Cyber Hygiene for Cryptocurrency Investing and Trading

Intro

Hackers are awake! For example, North Korean hackers stole more than $1 billion in cryptocurrencies between 2015 and 2020. The exchanger should protect itself, but how can you protect yourself from an ordinary user?

Ordinary users can protect themselves with the easy rules of cyber hygiene and security settings of their account. We talked about today.

We’ll start with how to connect to the network so that your username and password are not stolen.

1. Network connection

To work with a crypto exchange or crypto purse you need to look through what network you connect from home or just from a mobile phone that in principle can connect to the exchange.

But if you are connecting to a free Wi-Fi in a restaurant, shopping mall or operation, you must use a VPN connection that provides an additional encrypted connection and protects network administrators from reading traffic.

For example, I use two services:

• CyberHost VPN
• NordVPN

Example from life:

In the previous company, the admin had a hobby collecting usernames and passwords. His truth for this was dismissed, but the fact remains.

You should check network access points to avoid accidentally losing your data.

In part, this can protect the use of additional security mechanisms, such as two-factor authentication.

If you need to login to the cryptocurrency exchange, from a foreign computer, I recommend to log in to the browser under incognito mode and using the QR code for authorization.

And it is mandatory, after completion of the actions with the exchange, to make a log out from the account.

2. Account security settings in cryptocurrencies

After you have securely logged in, you need to change your account’s security settings.

What should be configured first?

Configure to:

• complex password to store in password manager
• setup 2FA
• verify the rights of your API keys
• anti-phishing code

It is advisable to register your personal number with the operator on your passport

!! Disclaimer !!

So for example, I took these crypto exchanges that I used to run into, and there were accounts that I used to work with.

Complex password

If you use one of your default passwords to access the exchange, it is recommended that you change it and keep your account on a special password manager. How to do it best, knows about this public.

Enabling 2FA

According to recent Microsoft research, using two-factor authentication avoids 99% of user attacks.

The second factor forces you to enter an additional code for your account.

This can be code that is sent to email, via one of the messengers, SMS or through special applications such as Google 2FA.

Below are screenshots of three Binance, KuCoin and Kuna exchanges, showing their security settings.

An interesting feature of KuCoin is that they use a separate account for cryptocurrency purchase/sale and need to enter a separate code.

Binance allows you to trade from your spot account, but when withdrawing funds requests all possible codes, to confirm the withdrawal — 2FA, code from SMS and code from e-mail.

Binance

KuCoin

Kuna

Anti-phishing code

The anti-phishing code is intended to confirm that the e-mail you received was sent by the service you are working with. I.e. a kind of signature that verifies that the letter was sent by the exchange.

Binance anti-phishing code settings

Example code in e-mail

Phone number

The phone number must be registered on a passport to avoid fraud associated with a fake phone number.

API keys

API keys — Under no circumstances can you give anyone your keys. If you are sure that the trading bot or application to which you give out the API key. On the example of working with the exchange Binance.

API Management

3. There are airdrops working

What is Airdrop in Cryptocurrencies?

All users of the Apple technique know the word Airdrop, through which you can share files and pictures. What are Airdrops in the crypto world?

In the crypto world, airdrops are bonus coins that are given by a project to a person who has bought coins on ICO/IDO or simply uses the project or holds his coins in a stakes.

This uses different ways of connecting to the crypto-wallet domain.

What is the risk of using airdrop?

The risk is not for the Airdrops themselves, in the way of connecting your wallet to the resource that you will be dumping coins.

What are the risks?

Connections may require specific permissions to connect to your wallet or exchange account. This can be just a setup or a more complicated way — through a smart contract i.e. there are specific features inside the smart contract that can result in the loss of your cryptocurrency on your wallet. Also can “forehead” without any foreplay, ask to send a wallet number and a cid phrase. Hi, phishing)))

What can we do about it?

• Do not use your main wallets to interact with airdrops
• If you have already connected this mud, then I recommend transferring your cryptocurrency to another wallet
• If you subscribe to the themes with airdrops — be sure to check them. Basic — is to find their Twitter, website, Facebook, reviews.
• Check transactions through special services — eg. AML bot. Ukrainian development. Chainalysis. This will help you further determine the potential danger of your Airdrops.

4. Hackers attacks

We’ve met you with things that will help you not lose your crypto money and protect yourself from attempts to steal it from you. And I suggest we take a look at what you and I are defending ourselves against.

The most common are phishing emails, with which hackers or intruders send you a letter that should encourage you to download the file or follow the link that is attached to the letter.

!! Disclaimer !!

The most popular email services, block potentially insecure files and links. But as they say, it won’t save you from a targeted attack.

What if you get such a “happy letter” pretending on behalf of your crypto exchange or an offer ?

The email should contain an anti-phishing code that you configure in your account. If there is no letter and you suspect, then the files or links attached to it are recommended to check through VirusTotal service. Copy a file or link, then download the total virus.

The file in the letter could be a computer virus that can be encrypted.

There is also a way to lure you to a potential skam project — it is pop up advertising banners. To avoid such potential risks I recommend using ad blockers:

• Best Ad Blocker & Privacy Browser
• AdBlock
• Pop Up Blocker for ChromeTM — Poper Blocker Stands
• The cool project that I personally use is Clario. I recommend using it with standard ad blockers.

More information on cyber hygiene, I recommend reading this public.

5. Crypto-wallets

Cryptocurrency wallets store users’ public and private keys while providing an easy-to-use interface to manage crypto balances. They also support cryptocurrency transfers through a blockchain. Some wallets even allow users to perform certain actions with their crypto assets such as buy, sell and exchange or interact with decentralised applications.

There are two main types of cryptocurrency wallets: software-based hot wallets and hardware based cold wallets.

Cold wallets are considered more secure, since they are not needed to connect to the Internet and Blockchain. But they are have some variants of risks:

• Physical lost wallet. In this case you should keep the wallet in the safe or as safe as the key on the chain.
• Forgot password or private key. In this case you should use password managers.

For secure saving crypto assets you can use:

• Papers keys.
• Hardware wallets.
• Laptops or mobile devices not connected to the Internet.

In addition, on some crypto exchanges there is a function called «Safe». The user makes assets on the deposit platform. But these funds are transferred to a cold wallet exchange. Receiving money from a «safe» is carried out manually, usually once a day. Even if an account is hacked, the investor will have time to notice the attack and cancel the transaction.

Hot wallets are considered less safe against hacker attacks, as they are installed on smartphones or laptops and they are connected to the Internet and blockchain all time.

1. Computer viruses attack
2. You can lose data when you change devices during migration.
3. Device lost.

What are the advantages and disadvantages of hot wallets?

Advantages:

• Ability to quickly transfer coins and view balance.
• User friendly interface. Usually applications for hot storage are focused on all users, including beginners.
• Additional features. Applications for working with cryptocurrency are usually combined with exchange services, exchanges, analytical tools.

Disadvantages:

• High risk of hacking. If the attacker gets access to the device, he can steal the victim’s money
• Risk of asset loss due to service termination. If a user keeps a cryptocurrency in a separate exchange-traded wallet, they may lose their savings due to the platform’s website blockage.

How can you choose hot wallets?

If you choose a crypto wallet, it is best to choose those crypto wallets that are popular or affiliated with famous crypto exchanges, such as Coinbase, Binance, etc.

6. Cryptocurrency exchange rating

I want to tell you how you can choose cryptocurrency exchanges with higher security rates. Hacken has developed Crypto exchange rating — CER [], which compiles crypto exchangers by liquidity and cyber security levels. Basically CER checks not only security mechanisms, but also results of smart contract security audits, pentests, bug-bounty programs, etc.

Based on these requirements, a security rating of the exchange is formed. If you are new to cryptocurrencies — you can use this resource to determine which exchange is the most secure.