Deception, fraud, extortion, and hacking are only a small part of the arsenal of tricks used for stealing cryptocurrencies. Based on the book Pro-Tips for Ethereum Wallet Management by Nick Dodson, the founder of BoardRoom (now GovernX), we have prepared several recommendations to help protect your coins.
In the Swiss town of Attinghausen, in a former military bunker at a depth of 300 meters, there is a "cold room" lined with steel plates. This super secure room contains the hardware bearing the secret keys of large crypto owners who want peace of mind and wish to keep their cryptos from being stolen. Should the rest be as serious about storing their coins?
Nick Dodson believes that storing cryptocurrency in a bunker is paranoia and that the protection of one’s self from fraud and theft can be accomplished by simpler, but no less effective methods.
Many people, according to Dodson, can be attributed to the Snowden class. These are the people who cover the screen with a blanket, tape up web cameras, and so on. Therefore, the author of the book calls for stemming fears and not taking radical and unusual measures for the sake of security but simply following the advice that will be described below.
Warning: these tips raise fears that the described tools and security measures will be used by scammers for unscrupulous purposes. Therefore, "remain vigilant, and you will succeed," says Dodson.
To secure your cryptocurrency, you need:
1. Know where the fraudulent attack is coming from
When carrying out any operations, watch out for the "man in the middle." This is someone who is trying to get between you and your destination. To get your data, they use spoof sites and malicious portals. Make sure that you carefully check all URLs and use only the exact link that you need. Better yet, add the sites you visit to your bookmarks. Do not forget to check the software version. In addition, buy a hardware wallet directly from the manufacturer.
Even if your URLs are correct, then how do you know that someone did not hack your Wi-Fi, did not forge the DNS, or did not redirect you to other IP addresses? Count all your actions two steps ahead. Safe operations are like chess, as you have to always assume that your opponent is smarter than you.
2. Create strong and complex passwords
Private keys should not contain dates of birth, home addresses, lyrics, or the maiden name of your mother. Password crackers can generate more than 350 billion requests per second, so use the generator to create a passphrase or buy a hardware wallet that will create powerful keys and signatures specifically per your request. And do not forget that several passwords are better than one. Use two-factor authentication for everything like emails, exchangers, and exchanges. Yes, a constant countdown can be annoying, but you will agree that a dual application based password is much safer than an SMS.
3. Use cold storage
To do this, you do not need to go to Switzerland and buy a place in a military bunker for storing cryptocurrencies. It is quite enough just to keep most of the coins from your crypto portfolio on hardware (cold) wallets. Online wallets must contain the amount that you will not have trouble parting with in case of theft. To protect these wallets, you can build a computer with an air filter, removing the network card from a PC or laptop, and using the Tails operating system, which you can run offline. A tip for the paranoid ones, cover the microphone and the camera of your laptop and remove all electronic devices from the room.
4. Check everything
Before you start working on the selected network, perform small transactions or practice with a small amount of funds in test mode. Never enter addresses manually (over 12,000 Ethereum coins are permanently lost due to typos), use the all too familiar "copy and paste" techniques. In doing so, always check the result with the source. For simplicity, use the Ethereum name service or scan QR codes. Do not forget to make sure that your application is safe to scan (see rule 1: Know where the fraudulent attack is coming from).
Double check the ID of your destination address. Before sending the cryptocurrency to your wallet, make sure the seed phrase is correct. If you are building a computer with an air filter, write down and double check the MD5 checksum before and after loading the data onto the SD card. "For the love of Ethereum, please check everything," Nick Dodson pleads.
5. Save the seed phrase(s) on different devices in different places
A standard Bip39 seed phrase is a set of 24 words from which you can get a private key. Treat this key with extreme caution. If you recorded it on paper, divide the words into two parts and hide them in different places. The SD card is an alternative storage option, but all information on this source can be erased by an electromagnetic pulse.
It is best to use both classical and digital data storage. Carefully write down your storage steps so that you or your heirs can recreate the seed phrase.
6. Maintain plausible deniability
Plausible deniability in the crypto business means the ability to hide certain data. That is, do not share the amount of your currencies and especially do not tell the world through social networks about exchanges or wallets on which you keep all of your crypto coins. And re-read rule 3: Use cold storage.
7. Raising the level of protection is helping the entire crypto ecosystem
Dodson ends his book with a plea that the choice of security for cryptocurrency storage affects not only you but also the entire crypto ecosystem. If you do not use 2FA, and someone gets access to your email, which you accidentally forgot to log out of on a computer of a public library, then the scammer not only steals your coins but also harms the entire crypto industry. Therefore, experiment with hardware wallets. Direct your "inner Snowden" to the verification of all operations performed, and then your currencies will be safe and sound.