How to prevent hacking and theft of cryptocurrencies?

There is no universal solution for all occasions, but we will try to give advice that is applicable almost always. The specific implementation of the architecture should be planned based on your needs and risks.. This article can be used as a checklist for verification. Recommendations for organizing the storage of cryptocurrencies and tokens Do not store all your eggs in one basket! Split funds, and keep those that you do not plan to use in the near future in a cold wallet. If necessary, there can be several cold wallets. For example, part of the funds will be on a hardware wallet, part on a multi-signature wallet, part in the form of a private key in a crypto container with a strong password.. In case of real danger, you can even pass 1 or 2. Separate computers for crypto. If you work with crypto assets, which are many times more expensive than the cost of their storage, then allocate separate computers that will no longer be used for anything. It is better to surf the web, play games and edit sent documents on another computer. Nothing extra. Wallet computers should not have any third-party software, not to mention a hacked Windows crack from C001_][aker'a. Only proven distributions from the manufacturer. fault tolerance. The biggest annoyance in terms of fault tolerance is hard drive failure.. The remaining parts in the computer are usually replaced quickly and without any special consequences.. In the case of hard drives, the easiest way to achieve system fault tolerance is to use RAID arrays with mirroring.. Roughly speaking, this is when two hard drives are installed, and write and read operations go to them in parallel, and the system sees them as one disk. In this case, the rise in price goes to one hard drive, the raid controller can even be used built into the motherboard. The probability that both hard drives will fail at once is extremely small, and if any one fails, you insert a new one in its place and work on. Some RAID controllers can do this even on the fly, without shutting down the system. Backup. You must be prepared for the fact that the most fault-tolerant system may be unavailable. Fire, thieves, special services, or just a cat will write to the power supply and all boards and hard drives will burn, it doesn’t matter. This can happen. You must have up-to-date backups of all wallets. At the same time, they must be encrypted and sent to several places at once.. To the cloud, to mail, a flash drive in a safe, an archive in a smartphone, etc.. Choose several options, better come up with your own, and use them. Set up a backup schedule and stick to it. Periodically download one of the backups and check the availability of information in it, that nothing has been broken, you remember all the passwords and are able to extract information from the backup. Encryption and passwords. Accept it as a fact that your computer, phone, flash drive or access to your mailbox and other services may be in the hands of intruders. At the same time, it is necessary to prevent an attacker from gaining access to wallets.. If all your devices are securely encrypted, and the passwords are not similar to Qwerty123, then at least you will gain time to transfer assets to other wallets, and at the maximum, obtaining devices and access will be useless for an attacker. Therefore, use encryption to the maximum, including on system partitions, smartphones, archives, backups. Set passwords to boot and unlock your smartphone. Computers should not have accounts without strong passwords. On web services, use two-factor authentication where possible. Set strong and different passwords for all services and devices. It is advisable to change them to new ones with some frequency. Updates. Pay special attention to software updates. Often, attackers use bugs in the update algorithm or disguise the download of malicious software as updates. This has already happened with some cryptocurrency wallets, for example, with Electrum, when a message was displayed about the need for an update, and a trojan was downloaded. An easier way is to display in the browser on a web page what appears to be a window that asks to refresh the browser. Sometimes this opens in a new pop-up window and tries as much as possible to copy the interface details of the real update window. It is clear that upon obtaining the consent of the user, a Trojan will be downloaded to him. So only updates from official sites, and it is advisable to check them further. Don't leave things unattended. Everything is clear about flash drives or a smartphone without a password. But in some cases, even a laptop can be hacked simply by inserting a device that looks like a flash drive into a USB port.. But in fact it will be a hardware HID keyboard emulator and a set of exploits. So in a Windows environment, after configuring all your devices, it is recommended to disable the automatic installation of drivers and devices by activating the “Prohibit installation of devices not described by other policy settings” policy. What to do if a hack has already been detected? – Disconnect the attacked computer from the network, check what is stolen, what is not. – Transfer the remaining cryptocurrency and tokens to other wallets, if necessary, create them on a clean computer. To speed up the process, you can create temporary addresses in the most famous web wallets. – Track where the coins went, perhaps these are services such as exchanges or online wallets. In this case, urgently write to their support about the incident with addresses, transaction hashes and other details. If possible, call, after sending the letter, call and voice to pay attention to the urgency of the situation. – Change all passwords from a clean computer, even those that are not directly related to wallets. On the infected computer, it was highly likely that there was a keylogger that collected all the information entered. Passwords must go through at least 2 cleanings – temporary and new permanent. Passwords must be strong: long enough and non-dictionary. – Back up all the necessary information from computers, smartphones and tablets that you don't want to lose. Executable files and other files that could be infected should not be in the backup. Encrypt backup. Make several copies of the backup to geographically dispersed places. – Clean up all flash drives, hard drives, reset the smartphone to factory status and set everything up again. If you plan to work in the future with very important information, or amounts that many times exceed the cost of equipment, then ideally you should also change the entire hardware, since some types of Trojans can register in the service areas on hard drives and are not deleted even when formatted, and also modify the BIOS on motherboards. General Security Tips Phishing. Most often, the sites of exchanges, online wallets, and popular exchangers are attacked. The leaders are, and Most often, scammers register a domain similar to the attacked one.. They upload a harmless site or forum there. Buy advertising in search engines on it. As soon as advertisements are moderated, the site is replaced with a clone of the attacked site. At the same time, the real one often starts DDoS'it. The user cannot get to the site, enters its name in the search engine, clicks on the first line in the search results without seeing that it is an advertisement, and ends up on a scam site that looks like a real one. Then he enters his logins and passwords, and the money from his account is leaked to attackers. Often, even two-factor authentication, pin codes, etc. do not help. The user himself will enter all this. Say, when logging in, he enters a code, the system will say that the code is not correct, enter it again. He will enter the second code. But in fact, the first code was used to enter, and the second to confirm the withdrawal of funds. Another example is delayed attacks. When you open a site sent to you that appears to be secure and leave the tab open. After some time, if there is no action on the page, its content is replaced with a phishing site that asks you to log in. Users usually treat previously opened tabs with more trust than those opened, and may enter their data without checking. Also, in some cases, there may be phishing attacks in specially prepared public networks.. You connected to a public Wi-Fi network, and its DNS gives the wrong addresses to domain requests, or all unencrypted traffic is collected and analyzed for important data. In order not to fall for this, do not turn off vigilance, use additional checks and a safer channel, about them below. Additional checks. For the most visited and important sites on a secure computer, note a few indirect parameters. For example, the issuer of the certificate and its expiration date. Alexa counter value or estimated similarweb traffic. You can add your options. And when you visit sites, track them. For example, if the certificate suddenly changed long before the end of the old one, this is a reason to be wary and additionally check the site. Or, for example, if earlier showed about 7 thousand. points, and now suddenly shows 8 million. – then this is a clear sign that you are on a fraudulent site. Same with Similarweb metrics, CDN used, domain name registrar, hoster, etc. Passwords. Don't use weak passwords. The most important passwords are best remembered without writing them down anywhere. However, given that it is better to set different passwords for all services and wallets, some of them will have to be stored. Never keep them open. Using specialized programs like KeePass is much more preferable than a text file. There, at least exactly in encrypted form, they are stored, plus data is automatically erased from the clipboard after use. Make some security rules for yourself, for example, even add three random characters to the written passwords at the beginning. After copying and pasting the password where necessary, delete these characters. Don't share ways to store passwords, come up with your own. In this case, even if the key holder is compromised, there is a chance that the attacker will not be able to use them. secure channel. To work more securely from public networks, it makes sense to make your own VPN server. To do this, you can buy a virtual machine in one of the hosters abroad, you can choose the location at your discretion. The average cost of a virtual machine is $3 – $7 per month, which is quite a lot of money for a slightly more secure access to the network. Install your own VPN server on the server and send all traffic from mobile devices and computers through it. Before the VPN server, all traffic is additionally encrypted, so that you cannot be poisoned by DNS, or get additional data from your traffic by installing a sniffer on its path. Windows/Linux/Mac OS? The best operating system is the one that you can set up in the most professional and secure way.. Better a well-tuned Windows than a poorly-tuned Linux. Security problems are found in all operating systems, and they need to be patched in time. However, the largest amount of malicious software is written under Windows, most often users sit with administrator rights, and when probing the system, first of all, scammers try to use exploits under Windows. Therefore, ceteris paribus, you should choose a less common and more security-oriented operating system, such as one of the Linux distributions. User rights. Give the user exactly as many rights as required to complete tasks. Do not sit as a user with administrative privileges. Moreover, with the help of limited user rights, you can additionally secure the wallet. For example, create two accounts, the first one has access to the wallet, but you cannot log in under it either locally or over the network. The second account can be used to log in, but does not have access to the wallet. To work with the wallet from under it, you must additionally launch it using the Runas command, as in this example. Antivirus. Install or not antivirus? If the computer is connected to the network, is used for other tasks other than storing cryptocurrency, it has the ability to connect flash drives or otherwise download malware – we recommend using an antivirus. If the computer is specially configured only as a wallet, security is turned to the maximum everywhere, there is no extraneous software on the computer and the ability to download it there, it is better to do without an antivirus. There is a small chance that the antivirus will send the wallet to the manufacturer company as a suspicious file, for example, or a vulnerability will be found in the antivirus itself. Although this is very unlikely, but there have already been similar cases, they should not be completely ruled out. If you have installed an antivirus, keep the databases up-to-date, do not delete or “swipe” malware checks, pay attention to all notifications and periodically conduct a full system scan. Consider installing an antivirus on your smartphones and tablets. Sandboxes. Get a separate virtual machine to view the sent files. There is always a risk of receiving a document with a 0-day exploit that is not yet detected by antivirus. Virtual machines have such a plus as fairly fast work with snapshots. That is, you select a snapshot of the system, run dubious files on it, and after the work is completed, return the state of the virtual machine to the moment when you did not open suspicious files yet. This is necessary at least for subsequent safe work with other data. Check addresses. When sending data for payment to a secure computer, immediately before sending, additionally check visually the address and amount. Some Trojans replace the addresses of cryptocurrency wallets in the clipboard with their own. Copy one and paste the other. Environment. Keep in mind that the primary attack may not be on you, but on your employees or your loved ones.. Once in the trusted zone, it will be easier for malware to get to your assets. Communication. Treat any messages during telephone conversations or correspondence as if they were read / listened to and recorded by third parties. So no sensitive data in plain text. It's better to be safe. If there is a suspicion that some wallets could be compromised, then create new ones and transfer all funds from those that are suspicious. Give out sensitive information less. If at the conference the host asks those who have cryptocurrency to raise their hands, you should not do this, you don’t know everyone in the hall, and putting potential victims on the pencil is the first step in which you can help the attacker. Or, for example, there was such a case: one owner of cryptocurrencies was quite serious about the security of storage. But the attackers found out that he was selling the land. Found which one, contacted under the guise of a buyer. During the dialogues and the exchange of documents, the attackers were able to plant a Trojan on the victim's computer and monitor its work for some time.. That was enough to understand how the funds are stored and steal them. When selling the site, the vigilance of the victim was clearly lower than when working with crypto assets, and this played into the hands of the attackers. Examples of building an architecture for storing crypto assets 1. Storage of small amounts and quick access is required. We create an account in an online wallet. We make backups of private keys, encrypt them, send them to a couple of places. We make sure that there is access from a smartphone too. As a result, we have instant access to crypto assets almost always. We keep in mind that there should not be amounts on such a wallet, the loss of which would be tangible. 2. Requires storage of different amounts and permanent access For permanent access, we use an online wallet, as in the first case for a small amount. Given the requirement of constant access, a cold wallet will have to be kept online. It is recommended to build a separate server for this with a RAID 1 array, encrypt the array, install a wallet. Put the computer on colocation in the data center, it is better to draw up a contract not for yourself, but for one of your friends. Make backups of keys from both wallets, make separate backups of access to the server, encrypt everything and send it to a dozen different places. Get a separate laptop or monoblock (to save money) to access this server via an encrypted channel. Encrypt the laptop disk. This laptop should not be used for anything else. As a result, we have constant access from the web wallet and the ability to replenish it from cold storage. The cost of one-time expenses is approximately $500 for a laptop or monoblock, $700 for a server (you can use it), and $50 for a colocation. If you are going to store crypto assets worth tens or hundreds of thousands of dollars, then it is economically feasible. For regular work from a monoblock over the network, the addresses and amounts for payment are taken from the shared document, with the help of remote access via an encrypted channel there is a connection with the server, from where payment is already made. If a monoblock or a server is physically stolen, then attackers will not get access to wallets due to encrypted partitions. If you need urgent access to a cold wallet from an unusual location, you can buy a new laptop there, download a backup of accesses and deploy access to a cold wallet on the server on it. 3. In addition to online access, you need to store significant amounts. In addition to the web wallet and server, we start several more wallets from the first and second cases. Possible hardware wallets, separate laptops for certain types of assets, etc.. The biggest cold wallet will be offline. In a bank vault, or a depository, or in your own cave, or some other safe place.. We are preparing a computer for it without hard drives, the boot will be from a CD. Not from a flash drive because it is writable. On the disk, we first write a bootable Linux life cd, a utility for signing transactions and an encrypted private key. Make backups of all wallets and keys, make multi-level encryption of backups, send copies of them to various geographically dispersed places and various types of storage devices. As a result, we have constant access from several wallets. If it smells of fried, 1 or 2 of them can be turned in without giving out information about the main storage. If it is necessary to transfer from a cold wallet, we move to a safe location, boot from life cd, decrypt the key, sign the transaction offline. We transfer the signed transaction to a computer that has access to the global network and send it. Conclusion Remember that all the above security tips will help against the average intruders.. If you are physically kidnapped and thermorectal cryptanalysis is used, then you yourself will give out all addresses and passwords. Also, if you are being hunted by special services with appropriate training, there may be a seizure of servers with cryo-freezing of RAM to seize keys, as well as a physical seizure while working with an open channel to the wallet. And if you follow safety rules, do not violate laws, or no one knows about you, then the probability of encountering such problems tends to zero.. Therefore, choose the right protection methods depending on the level of your risks. Don't put off security when you can do it now. Then it might be too late. Remember that it is easier to prevent a fire than to put it out. The story of hacking from Sergey Simanovsky How to prevent hacking and theft of cryptocurrency? What to do if a hack has already been detected? General security recommendations Examples of building an architecture for storing crypto assets