Bookmark Your Crypto Sites.
Bookmarking websites and using them from there is a basic but effective strategy. It prevents users from mixing the real website with duplicated websites that have similar domains, a common attack form.
An attacker duplicates a website and structures malicious code with a similar domain(URL). When the victim is directed towards that replicated website, thinking he is on the legitimate one, they make a transaction or sign a smart contract, resulting in the loss of funds.
Turn on 2FA for Everything.
2FA stands for two-factor authentication. It is an additional layer to the security of an account, and it has been rightfully perceived as an extremely safe method of preserving an account’s funds.
The most widely known 2FA methods are SMS or 2FA applications. Some devices are specifically and solely built for this function, but most people don’t need it to manage the hassle of an additional device different from their phone to keep their accounts secure.
Using 2FA applications is a little safer than 2FA with SMS because a sophisticated attacker can intervene to steal the signal between a wireless tower and your phone to receive the 2FA SMS and then access your account. This attack would require a lot of work and risk for the attacker to take, so if you don’t have hundreds of thousands of dollars, there is not much to worry about because it wouldn’t be feasible for a hacker to target you.
The difference between the 2FA application and 2FA SMS is that the 2FA application produces the password offline. When the application is used, there is nothing to intervene in because the 2FA password is created inside the device on which the application is installed. Meanwhile, 2FA SMS receives the password through their cellular carrier, which can be intervened and swooped.
Don’t Run Remote-Access Software.
Computers are not open to being controlled remotely by default, but they can be hacked to be forced to that state. Installing remote-access software makes this much easier in orders of magnitude for attackers to take control of your device. The general rule of thumb is don’t install remote-access software on the computer you hold your cryptocurrencies, even if you use a hardware wallet.
There are no Guaranteed Profits with Any Trading Bot.
Websites and services claiming they have a trading bot that provides guaranteed returns by proven algorithms are full of lies. Even computers with Nasa level computing power and an infinite amount of quantifiable data with evil geniuses working within markets can’t promise guaranteed returns on day trading crypto or stock markets.
Most of these trading bot services are designed to be one-way roads, it is easy to deposit money to those websites, but it is impossible to withdraw your money.
Never make a digital copy of your crypto details.
It is unbelievable how easy it is to hack people and reach their digital data through exploits. This is why it is risky to manage capital-heavy crypto accounts with a personal computer because of how easy it is to be exposed to attack just by surfing on the internet, downloading documents to use them for personal reasons(sometimes pirated movies and games which carry high risk), and utilizing a browser extension that records all of your keyboard activity to provide its services.
Creating a digital copy of your private keys opens them up to the infinite possibilities of exploitation that an average person wouldn’t even know could exist.
Use a different password for every crypto platform you use
The problem with using the same password on all websites is the database that holds the password you are using is under the control of the developer of the website you are using it. The person in control of the database can make a guess and use your email and the password you use on varying crypto exchange platforms to try out their chance of reaching your funds.
Use a Different Browser for Your Crypto Stuff
Many things are happening in the background when you are using your browser. Trackers(called cookies) watch what you are doing on the web and identify you by location, your social media accounts, and your behavior on the web. The data collected from you surfing the internet can be leveraged as a social engineering design attack customized for your defining characteristics, making it seem like it can’t be from someone who doesn’t know you.
There can be exploits on the bookmarks you are using and malicious code in the website you frequently visit. It is much safer to divide your browser activity just for crypto usage. You don’t have to put additional effort and attention into securely keeping the one you use for surfing the internet.
The way of doing this is using a different browser for all the crypto activity you will conduct. Brave browser is a good alternative with its built-in privacy and crypto tools.
Get Yourself a Hardware Wallet.
The distinction between a hardware wallet and a wallet on your computer is about where your private keys are stored. When you have a hardware wallet, you can use your tokens as if you have them on your computer, but they are less hackable because the cipher is out of reach from someone who may or did hack your computer. The cipher is stored in a different device which is your hardware wallet.
Use a Metal Storage Seed Backup Tool
If you decide to take the road of self-custody(including using a hardware wallet), writing your seed phrase to a paper wallet and calling it a day is not a smart decision because even water can destroy your reach to your funds if your seed phrase is only written on a piece of paper. You don’t have to go titanium or anything but get something more robust than paper and maybe strong against a fair bit of damage. Metal does that perfectly, and its price-performance ratio is pretty good.
Don’t Dox Your Crypto Address: Use Centralized Exchanges When Useful.
It is important to know that when you share your crypto address with somebody, they can get information about all of the histories of your transactions and the current funds stored. It may not be the best option to share your self-custody crypto address with people to get payments from because they can track your funds.
Using a centralized exchange infrastructure for getting payments from your customers is far better because the transactions happen off-chain and are not trackable. After you have received your payment through a centralized exchange, you can withdraw them to your self-custody wallet, untrackable to the person who sent you the funds.
Alternative: Use a Centralized Exchange to Keep Your Funds
Self-custody is not ideal for most people because of how much responsibility it brings to the table that an average individual is not designed for at the moment. Because the average individual has been in the safety net of governments and regulations, password recovery infrastructures of centralized applications, and many other errors correcting systems to make services scalable for most of the public.
In crypto, a person who is reckless with self-custody practices can lose funds, and they usually do.
We all want decentralized systems to be scaled, but they must be developed into far better versions of services than they are now. Sometimes, the best strategy is to find an exchange with a good reputation and hold your crypto there. No one feels a hundred percent safe when they have their funds in Metamask, so don’t put yourself into that unnecessary responsibility if you are not an active user of decentralized applications. Even then, always diversify and let some crypto sit in a centralized exchange which you can also use actively for trading.
Find Yourself a Safety Net of Individuals
Crypto is a vast industry, and it is hard to keep up with everything. As with everything in life, you need a safety net of individuals who can provide the knowledge you are looking for on the spot because of the specific comprehension they have built over the years. Even in the age of google, it is not enough to search the keywords or a question to find out which answer is the correct one or the most relevant to your situation. To get that level of support, you need a safety net of individuals fully committed to the industry.
And we are taking upon that quest as TheCronicle and bringing you articles like this to inform you with an objective lens, so you have enough context to make optimal decisions.