How to prevent hacking and theft of cryptocurrencies


Recommendations for organizing the storage of cryptocurrencies and tokens

Do not store all eggs in one basket! Break funds, and those that you do not plan to use in the near future, store in a cold wallet. If necessary, there may be several cold wallets. For example, part of the funds will be on a hardware wallet, part on a multi-signature wallet, part in the form of a private key in a cryptocontainer with a strong password. In case of real danger, you can even pass 1 or 2.

Separate computers for crypto. If you work with crypto assets that are several times more expensive than the cost of their storage, select individual computers that will no longer be used for anything. Surf the web, play with toys and edit the submitted documents better on another computer.

Nothing extra. There should not be any extraneous software on wallet computers, not to mention a cracked Windows crack from C001 _] [aker. Only proven distributions from the manufacturer.

Fault tolerance. The biggest fault in terms of fault tolerance is a hard disk failure. Other parts in the computer are usually replaced quickly and without any special consequences. In the case of hard disks, system fault tolerance is easiest to achieve using mirrored RAID arrays. Roughly speaking, this is when two hard drives are installed, and write and read operations go on them in parallel, and the system sees them as one disk. In this case, the cost goes to one hard drive, the raid controller can even be used built into the motherboard. The likelihood that both hard drives will fail immediately is extremely small, and if any one fails, you insert a new one in its place and work on. Some RAID controllers can do this even on the fly without shutting down the system.

Backup. You must be prepared for the fact that the most fault-tolerant system may not be available. Fire, thieves, special services, or just a cat writes to the power supply and burns all the boards and hard drives, it does not matter. This could happen. You must have current backups of all wallets. Moreover, they must be encrypted and sent to several places at once. To the cloud, to mail, a flash drive in a safe, an archive in a smartphone, etc. Choose a few options, better come up with your own, and use them. Keep a backup schedule and stick to it. Periodically download one of the backups and check the availability of information in it, that nothing is beaten, you remember all the passwords and are able to extract information from the backup.

Encryption and passwords. Take it as a fact that your computer, phone, flash drive or access to your mailbox and other services may be in the hands of attackers. In this case, it is necessary to prevent an attacker from gaining access to wallets. If all your devices are securely encrypted, and passwords are not like Qwerty123, then at least you will gain time to transfer assets to other wallets, and at the maximum, obtaining devices and accesses will be useless for an attacker. Therefore, use the maximum encryption, including on system partitions, smartphones, archives, backups. Set passwords to download and unlock your smartphone. Computers should not have accounts without strong passwords. On web services, use two-factor authentication where possible. Set strong and different passwords on all services and devices. It is advisable to change them to new ones with some periodicity.

Updates. Pay particular attention to software updates. Often, attackers use errors in the update algorithm or disguise the download of malicious software as updates. This was already the case with some cryptocurrency wallets, for example, with Electrum, when a message about the need for updates was displayed, and the trojan was loaded. An easier way is to display in the browser on the web page a supposedly window that asks to update the browser. Sometimes this opens in a new pop-up window and tries as much as possible to copy the interface details of a real update window. It is clear that upon obtaining the consent of the user, a trojan will be downloaded to him. So only updates from official sites, and it is advisable to additionally check them.

Do not leave things unattended. Everything is clear about flash drives or a smartphone without a password. But in some cases, even a laptop can be hacked simply by inserting a device that looks like a flash drive into a USB port. But in reality it will be a hardware HID keyboard emulator and a set of exploits. So in the Windows environment, after configuring all of your devices, it is recommended to prohibit the automatic installation of drivers and devices by activating the ‘Prevent the installation of devices not described by other policy settings’ policy.

What to do if a hack has already been detected

– Disconnect the attacked computer from the network, check what is stolen, what is not.

– Transfer the remaining cryptocurrency and tokens to other wallets, if necessary, create them on a clean computer. To speed up the process, you can create temporary addresses in the most famous web wallets.

– Track where the coins went, maybe these are services like exchanges or online wallets. In this case, urgently write to them in support about the incident with the addresses, transaction hashes and other details. If possible, call, after sending the letter call and voice call attention to the urgency of the situation.

– Change all passwords from a clean computer, even those that are not directly related to wallets. On the infected computer with a high degree of probability there was a keylogger that collected all the input information. Passwords must pass at least 2 cleanups – temporary and new permanent. Passwords must be strong: long enough and not dictionary.

– Save to backup all the necessary information from computers, smartphones and tablets, which is undesirable to lose. Executable files, and other files that may have been infected, should not be in the backup. Encrypt backup. Make several copies of the backup in geographically dispersed places.

– Clear all flash drives, hard drives, reset the smartphone to the factory state and re-configure everything. If you plan to work in the future with very important information, or amounts that are many times higher than the cost of technology, then ideally it is worth changing the entire hardware, as some types of Trojan programs can register in service areas on hard drives and are not deleted even when formatting, And also modify the BIOS on the motherboard.

General safety advice

Phishing Most often they attack sites of exchanges, online wallets, popular exchangers.

The leaders are, and Most often, scammers register a domain similar to the attacked one. A harmless website or forum is poured there. Buy advertising in search engines on it. As soon as advertisements are moderated, the site is replaced by a clone of the attacked site. At the same time, it’s not uncommon for DDoS’s to begin. The user cannot get to the site, enters the name in the search engine, clicks on the first line in the SERP, not seeing that it is an advertisement, and appears on the scam site, which looks like a real one. Then he enters his usernames and passwords, and money from his account is leaked to attackers. Often, even two-factor authentication, pin codes, etc. does not help. The user himself will enter all this. Say, when entering the login code, the system will say that the code is not correct, enter it again. He will enter the second code. But in fact, the first code was used to enter, and the second to confirm the withdrawal of funds.

Another example is deferred attacks. When you open the site sent to you, which looks like safe, and leave the tab open. After some time, if there is no action on the page, its content is replaced with a phishing site that asks to be authorized. Users who have previously opened tabs are usually more trustworthy than those that they open, and they can verify their details without checking.

Also in some cases there may be phishing attacks on specially prepared public networks. You are connected to a public Wi-Fi network, and her DNS returns the wrong addresses for domain requests, or all unencrypted traffic is collected and analyzed for important data.

In order not to fall for this, do not turn off your vigilance, use additional checks and a more secure channel, about them below.

Additional checks. For the most visited and important sites on a secure computer, spot a few indirect parameters. For example, the publisher of the certificate and its expiration date. Alexa counter value or approximate traffic by Similarweb. You can add your own parameters. And when you visit the sites, track them. For example, if a certificate suddenly changes long before the end of the old one, this is an occasion to beware and additionally check the site. Or, for example, if earlier showed about 7 thousand points on Alexa counter, but now it suddenly shows 8 million points, then this is a clear sign that you are on a fraudulent site. Same thing with Similarweb metrics used by CDN, domain name registrar, hoster, etc.

Passwords Do not use weak passwords. The most important passwords are best remembered without being recorded anywhere. However, given that it is better to set different passwords for all services and wallets, some of them will have to be stored. Never store them open. Using specialized programs such as KeePass is much preferable to a text file. There, they are stored at least exactly in encrypted form, plus data from the clipboard is automatically deleted after use. Set up some security rules for yourself, for example, add three random characters to the recorded passwords at the beginning. After copying and pasting where the password is needed, delete these characters. Do not share ways to store passwords, think of your own. In this case, even if the key keeper is compromised, there is a chance that the attacker will not be able to use them.

Safe channel. To work more safely from public networks, it makes sense to make your own VPN server. To do this, you can buy a virtual machine in one of the hosters abroad, you can choose the location at your discretion. The average cost of a virtual machine is $ 3 – $ 7 per month, this is quite lifting money for a slightly more secure access to the network. Install your own VPN server on the server and start all traffic from mobile devices and computers through it. All traffic to the VPN server is additionally encrypted, so you will not be able to poison DNS, or get additional data from your traffic by setting a sniffer on its way.

Windows / Linux / Mac OS? The best operating system is the one that you can configure most professionally and work safely in it. Better well-tuned Windows than badly tuned Linux. Security problems are found in all operating systems, and they need to be patched in time. However, the largest amount of malicious software is written under Windows, most often users are sitting with administrator rights and when probing the system, scammers primarily try to use exploits for Windows. Therefore, all other things being equal, it is worth choosing a less common and more security-oriented operating system, for example, one of the Linux distributions.

User rights. Give the user exactly as many rights as required to complete the tasks. Do not sit under a user with administrative privileges. Moreover, it is possible with the help of limited user rights to further secure the wallet. For example, to create two accounts, the first has access to the wallet, but under it you can not log in either locally or over the network. The second account can be used to log in, but does not have access to the wallet. In order to work with a wallet from under it, you must additionally run it using the Runas command, as in this example.

Antivirus. To put or not an antivirus? If the computer is connected to the network, it is used for any other tasks, besides storing cryptocurrency, it has the ability to connect flash drives or otherwise load malicious programs – we recommend using an antivirus. If the computer is specially configured only as a wallet, security is maximized everywhere, there is no extraneous software on the computer and the ability to download it there is better to do without an antivirus. There is a small chance that the antivirus will send a wallet to the company of the manufacturer as a suspicious file, for example, or they will find a vulnerability in the antivirus itself. Although this is very unlikely, such cases have already happened, they should not be ruled out at all.

If you installed an antivirus, keep the databases up-to-date, do not delete or “smack” malware checks, carefully treat all alerts and periodically perform a full system scan.

Think about the advisability of installing anti-virus on your smartphones and tablets.

Sandboxes. Get a separate virtualka to view the sent files. There is always a risk of getting a document with a 0-day exploit that is not yet detected by the antivirus. Virtual machines have such a plus as a fairly quick work with snapshots. That is, you take a nugget of the system, run the dubious files on it, and after completing the work, return the state of the virtual machine to the moment when you did not open the suspicious files. This is necessary at least for subsequent safe work with other data.

Check the addresses. When transferring payment data to a secure computer, immediately before sending, additionally check visually the address and amount. Some Trojan programs replace the addresses of cryptocurrency wallets with their own in the clipboard. Copy one, and the other will be inserted.

Environment. Keep in mind that the initial attack may not be carried out on you, but on your employees or your loved ones. Once in a trusted zone, it will be easier for malware to get to your assets.

Communication. Treat any messages during telephone conversations or correspondence as if they were accurately read / listened to and written by outsiders. So no sensitive data in clear text.

Better to overtake. If there is a suspicion that some wallets could be compromised, then create new ones and transfer all funds from those that cause suspicion.

Give less sensitive information for yourself. If at the conference the facilitator asks you to raise the hands of those who have cryptocurrency, you should not do this, you don’t know everyone in the hall, and putting potential victims on a pencil is the first step in which you can help an attacker. Or, for example, there was such a case: one cryptocurrency owner took storage security quite seriously. But the attackers found out that he was selling a land plot. Found some, contacted under the guise of a buyer. In the course of dialogues and exchange of documents, the attackers were able to put the trojan on the victim’s computer and monitor his work for some time. This was enough to understand how the funds are stored and steal them. When selling the site, the victim’s alertness was clearly lower than when working with crypto assets, this played into the hands of attackers.

 Examples of building an architecture for storing crypto assets

1. Requires storage of small amounts and quick access
We create an account in an online wallet.

We make backups of private keys, encrypt, send in a couple of places.

We make sure that there is access from the smartphone too.

As a result, we have instant access to crypto assets almost always. We keep in mind that such a wallet should not have amounts whose loss would be tangible.

2. Requires storage of various amounts and constant access
For permanent access, we use an online wallet, as in the first case for a small amount.

Given the requirement of constant access, a cold wallet will have to be kept online. It is recommended to assemble a separate server for this with a RAID 1 array, encrypt the array, install a wallet. Put the computer on collocation in the data center, it is better to draw up a contract not for yourself, but for one of your friends. Make backups of keys from both wallets, separately make backups of access to the server, encrypt everything and send it to a dozen different places.

Start a separate laptop or monoblock (to save) to access this server via an encrypted channel. Notebook disk encrypt. This laptop should not be used for anything else.

As a result, we have constant access from a web wallet and the ability to replenish it from a cold store. The cost of one-time expenses is approximately $ 500 for a laptop or a candy bar, $ 700 for a server (you can buy one), and $ 50 for colocation. If you are going to store crypto assets for tens or hundreds of thousands of dollars, then it is economically feasible. For full-time operation from a monoblock over the network, the address and amount for payment are taken from the shared document, using remote access via an encrypted channel, a connection is made to the server, where payment is already made. If a monoblock or server is physically stolen, attackers will not gain access to wallets due to encrypted partitions. If you need urgent access to a cold wallet from an unusual location, you can buy a new laptop there, download an access backup and deploy access to a cold wallet on it on the server.

3. In addition to online access, you need to store significant amounts
In addition to the web wallet and server from the first and second cases, we start several more wallets. You can use hardware wallets, individual laptops for certain types of assets, etc. The largest cold wallet will be offline. In a bank vault, or depository, or in your own cave, or some other reliable place. We prepare a computer for it without hard drives, the download will be from a CD. Not from a flash drive, because it is writable. We pre-write the boot Linux life cd, a utility for signing transactions and an encrypted private key to the disk. Make backups of all wallets and keys, make multi-level encryption of backups, send copies of them to various geographically dispersed places and various types of storage devices.

As a result, we have constant access from several wallets. If the smell is fried, 1 or 2 of them can be turned over without giving out information about the main store. If you need to transfer from a cold wallet, we move to a safe location, boot from life cd, decrypt the key, sign the transaction offline. We transfer the signed transaction to the computer that has access to the global network and send it.


Remember that all of the security tips listed here will help from average attackers. If you are physically abducted and thermorectal cryptanalysis is applied, then you yourself will issue all the addresses and passwords. Also, if you are being hunted by special services with appropriate training, there may be a seizure of servers with cryo-freezing RAM to extract keys, as well as physical seizure when you are working with an open channel to your wallet. And if you follow the safety rules, do not break the laws, or nobody knows about you, then the probability of encountering such problems tends to zero. Therefore, choose the right methods of protection depending on the level of your risks.

Do not put off until later what is related to security, if you can do it now. Then it may be too late. Remember that a fire is easier to prevent than to extinguish it.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

Leave a Reply

Your email address will not be published. Required fields are marked *