Did you also hear of friends and other crypto users who lost tokens because their device was hacked?
Staying secure sometimes feels hard or even impossible, but 20 minutes of understanding the basics can already help to prevent most of the issues our imToken security team sees on a weekly basis.
To get started and understand the very basics, read our basic security tips first.
Today, we will get more into depth and show you how to defend your computer in 10 easy steps.
Ways to defend yourself and keep your computer safer
First, learn the basics of staying safe in our earlier post.
The probably most obvious way to lose crypto on your computer is by entering a private key / Mnemonic / secret phrase on a scammer’s website. Scammers love to get your private key, because knowing it means owning the wallet and all tokens in it.
You might think that you are smart enough not to give away your private key. But always be careful. Because it just takes one tiny little moment, 10 seconds of not being careful. Just like this person - who miraculously got some funds back - explains:
https://www.reddit.com/r/CryptoCurrency/comments/oip4mi/if_you_want_to_join_me_in_watching_metamask/
But there are way more advanced hacks than that.
So, let’s look into 10 steps to help you stay safe.
1. Keep your software and computer operating system up to date
One major reason why the software or computer operating system has been updated by their company is that they will fix the bugs or vulnerabilities in their code. Those bugs and vulnerabilities may be hacked or attacked in one day!
Please update the software routinely and keep your computer operating system current.
2. Review your software and limit unnecessary software
Most people use crypto on a computer that they would also use for gaming, work and casual web browsing. The more software you have installed, the higher the risk of exposing your crypto or private information.
To help, first limit software that starts on launch. Then, remove unnecessary software completely.
Do not ever install remote desktop viewer apps like Teamviewer. Those are notorious for getting people into trouble as you can see here; https://www.reddit.com/r/Bitcoin/comments/2oyf9y/updated_info_from_the_40_btc_hack_using_teamviewer/
With another scam, a fake customer support will try to get you to share your screen showing a private key. Here is one such case by an NFT fan:
https://twitter.com/sohrobf/status/1430478533306982408
3. Never plug in any USB drives, SD cards and other devices
Simple USB sticks can be equipped with harmful software. We know that some scammers use usb sticks with a software that steals your MetaMask key store as well as installs a keylogger virus on your computer.
But even charging cables can have chips hidden inside that perform exactly the same function. And charging your phone on public USB hubs, such as in an airport, can download a virus to your device too. Read how an iPhone charging cable might get you hacked:
https://techcrunch.com/2019/08/12/iphone-charging-cable-hack-computer-def-con/
4. Never use Public Wi-Fi (without VPN)
Open wifi networks such as in hotels, restaurants or airports allow all people on the same wifi to read everything you do on the internet, show you fake websites or even directly send you viruses.
A scammer could, for example, read all internet traffic going through the wifi network and filter out any information that looks like a bank account password, a private key and so on. Ironically, some would even mine crypto on your computer:
https://twitter.com/Tinolle/status/948974878249705473
5. Never leave your laptop, keys, USBs, phones unattended, even for a moment
If you leave your computer unattended and unlocked for just a few seconds, people can plug in a malicious usb stick. And without doing more than that, your computer would already be infected with a virus that reads all the text you type in - including passwords - and sends them to the attacker. Similarly, the software would steal your MetaMask keystore in a matter of seconds. This is likely how this NFT fan got hacked, a story worth reading:
https://twitter.com/philipplgh/status/1418154921782910978
6. Never download random files
There has been a wave of NFT artists and collectors receiving suspicious emails that look as if sent from friends or acquaintances. Attached to the email would be a file.
Just clicking on the file will start a program that will scan your computer for crypto keys and steal anything possible. It most likely will also install a software that reads your passwords as you type them on your keyboard and send those to the hacker too.
See one such example below:
https://twitter.com/arielbeckerart/status/1403104091857985537
7. Remove dangerous apps: clipboard manager, auto-upload apps, remote viewers
Clipboard managers give random websites the ability to read your clipboard history. Malicious clipboard managers recognize an crypto address and insert the scammer’s address before you click send. There are many ways clipboard manager software can get you into trouble.
You can see one such case here: https://coinjournal.net/pc-malware-steals-funds-modifying-ethereum-addresses/
Therefore, better not use clipboard tools on the same computer as your crypto.
8. Review your browser extensions in Chrome, Firefox, Brave
Just like other computer software, browser extensions are built by people you probably don’t know. This gives you unnecessary risk, especially considering that many of those extensions are being able to read any information you enter on websites.
Just like scammers upload fake apps on app stores, they also add browser extensions to add-on stores.
You can find one case here: https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
Therefore, limit the amount of browser extensions you use. And don’t enter personal information or secrets when browser extensions are active. If you use browser wallets, make sure to download the legit ones just like you do with your mobile apps.
9. Use a password manager
Never store passwords in a word document. Because all it takes is 1 second of access to your computer to automatically scan your system for passwords, personal information and crypto.
Instead, install a password manager and use its auto-generated passwords. The password manager not only stores your passwords in a safe way, but also lets you use different passwords for each account. Which means if a company leaks your account and password, hackers won’t be able to use it on any of your other accounts.
10. Disable cloud software
Never use cloud software that automatically uploads your screenshots to your online account.
Although It is convenient to save all information in the Cloud, your data might get leaked. And all it takes is one person to access your photos one single time. With any sensitive data stored online, you would be an easy victim.
Those 10 steps are a beginning.
Follow us to learn more about how to encrypt your computer and all drives. Because encryption secures your data even when stolen.
How to secure all your accounts. Because every account might give an attacker access to another account with your crypto.
Follow for more in the coming weeks: Twitter | Support | token.im
Download imToken: Google Play | Apple App Store