can record.
Networks and Devices
If you use a device or network that is public or compromised, then you’re putting your information at risk. Keep your device and any devices on your networks secure, scanned regularly, and free from risky behavior. A good bit of advice I saw in a crypto Facebook group once, “Keep your porn and crypto separate”. There are many ways to accomplish this security, different programs, different strategies, operating systems, devices, and more. More than I can cover in this post, so look out for a post from me on device and network security soon. The basics are to keep your device and any devices on your secured network malware/virus free and to keep access to your device and network limited. Many ISP’s also offer the ability to set up an unsecured guest network, so you don’t give out your Wi-Fi password or allow access to your phone, tablet, smart watch, or computer. Every device on your network is an entry point, baby monitors, and smart appliances included.
Cold Storage
Cold Storage is an offline storage method. There are a few ways to accomplish cold storage. Paper wallets, hardware wallets, a device without internet connection, encrypted flash drives… The two most popular are paper wallets and hardware wallets both of which can be vulnerable if physically accessed. Restrict physical access to anything that can access your wallets, emails, or exchange accounts.
Unsolicited “Customer Service”
Crypto companies have TERRIBLE customer service. They are likely never going to contact you without you harassing them. Don’t reply to unsolicited customer service. “Urgent security issue”? “Password Update required?” Close the email without clicking anything or replying. Go to your bookmarked exchange link and change your email ASAP. Consider moving balances to cold storage while you get new information set up. If really in need of customer service, follow the steps on the website, but expect to harass them with your request number on social media, complete with shaming.
Exchanges in Crypto are a Weak Point
Exchange level hacks and exchange exit scams are enough of a risk that it is recommended to keep your crypto offline unless you’re actively trading. The best options in order are: cold storage, device wallet, web wallet, exchange wallet. In crypto, whomever has the private keys has the crypto. You don’t have the private keys on an exchange, so you don’t really have your crypto.
Summary
In crypto, you are your own bank. There are many ways to get hacked in crypto, but it’s fairly straightforward to keep your crypto safe. The basics are covered here, but I will be following up with some more detailed security focused posts in the near future. Keep your keys safe and your crypto in places you control and have secured.
Full UV and resteemed.
Thank you Frank :)
3 ways to lose your money:
#1 be stupid
#2 Don't be smart
#3 Follow all the rules above
Hard wallets save many of these headaches. Resteemed @Ashr!
Yes they do, I will be talking more about hardware wallets soon. Thanks Randy :)
Been looking for something like this since may. Resteemed. Thanks.
I'm glad you found it valuable! Thanks for the kind words and the resteem :)
Very nice and informative article, I like.
Information security needs to be taken very seriously nowadays
You could add to your list not using an antivirus/malware softwarw or not keeping it up to date if using it can also be a good way to get hacked
I feel that falls under compromised device and touched on it in the writeup on devices and network. I'll be covering these topics more indepth, I'm glad you like it!
Very useful information,
Thank you @ashr
Follow me
@oodeyaa
I'm glad you enjoyed it, thank you!
I think Google Authenticator is going to replace Authy for 2FA. There are also ways to split up wallet balances, never reusing the same public address, etc. Use of a hardware wallet will take care of most of this.
I kinda wonder about Steemit showing balances publicly. If the platform becomes the next FB, it could draw lots of hackers (as if that isn't already a problem). Fortunately power downs over 104 weeks and remaining powered up should help.
Yes, that's why I referenced both. They both have their strengths :)
I don't mind Steemit showing balances publicly. It's actually nice for people to know that I'm not raking in millions from writing posts to help.
A hardware wallet can be a huge help.
I intend to delve into all of these topics further, but figured a basic overview would be most beneficial as a starting point :)
Thank you for an informative, well written post. I am a newbie to crypto , this is good advice IMO.
I'm glad you found it valuable, Mike. I help admin a beginner crypto group on Facebook and try to help the 40k newbs in there with my writing. A safer cryptosphere benefits all of us!
buy a digitalbitbox and be happy
I was looking at the digitalbitbox but I haven't gotten my hands on one yet. :) maybe I'll get one and do an unboxing ;)
perfect these guys have good prices https://www.cryptohwwallet.com/digitalbitbox.html
Yes, I've bought from them before :)
thank you for your advices, following for more.
I'm glad you found it valuable and hope you enjoy my upcoming posts also :)