10 Baddest steps to protect your hardware wallets & Bitcoin online. How will you act with the story you are about to see?
Trezor One: You should never enter your recovery seed on a computer, along with the order number. The order is always given to you by your Trezor device. Never by the computer.
Trezor Model T: You should never enter your recovery seed anywhere but on your Trezor device. Under no circumstances should you enter your seed on a computer.
“Your Trade Has Been Suspended For Suspicious Trade And You Might Loose Bitcoins In Ongoing Trade..Follow This URL Below To Re Login And Verify Your Account
This is the message
After you login you will get it” (no editing-same format, same English & construction) – the phishing message I got.
Now, how do you identify them, and ultimately beat them hands down? I will show you in a bit.
It is one thing for you to inherit a property from your parent, and another if nobody comes out to claim it or fight you for it. Same with Cryptocurrency.
Even with the bubbling nature as supposed, a lot of people are out to outsmart others that are vulnerable in order to cause more pains than they can bear. A rather pathetic event.
But the good news, these events won’t happen to I-will-teach-u-crypto members.
They are equipped with all crypto security vulnerabilities backed with the concept of the Blockchain technology. I guess you have heard of the top Blockchain security tools for personal identification traction, right? Well, don’t worry about those for now (you will see as we progress.)
Why They Won’t Suffer Breaches
To start from, I have shown them how to create an Only Crypto-Email account with two-factor authentication set up. I have also shown how to set up two factor authenticating on over 500 top crypto exchanges in the world (tutorial), how to create a Brute force private keys, the underlying Bitcoin security problems they need to know, and more.
Coming back to us.
I know that crypto men are with double minds, so, it is essential you take the steps beforehand.
While I learned it the hard way. I have been phished. I have been scammed on a crypto exchange while trying to compile a tutorial for my readers, and I have tested what it means to be scammed out of beforehand crypto-mining promises, I have missed out because of copying the wrong bitcoin wallet address, and more – even losing my wallet private keys.
So, everything you are about to read now is all about my experiences & others (true life events), so, they are not a fairy tale or whatsoever. All you need to avoid them is take the action which I never knew beforehand.
WHY YOU SHOULD TAKE CRYPTOCURRENCY SECURITY SERIOUSLY
We know what happened to Mt.Gox and Coincheck, right, the two biggest thefts in history? Combined, $1.3 Billion+ was lost.
While we may blame the hackers for a bad act, the truth is that the exchanges have a lot to do. Have you wondered why some exchanges like Coinbase, Cex, Coinmama, and Binance lately (just to mention a few) do not take security for granted?
While Coinbase is valued at $1Billion+. One thing they have not told us is the hundreds of dollars sunk into security. Could you imagine Binance promising a $250,000 for anybody that could trace the last security breach source code they suffered?
While it is for sure that these and more will happen, it is a great opportunity for us to do our part in order to stay safe. You might say no way. I won’t happen to me.
The truth? It might not happen to you only if you had already taken the actions we shall be addressing in some minutes from now.
Hitherto, to start with. See a life story of an attack.
HOW CODY BROWN WAS HACKED $8,000 IN 15 MINUTES
A hacking experience – in & out of his Gmail & Crypto exchange accounts.
Before we begin, it’s worth mentioning that yes, yesssssssssssssssssssss, I did not have enough protection around my Gmail account. I’ve used Google Authenticator before, for my personal account and for various work emails, but I stopped using it at a certain point out of convenience. I deeply regret doing so – the victim.
11:41 PM — His G-mail account was signed out.
11:42 PM— His Coinbase account password was reset.
11:34 PM—Coinbase New Device Confirmation was processed.
11:44 PM—1.18 BTC sent
11:45 PM—70.96 LTC sent
11:46 PM—16.03 ETH sent
Let’s do the mathematics. In 15 minutes $8,000 cryptocurrencies were gone out of his crypto exchange accounts.
Now, pay close attention here.
Possible questions you might what to ask.
Was The Fault From The Crypto Exchange?
The answer – NO!
The fault wasn’t from Coinbase because the attacker had access to his email account, wherefore he was able to process – Coinbase New Device Confirmation from the victim’s account. Which means it all started with his email account.
The Ultimate Cause
He never activated a two-factor authentication on his Email Account.
The solution and recommendation. He said, use a separate email account for cryptocurrency transactions only. Activate two factor authentication (a MUST), don’t boast of having cryptos and investments on social media.
While it took 15 minutes for him to be attacked, it took just about 8 minutes to lose the last Bitcoin I bought to HODL when I was phished and scammed.
At this point we don’t need to ask further questions. We need to take positive and actionable steps to avoid same vulnerability.
Unless huge changes happen, so many others are likely to get robbed and the reputation of cryptocurrencies, in general, will degrade. The only thing that’s really around to protect these newcomers is the cryptocurrency community itself.
Please let my ample misery be a raw warning sign. Inform your friends. Don’t trust Coinbase defaults. Don’t think it won’t happen to you. Stop reading this and secure your coins right now – Cody Brown.
Coinbase default: using the exchange without 2FA.
Here we go.
10 WAYS TO PROTECT YOUR CRYPTOCURRENCY WALLETS & BITCOIN ONLINE
5TH STEP: OUTSMART CRYPTOCURRENCY ATTACKS
If You Insist On Leaving Your Money On A Crypto Exchange 😕
If you insist on leaving your money on certain crypto exchanges, then store it in their “vault” – if they have one.
This will give you a buffer of a couple days before any of your stuff can be touched, at least it won’t be gone immediately.
Wait a minute.
At what amount should you really use a vault? Different answers I guess. But I think, use it at an amount such that if stolen you will be at a pain point.
This is what I mean. As it stands. If I lose $5,000 in Bitcoin, it will be a pain point. So, I will smartly use a vault option as provided by selected crypto exchanges. But heck, I won’t use a vault. I will go for a hardware wallet.
The Security Economics Involved
I have $5,000, and I am not a regular trader but I leave my $5,000 on an exchange?
If there is a breach.
The cost = $5,000 lost, excluding break down, therapy for mental healing, and more. (Years of working for it tirelessly).
Balance = $500 (compensation. A little bit more if the crypto exchange was insured like Coinbase)
The Result = negligence with effects.
I have $5,000, and, if I buy my personal Bitcoin wallet – less than $200
The cost = $200
Balance = $4,800.
The Result = maximum security.
Top 3 Hardware Wallets
Trezor 1 or Trezor T – less than $200
Ledger Nano S – less than $100
Digital Bitbox – less than $100
6TH STEP. ACTIVATE BITGO ON YOUR WALLETS
I don’t recommend mobile wallet, but if you find solace with it do well to activate Bitgo.
Sure, cold wallet – hardware wallet are the surest ways to save our cryptocurrencies. Yet, have got a news for you. Don’t fail to integrate BITGO on your hardware wallets.
Bitgo hasn’t failed yet. And if you don’t know, using Bitgo on your wallet is just like activating two-factor authentication on you crypto exchange account.
How Bitgo Works
BitGo instant wallets consist of 3 keys: one held by BitGo, one held by the user, and one held on behalf of the user by a third-party Key Recovery Service (KRS). Two signatures are required on every transaction on a BitGo wallet, and in the usual case this would be done by BitGo and by the user. BitGo, of course, will never co-sign a transaction which is a double spend.
That leaves only the possibility of the user and the KRS conspiring to double spend. To prevent this, BitGo has contracts in place with any KRS it uses which requires the KRS to give BitGo advance notification of any signature it makes.
How Are Bitgo Instant Transactions Priced?
Fees for BitGo Instant are designed to be transparent, simple, and low. Instant is free for transactions under 1 BTC and 0.25% for transactions above 1 BTC.
How To Go About It?
If hardware wallets. With any of the three above, activating it is easy. The good thing is that Bitgo comes automatically with your wallet package. So, all you have to do is click activate in few steps.
7TH STEP: OUTSMART PHISHERS
When I was phished, I was forewarned about such but I never knew what it really meant. This is it. If you get a suspicious link from an email or SMS. Don’t open the link. But if you are curious to know more, see below.
Don’t open the link with your frequently used browser. Use another Browser. From there, you will not be tempted to get excited by entering your account details.
This is what I mean…
If you are using Chrome as your default browser, if you get a suspicious link – possibly a phishing link, use another Browser like Mozilla, Safari to open it. When you open, you will be alert to see clearly if it is a fake website or cloned from the original.
You Will Be Phished!
I can say that you will repeat my mistake because excitement will make that possible. But, if you follow the tips, you will be safe. 😯
HOW TO SPOT A PHISHING LINK
Luno is a crypto exchnage. So, I will be using them as a case study. Any place you see Luno, replace it with your likable crypto Exchange.
• By Website URLs
Phishing websites are set up to look like Luno’s website, but everything entered there (like your username and password) gets recorded and can give scammers access to your actual Luno account.
Well, they all differ. But yet, I will try my best to figure out one. Hang on while I look for it.
This is an example. http://3wallets.com
The links are always without certifications. That is to say. A certified link looks like this – https://3wallets.com. But a phishing link will be like http://3wallets.com – without a security layer denoted as S.
What is the difference?
One is safe and the other is not.
https://3wallets.com – SAFE (with a SSL)
https://3wallets.com – NOT SAFE (Without SSL)
SSL means Secure Sockets Layer. That is, it gives a second layer of protection to users. So, an SSL certificate is a certified & secure website.
What is in store for you?
Never enter your personal data in a non-SSL website like http://3wallets.com – there is no S.
Look out for this on Paxful crypto exchange in case you see it.
http://bit.do/paxfulverfication – that is Phishing link – avoid such!
• Advertising Phishing
Over time and currently, we have seen many phishing routes in advertising phishing especially Google AdWords phishing scams.
When you do a search for “Luno” on Google, someone might be running an advert that looks like they’re taking you to the legitimate Luno website (or any other exchange site) but instead takes you to a lookalike phishing site, where your information and account can be compromised.
Now, this post would have been a little fairy tale had it been same thing didn’t happen just 3 days ago on Trezor wallet site (1 July 2018). The good news is that we always know these types of websites as they CAN’T really be like the main site.
It is either there is no SSL, or poor English construction, or the big catch? Asking customers to take action the REAL Company won’t. An example is when the phisher of Trezor site asked users to enter their Recovery seed. That is absolutely a RED FLAG as the company will never ask you of such.
As bitter as it tastes, the big question is, how does a beginner know this? That is big concerned.
For such to be avoided, this is what you have to do.
You may want to avoid secondary sites that appear when you make a search on Google. I mean the paid ads sites. Some of them can take you to these malicious places. See below.
Being me here.
Again, some of these advertisers or call them ads owners have nothing to do with such scammy acts. The big question still remains, as a beginner, how do you know that? I mean, we can’t read people’s mind.
In order to avoid it (clicking with sympathy), only use links from websites (not just here) that link up a product directly. Such will take you to the real website, else, avoid the Google, Bing and other search engine-like paid adverts.
• Email Phishing
This is not common though but let’s see.
With email phishing, you may receive an email that appears to be from Luno (your crypto exchange), but in fact, comes from a scammer. Such emails may ask you to click on a link wherefore, when entered may lead you to a fraudulent website.
The truth is, if you haven’t applied on a website to change your password, any email you receive requesting that you click to change your username or verification of accounts, Please ignore.
How to Spot such Emails?
The email may have a prefix that is not from the company. By prefix, I mean, the first pseudo name. Check the email above for more clarification. So, when this happens, avoid clicking on them.
How To Click Phishing Links 😕
And if you must click– IF YOU MUST. Use a different browser from your primary. From there, you will see what comes up on the screen- without redirecting automatically to your main online account.
• Telephone, SMS Or Social Messaging Phishing
With phone phishing someone may call you or send you a text message, claiming to be from Luno, to get you to give up your account password or other information.
If this happens, report the person by tracking his phone number to the FBI if you have the energy.
But all in all, avoid such calls and text messages.
THE PHISHING MESSAGE I GOT & HOW TO BEAT SUCH
“Your Trade Has Been Suspended For Suspicious Trade And You Might Loose Bitcoins In Ongoing Trade..Follow This URL Below To Re Login And Verify Your Account.
This is the message
After you login you will get it”.
Now, that is the exact phishing message I got.
How do you identify them?
1. Poor English construction
2. Suspicious requests
3. Poor design of site
4. No SSL on websites.
Again, away from the identification. Like me, I am curious. Which part of the world can we align this to? A story for another day.
CRYPTO PHISHING SUMMARY
The Warning signs to look out for.
• Check the website URL
Often the URL of a phishing site appears to be correct but contains a misspelling of the company name or has a character/symbol before or after it.
So, look for subtle differences such as the substitution of the number “1” for the letter “l”. For example, www.1uno.com instead of www.luno.com. Loca1Bitcoins instead of LocalBitcoins.com. These and more examples.
• Ignore some Google ads
Before clicking on a Google ad, make sure the company name in the URL under the heading of the ad is correct.
• Beware Of Pop-Ups
If you go to a website that immediately displays a pop-up window asking you to enter your login details (and if this behavior is out of the ordinary), it’s likely that it is a phishing site.
You may be on a genuine website but the scammers may have used a pop-up to get your personal information.
• Be Sensitive
Some ways used to indicate a safe site can’t always be trusted and it’s important to be aware of them. For example, an icon of a locked padlock to the left of the URL is not necessarily a reliable sign of a genuine website.
Be wary of being asked to share details that the site doesn’t normally ask you for.
• English Construction
Scan the content of the website. Often, the website content may contain typos and grammatical mistakes.
• Outsmart Using a Fake Account
If you’re suspicious, enter a fake password. If it works and you appear to be signed in, it is likely you’re on a phishing site.
• Use Ad Blocking & Anti phishing extensions/plugins
Use a browser or extension with anti-phishing detection that is able to help you detect phishing sites.
HOW TO REPORT PHISHING ATTACKS
Have you been phished, or do you have time to report to the appropriate authorities? If, yes, then check it out below.
Go to the below site and enter the site URL of the scam site, fill the captchas and submit – ➡ https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
Again, if it were a Google ads phishing, see how to go about it below.
2. Select “An ad violates other AdWords policies”
3. Select “Phishing”
4. Go to the advert, right click and copy link location then paste it in the form
5. Give the end-destination of the advert (e.g. http://1uno.com)
6. Add extra information, if relevant and submit
A lasting Solution…
A lasting solution to all these phishing by REPULSION is going the way of the Blockchain. See the innovations that can save you below.
8TH STEP: SECURITY TIPS FOR HARDWARE WALLETS
• Avoid Entering Your Recover Seed On A Computer – Trezor as a case study
As was seen in the latest Trezor phishing attack. Please, try not to enter your recovery seed on a computer, along with the order number.
On your Trezor 1 wallet, there will be no need for that as the order is always given to you by your Trezor device.
On a Crypto Wallet Like Trezor Model T: You should never enter your recovery seed anywhere but on your Trezor device. Under no circumstances should you enter your seed on a computer.
Avoid this and you will be fine.
• Ignore A Request For Your Recovery Seed
Who on earth will require your recovery seed? Not me, and I know your wallet company cannot. Even though they do, DO NOT GIVE IT TO THEM!
As it stands, your recovery seed is supposed to be asked ONLY by the wallet device – that is when to enter it, else, secure it very well because an access to it means that your wallet and funds can be compromised.
Apart from the hardware wallet, even on your online exchange wallets, do not give out your Recovery Seed to anyone.
Verify All Operations Using Your Wallet Device
With a growing number of attacks, it is recommended you always verify all operations on your Trezor device. That is to say, you should only trust the device display and what is written on it.”
9TH STEP: GET INSIGHTS FROM OTHER CRYPTO COMMUNITIES
Now, this is simple. You can join up with other crypto communities to get properly fixed on other security insights. Don’t worry, I did the dirty work. So, I came up with over 150+ crypto communities. See below and join ASAP.
10TH STEP: BEAT NEGLIGENCE 🙁
The way to take all these down is actually doing them. I know it is weird that it may be a step, yet, that is it.
Come on, condition yourself and apply all these wallet and crypto exchange security steps learned today.
LAYING IT DOWN
If you get excited, you may be harmed. And if you neglect the steps, you may be hacked. In all these processes, do not lose your cryptos for just a mere procrastination of pressing two buttons.
As a matter of fact, talking about pressing two buttons. If you want to press two buttons and buy either Leger or Trezor 1 & T bitcoin wallets, I have done that already for you.
I will show you how to press buy buttons, track the wallet from the warehouse till delivery, and ultimately get the attention of the company should you have a challenge such as your country’s Custom Agents tempering with it based on search.
You have seen how Cody and I learned the lessons the hard way. Now, do not make it harder on yourself. I don’t want you to deeply regret doing the little hacks here wherefore can save you.
Please, learn from it. It does not take much to open a new crypto email account, activate 2fa, activate 2fa on your crypto accounts, create hacker private keys, buy a bitcoin wallet if need be and activating Bitgo.
All these are simple enough to safeguard you.
Like never before, my purpose doing this is not just to show you crypto data and Blockchain analytics, it is also to guide new crypto beginners against vulnerabilities. In case you don’t fully know.
I deleted all my posts & articles even after ranking on Google first page to start a deep writing guides for beginners in order to avoid being a victim of crypto attacks after losing my last Bitcoin while on a journey to create a post about using a particular crypto exchange. Learn more here.
Now, I know you will like to comment below about these steps. Great. But after that, go on to do all the recommended actionable steps as specified.
Wait a minute, have you noticed something? The steps/recommendations are all actionable. I mean, I am not just giving you knowledge – what to do. No! But wisdom –how to do it.
Please, do it now, else, when the motivational oil is dried, you may realize vulnerability, and my time doing this would have meant nothing.
Great, you have seen the crypto wallet security & management–part 1: 10 definitive steps to protect your hardware wallets & Bitcoin online, the question now is, what great limitations do you foresee if you don’t take the required actions.
Again, have you ever been hacked, phished or attacked in some way? Let’s know below.
Did this article make sense to you? Please Share the post.