Highlights of the “Ask me Anything”
In Saifu we are always open to communicating with our community and beyond. Our co-founder Evgeny Vigovsky recently did an “Ask me Anything” session on Reddit , answering questions about cybersecurity for cryptocurrencies. Evgeny has worked in cybersecurity for 18 years, with 12 of them at Kaspersky Lab, where he headed the DDoS division. Here are some of the questions he was asked:
What would you recommend for someone just getting into crypto? Obviously they shouldn’t leave their crypto on an exchange. Online wallet? Hardware wallet? Smartphone wallet?
“It’s a good question. Not exchange for sure. Even management of reputable exchanges say so. It depends on how much funds you have. Hardware wallets for consumers still have many security issues. There are good security analysis of Trezor and Ledger. For people new to cryptocurrencies and who don’t have very strong IT/Security background, I would recommend to consider online wallet/service who are focused on secure storing cryptocurrencies and have key components in place: people, technologies and processes and are happy to be transparent and demonstrate it.”
How does hot and cold storage work? What are the benefits?
“The main idea is that a machine with hot wallet is connected to Internet but machine with cold wallet is not. All transactions between them are made via flash drive. Once a service that uses such approach becomes popular and stores a lot of funds it becomes very attractive for hackers since ROI [return on investment] is also high:) Attackers develop targeted malware and find the best way to deliver it to a company’s network. Once it can reach that flash card and gets to cold wallet. The best and most known example is Iranian Nuclear program and Stuxnet. Stuxnet targeted nuclear centrifuges controlled by SCADA. Having just cold-hot wallets isn’t enough to securely protect crypto funds.”
How do you store your personal crypto?
“Some of it I store locally….but there are of course some risks. There are lot of good wallets out there….but I’m planning to use our platform, since it was one of the key reasons why we’ve created it … and it’s ours 😉”
What steps have you taken to protect the average person from losing all their coins to a hacker? Before someone gets into crypto, what would you tell them to first learn to avoid getting burned?
“Security awareness is one of the most efficient tools. A person needs to have some high level understanding of how it works and all possible risks. Technical tools are the second level. Good Anti-Virus, regular patches and updates of OS and applications. Don’t trust unknown sources. Don’t do anything if not sure. Find reputable online service that offers secure storing of cryptocurrencies.”
I had about $1k worth of eth and coins hacked from my metamask account. not MetaMask’s fault to be clear. I was using the private key in my own deploy script, on my own computer. I realize having this much money on an account I had copied to so many places was pretty dumb, but I never shared the key on anything private that I didn’t directly control. That said, I ran an AVG scan and it didn’t find anything obvious. In your opinion what do you think is most likely to have happened?
“It’s normally quite hard to say something remotely. It’s quite unlikely that it was stole from digital ocean server. Those guys care about security and 1K isn’t that big enough to find a way to steal from them. It can be stolen via a scanner. AVG provides not the best detection rate. Some malware can stay undetected for a while. It’s hard to say about your github repo.”
To see the rest of the questions, click here.