A few people I know were recently attacked & lost their crypto assets, I can’t disclose the details publicly but what they had in common was that their seed phrases were generated 3–4 years ago, they were all 12 words!
To add, all of the victims were using Windows and were mostly from Asian countries.
The advice so far is: Be careful when using Windows, use VM! Or install Linux. Generate a 24 word phrase in a safe way (I’m not sure about this tip, it’s just a little advice based on some concerns). Don’t rely on online Bip32/Bip39 wallet generators.
Who knows, maybe hackers can hack into your headphones and hear your keystrokes?.. Install an antivirus, — Malwarebytes is a good one. Comodo is also reliable enough.
If needed, use web3_antivirus dashboard or RevokeCash / @cointool for an on-chain defense! The trust model around tips above isn’t as weak as you may seem to imply when the right countermeasures are in place:
-
Encrypt the system with VeraCrypt (on a MacOS — FileVault);
-
Install an VPN. Check out mullvadnet oVPN or rent a VPN + run it through Outline app;
-
Tend to use a multi-sig solution — can be via either safe or smoldapp combined with a delegatedotxyz tool which is in turn compatible with AirGap_it ;
-
Set up alerts either via AMLBotHQ or TenderlyApp or FortaNetwork , as an alternative opinion you may choose sadspotter;
-
Install 2FA on everything you can. Forbid password reset in mail, and on all accounts (Google, Proton, X, etc.). Always hide mail under an alias;
-
Generate phrases and keys in core client or node. Then import them into hot wallets. Beware of vanity-based attacks;
-
Set up an address book in the wallet — and enter (whitelist) your addresses. At the same time, don’t forget to check and verify them in the settings sometimes;
-
If you have to deal with a potentially infected PDF file — ask to download it in preview mode in advance (Google drive) or use anyrun_app or dangerzone.rocks. Alternatively, work with VM/Sandbox. You can use VM from VMWare and sandbox from Sandboxie;
-
You can protect yourself from hacking on a logical level as well. Just put a burner bot (github.com/codywall/Burner-Bot) at all of your wallets and securely protect it: or put your own Sweeper bot;
-
Never click on links just for fun. Never at all. If necessary, use anyrun_app or urlscanio (or simply type in the link by hand and open it in incognito under a virtual machine);
-
Put a canarytokens-based honeypot on your work computer. Make an HTML file, name it “seed phrase” and put a tracking pixel in there with canarytokens (or iplogger(dot)org). Put open notifications on your phone/bot. I will provide all data on request;
-
Install a “littlesnitch” application on your computer/router (under OpenVRT) and configure it correctly;
-
Always update your browser. It is best to use the original Firefox or Chrome. But you can use the solution similar to detect(dot)expert ;
-
Never work when you are sleepy, hungry or sick. If you feel vulnerable or just uneasy — the chance of being hacked increases dramatically. Always double-check the addresses pasted after copying to the clipboard (watch out for the crypto clipper malware).
In doing so, always remember the two golden rules:
-
Personal data protection. When you are active in blockchain and cryptocurrencies, you need to pay special attention to protecting your personal data;
-
Software updates. It’s important to update your software regularly, as developers are constantly releasing new versions with improved security measures.