Staying up to date with security best practices is vital as a cryptocurrency investor, trader or user. This guide will help you learn how to minimize the risk associated with using cryptocurrency websites, exchanges, and services.
If you are a public figure involved in cryptocurrency, the importance of following proper security practices is even more critical. You should consider yourself an active target for hackers. Many vloggers, bloggers, hedge fund managers and other individuals who have spoken or written publicly about cryptocurrency have had funds stolen, or at the very least, thefts have been attempted. This, however, is not a reason to slack if you’re not a public figure, there are numerous ways bad actors can find crypto holders and choose a mark, it’s not exclusive to those in the spotlight.
The accounts you set up and use for cryptocurrency related matters are a potential security concern. Bad actors can use information found via these accounts to home in on the identity of the person behind them.
For example, let’s imagine you always use the username “crazy_crypto_fiend.” Even if your e-mail address is not visible on a target website, an attacker can search for your username on other sites, which might publicly display their users’ e-mail addresses, and locate yours. Once they have your e-mail from this third party website (perhaps with lower security standards), they can use it as a starting point to get into your accounts on crypto exchanges.
Let’s look at the options for remaining as anonymous as possible when creating accounts on any website or platform:
Noone cares how much you love it, drop it. Start using random usernames for accounts on websites, social media and in particular, crypto-related sites. As mentioned above, your username can be used as an attack vector if it’s plastered all over the internet so make sure you are using unique usernames for every website or service.
This should go without saying. Do not re-use passwords across multiple websites. There are regular database dumps of usernames, e-mails, passwords and personal data made available to hackers, sometimes from prominent sites such as Yahoo. Use a long password which contains numbers, uppercase letters, lower case letters, and punctuation. The length is extremely important, so use passwords that are as long as possible. It would take considerably longer for a hacker to brute force a thirty letter password than a five letter password. Your password manager should have an option to generate and store these passwords for you, more on password managers further down.
Crypto-Specific E-Mail Address
Use an e-mail address specific to your crypto dealings. This way, it is harder for attackers to locate your e-mail address from social accounts, database dumps and through other means. Don’t include your name in your crypto e-mail address, something generic would be much more secure.
Stay Informed to Hacks & Dumps
Knowing when your e-mail, username, password, or personal data has been compromised is useful when trying to keep your online identity secure. Sign up with have i been pwned to receive notifications when your information is contained within a dump. It’s advisable to sign up with your personal e-mail and your crypto-specific e-mail.
2 Password Managers
Wondering how on earth you are going to remember multiple random, long, and unique passwords? Have no fear; password managers are here. A password manager allows you to sign with a single password and then automatically fill passwords on other sites from an encrypted database. You can view some of the available password managers here. The issue here is that you have one single password as a point of failure. If your password manger’s password is compromised, everything is compromised. To further secure your password manager you must set up 2-factor authentication on it.
3 Two-Factor Authentication
The 2FA software runs on a mobile device and can be downloaded from the Google Play Store or the Apple Store depending on your handset. Never download apps from a third-party website. Avoid using SMS as 2FA at all costs. Your telco could unknowingly port your phone number to a hackers SIM which would allow them to take over your accounts. More on this later.
There are pros and cons for each of these 2FA options. Google Authenticator is more secure out of the box, but Authy can be backed up to multiple devices which means you are not locked out of accounts should you lose your primary handset. I’ll explain how to secure Authy so that you have the benefit of multi-device backup, without the security flaws that can be present in some configurations. You will need a backup device to install Authy on too.
- Install the Authy app on your main handset
- Add 2FA to your chosen websites using the Authy app
- In the settings on your main handset, allow multi-device
- Install the Authy app on your backup device
- Check that your accounts have synced across both devices
- In the settings on your main handset, turn off multi-device
- Setup a PIN number for the Authy app on both devices
Now both devices will sync, but further devices cannot be added to sync. This means that if an attacker was to compromise your mobile number, (it happens much more than you might think) they will not be able to add Authy to their device and sync your accounts.
If you choose to use Google Authenticator, you will be required to print and store backup codes for each website you decide to add.
Secure Your Accounts
Now that you have 2FA setup, you need secure your accounts. It’s best practice to secure everything that allows it. Most decent websites support 2FA these days, so get it enabled. Here’s a list to get you started, securing all of the below is extremely IMPORTANT:
- Add 2FA to your password manager
- Add 2FA to your Google account(s)
- Add 2FA to your e-mail accounts
- Add 2FA to your crypto exchange accounts
- Add 2FA everywhere else you can
4 Mobile Phones
Your mobile phone is a weakness in your security armor. Hackers regularly trick telcos into porting their victims’ numbers to their SIM cards by simply calling up, and playing it dumb. They could have also obtained personal details about you from a dump, hack, social network or some other means which will give them extra sway with your telco when they’re trying to pass themselves off as you. This is the main reason it is a bad idea to use SMS as a 2FA option.
There are some steps you can take to secure your mobile account, but sometimes these options may not be available, it depends on your telco. It’s advisable to do as many of the below as possible to secure your account:
- Set up an account PIN number
- Ensure this PIN number must be used to talk to a representative or make any changes at all on your account
- Memorize your PIN
- Ask your telco what would happen if you forget your PIN and ensure it is secure
- Use a telco specific e-mail address for your account (similar method as using a crypto-specific e-mail)
5 Think Like a Nasty Hacker
If you were a career hacker, whose income revolved around finding and exploiting information relating to a person, e-mail account, or phone number, what lengths would you go to? The answer is probably “any,” and this is why you need to put yourselves in a hackers shoes to make sure you are secure.
Being security aware is more of a mindset than a method, but the following steps should get your started to thinking like a hacker:
- Dox yourself – use Google, social media and other resources to try to find your personal information online.
- Do the above for names, addresses, e-mails, phone numbers and any other personal information you can think of.
There are many ways a hacker can infiltrate your online identity, and it’s important to stay in the mindset that it could, and might, happen to you.
I’ll leave you with the eeriest example:
The photos on your mobile phone may contain EXIF data. This data includes the make and model of your phone, the software version (hacker jackpot), the date and time you took the photo and the GPS coordinates of where you took the photo (amongst other things). Yes, you heard me right, your uploaded photos could give a hacker or thief pinpoint directions to your house, bedroom or office. Scary right?
Luckily, most major social networks strip this data away from uploaded images, but there are plenty of smaller sites, blogs, and services that don’t. Something as simple as uploading a photo could lead a hacker to your address. If this doesn’t drive the importance of OPSEC and good security practices home, then I don’t know what will.
Feel free to debate the methods discussed in this article below. If I’ve missed anything, please let me know.
Facebook-backed Libra welcomes Blockchain Capital as new member
The Facebook-initiated Libra blockchain project continues to grow as its governing body has added a new major industry partner.
Blockchain Capital, one of the largest venture capital firms in the blockchain industry, has joined the Libra Association, according to an official Sept. 18 announcement.
Alongside the other 26 association participants, Blockchain Capital will now be working to create a “more equitable payment system” with Libra.
Bart Stephens, co-founder and managing partner at Blockchain Capital, said, “Leveraging blockchain technology to improve financial access and promote innovation has been at the core of Blockchain Capital’s portfolio strategy.”
The Libra Association was formed in June 2018 after Facebook originally released a white paper for its stablecoin project, Libra. At the release, the association had a number of major global companies as founding members including Mastercard, PayPal, Visa, Stripe, eBay, Coinbase, Andreessen Horowitz and Uber. However, many initial members have left the association amid global regulatory pressure.
Libra has seen some revitalization this year, with the Libra Association adding more members like Checkout.com and Shopify. However, with 30 members so far, Libra’s governing body is still far from its planned 100 members.
The Switzerland-based association has been also appointing top financial services experts as executives in 2020. On Sept. 17, the Libra Association appointed HSBC veteran James Emmett as managing director of its subsidiary firm, Libra Networks LLC. Previously, the association announced former HSBC chief legal officer Stuart Levey as its first CEO.
Local Authorities Summon Bithumb Chairman Of The Board Over Alleged Fraud
Bithumb’s situation worsens as South Korean authorities have reportedly summoned company Chairman Lee Junh-hoon for alleged fraud regarding the sale of BXA tokens. This comes days after local police raided the exchange for the third time in less than a month.
Three Police Raids For Bithumb In September
September turns out to be a rather unpleasant month for the popular South Korea-based cryptocurrency exchange. As CryptoPotato reported earlier this month, the Intelligent Crime Investigation Unit of the Seoul Police raided the company’s headquarters under allegations for fraud.
Authorities alleged that the exchange sold its native BXA tokens to investors for over $25 million. Bithumb planned to list the token on its platform but reportedly failed to, resulting in a massive loss for investors.
Just five days after the first raid, the police conducted another one on September 7th. A police official purportedly said that authorities aim to secure additional evidence related to already existing allegations against Bithumb Korea and Bithumb Holdings Chairman of the Board – Lee Jung-hoon.
The plot thickened earlier this week when the Seoul Metropolitan Police Agency (SMPA) raided the exchange’s headquarters once again. This time, however, authorities took it a step further. They seized dozens of shares in Bithumb Holdings belonging to Bithumb Korea Director Kim Byung-Gun after receiving approval from the Seoul Central District Court.
Bithumb Chairman Summoned By Local Authorities
Earlier today, the state-run agency Yonhap reported that the SMPA had “summoned” Lee Junh-hoon. Apart from being the Chairman of the Board of Directors of Bithumb Holdings and Bithumb Korea, he is also the beneficial owner of Bithumb.
The report highlighted that BXA coin investors had sued both Lee Junh-hoon and Kim Byong-Gun for the financial losses suffered from the token sale. The authorities have also accused Junh-hoon of violating the Act on Aggravated Punishment for Specific Economic Crimes by fleeing South Korea.
Interestingly, while the investigation against Junh-hoon is ongoing, authorities haven’t conducted one against BK Group Chairman Kim Byung-Gun, despite both being accused of the alleged fraud.
Beware: Fake Uniswap (UNI) Token Giveaways Already Roaming the Internet
Cryptocurrency fake giveaway scams continue to emerge frequently, and the latest example involves the popular DEX protocol Uniswap. Just a day following the UNI token release, scammers began promoting fake UNI giveaways by impersonating Uniswap’s creator – Hayden Adams.
Fake UNI Giveaways On YouTube
As CryptoPotato reported yesterday, the popular decentralized token swap platform launched its long-anticipated native token called UNI. The announcement was accompanied by news that Uniswap will airdrop 15% of UNI’s total supply to users who had used it before September 1st. Naturally, this free token rush raised the community’s attention rather rapidly.
However, it appears that scammers were also keeping a close eye. It didn’t take long, and only a day after the UNI launch, unknown fraudsters initiated a fake UNI giveaway on the most widely-used video-sharing platform – YouTube.
In this case, the scammers created a fake Uniswap YouTube channel that supposedly has over 400,000 subscribers. They also launched a live video displaying 40,000 live viewers with the protocol’s creator – Hayden Adams.
Lastly, the classic scam is completed by offering to double all UNI tokens sent to a specific address. Meaning, that if users send 250 UNI to their address, the fraudsters promise to send back 500 UNI tokens.
Although it sounds like easy money, a more in-depth look reveals several issues and points out that it’s a classic scam. The YouTube channel has only two videos – both carrying the same fraudulent live stream, but the Google-owned platform has taken down the first one.
Additionally, the videos contain the same repeating old interview with Adams, where he says nothing about giving free UNI tokens. Last but not least, victims that fall for this scam and actually send coins to the provided addresses will not receive anything in return.
Growing Problem But Where’s The Solution?
Similar fake giveaways are a growing threat for the cryptocurrency field, its image, and, most importantly – users. Although they sound too good to be true, scammers continue doing them on several social media platforms, but mostly on YouTube.
This is where the main problem lies. The Google-owned platform has been previously criticized and even sued for not putting enough effort into fighting the scams. However, YouTube is frequently warning and banning legit cryptocurrency content creators as its logarithm fails to notice the differences.
Another social media giant Twitter also went through something similar recently. Attackers gained control over 130 accounts of famous individuals and companies and initiated a fake Bitcoin giveaway. Although Twitter stayed up front with the users and updated its security protocols, the platform was exploited once again a month later.
In any case, while social media platforms struggle to find the most appropriate solution, users need to be more cautious and vigilant. A general rule of thumb suggests that if something sounds too good to be true, it usually is. Also, there’s no such thing as free lunch.
Blockchain3 weeks ago
Market Wrap: Bitcoin’s Powell-Induced Price Swing; Ethereum Still High on Gas
Blockchain1 month ago
The US Post Office Files a Patent for a Blockchain-Based Voting System
Blockchain4 months ago
How to Identify the ‘Third Wave’ of Cannabis Investments
Blockchain2 months ago
Wealthfront Lures Millenials With Crypto Memes and Tactics
Blockchain2 months ago
Top Five Most Advanced Cryptocurrencies
Blockchain3 months ago
5 Tips to Interest the Press in Your Cannabis Business
Blockchain3 months ago
Top 5 Most Effective Cannabis Marketing Strategies
Blockchain8 months ago
What is Litecoin? | A Complete Beginners’ Guide