Crypto wallets, software-based & online are being hacked daily!

Recently a lot of famous “cryto” youtubers have been hacked, some of them used Exodus, a really well designed and easy to use wallet that supports many coins. However somehow malignant hackers have compromised lots of accounts lately.

Some background info on how crypto is stored

  • A “wallet” consists of ECDSA keypairs. A keypair is made up of a “public key” and a “private key” and both are used to encrypt or sign bits of data. The public key, as the name suggests, is public and known to everyone. If you encrypt data with this public key the holder of the private key alone is able to decrypt it. Anything signed with the private key can be verified with the public key as to originate from the true originator. All Bitcoin addresses are made up of such a keypair — the “address” you use to send or receive bitcoins on is the public half and the private half is in your wallet.dat file.
  • The “blockchain” is a database of transaction information that’s constantly growing and is sent out to the nodes in the Bitcoin network. When you engage in a transaction, that transaction is distributed to the network and if the transaction is valid, will be included in the next “block” . This blockchain data is what assigns your bitcoins to you. So your money is NOT stored on YOUR WALLET in bits and bites as some people assume.

So even in the advent your house burns down, your harddrive fails or your hardware wallet fails you can STILL access your bitcoins or other cryptocurrencies as they still exist on their respective blockchains. All that is needed is for you to hold the private key to unlock your wallet elsewhere.

So the main message here is to never ever give you private keys away! Never store any keys or 12 word phrase anywhere on your computer or the internet.

Also Exodus one of the most popular software wallets sends out a recovery email with a link. Store that link on an encrypted folder or drive not in your email! All they need to do is hack your email and boom, they’re halfway into your wallet.

What these hackers also do is run keyloggers they installed on computers via viruses (trojans, worms or fake software) on people’s computers and record everything they type or screenshot their screens in the background without them even being aware of it. That’s how they get to your password, now they only need the recovery email and they can empty your wallet.

Or you might have entered your private key somewhere on a website not really aware of the danger. At minimum you should print or even better write they keys and 12 words down on a piece of paper and store that in a fireproof safe!

Now most of the hacking happens online as it’s not even necessary to access a computer’s wallet to take the coins, remember the existence of your coins is a transaction that proves you’re the holder of those coins. So most coins lost are due to careless storage of private keys. People store it in their emails, on online notes, on their Dropbox or Google Drives.

Here is some advice you absolutely want to avoid. Just so you didn’t misunderstood:

DON’T FOLLOW THE ADVICE OF THE FOLLOW YOUTUBE VIDEO! JUST DON’T UNLESS IT’S AN EMERGENCY SITUATION.

Why is the above video bad information? Basically he tells his followers to avoid the high Exodus fees by using blockchain.info instead to send money around. Saving money is good but not when it compromises your security. To access your coins on there you need to provide them with your private key.

First of all you are trusting blockchain.info with your private key. Secondly all it takes is one rogue Chrome or Firefox extension that monitors that site and injects code to capture your private key.

Also if you store your crypto on Coinbase or any other exchange, don’t do it if you intend to keep it there for long term investment. Exchanges have been hacked before (Mt Gox) and some even take your money if they have any suspicion you violated their TOS.

Check which apps connect to your Facebook, Dropbox, Google accounts …etc. Minimise the amount of apps that get access to these accounts. Enable two-factor authentication on sites that offer it. This makes it 1 step harder for hackers to gain access to your data.

Google offers such a service & so does Microsoft, both have apps for your phones

For a more practical and safe solution use a hardware key.

Please trust me get a hardware wallet you don’t want to wake up and see all your hard earned money gone!!!!!!

The 2 most famous hardware wallets

NANO LEDGER - France (€58*)

Pincode Ledger Nano

Ledger Blue — France (out of stock)

A more sophisticated version of the nano.

Ledger Blue

TREZOR - Czech Republic (€89*)

Trezor
  • *+taxes may apply.
  • Also it’s best to buy directly from the manufacturers and not of eBay or some shady site that might sell them for a cheaper price. This way there is no chance a middleman can compromise the key before selling them to you.