
I wrote this after a friend got hacked for 83 Bitcoin (nearly a million dollars at the going rate today. Probably more when you read this.) Good info even if you don’t hold and hodl crypto.
.
Most hacks aren’t people coming in your computer’s back doors. Most hacks are bozos pretending to be you and getting some minimum wage phone help worker to not be smart, which isn’t hard.
Use 2FA, a least having to confirm it on your phone.
A lot of hacking these days isn’t like Mr. Robot fast Linux genius typing, it’s easy-to-do social engineering.
And to do this, they have to know your phone number or email to start with. If you don’t use your phone number and email public, it’s harder for them to start a hack like this.
So have another email too, that you use nowhere except for trades and transferring to your air-gapped computer you never use for anything except security updates, then trades, then take it offline again. Hopefully Linux, but a Windows computer you never use elsewhere, that’s updated regularly would be more secure for this than a Linux computer you use for everything. Unless you ARE Mr. Robot and know how to keep GNU/Linux safe.
LINUX ALONE IS NOT A MAGIC BULLET FOR SECURITY IF IT’S NOT MAINTAINED AND UPDATED.
ESPECIALLY IF YOU USE THE SAME MACHINE FOR EVERYTHING AND ALSO USE YOUR SAME PHONE AND EMAIL FOR TRADES.
Use a hardware wallet like a Ledger Nano, and/or:
Best is buy a laptop (even a cheap used one will work). Wipe the hard drive with DBAN (Darik’s Boot and Nuke, takes several hours, completely wipes it unrecoverable. This doesn’t work for SSDs, only hard drives.) Then put a fresh install of your favorite Linux on the laptop. Then put your wallets on there, make encrypted backups to keep off site, THEN send your crypto to the new addresses.
Encrypt the drive at install with Linux, and encrypt the off-site backups with gpg. On Windows, use VeraCrypt for both.
Never add any other programs on this computer, and only ever go online with it to trade or buy.
Never add any other programs on this computer, and only ever go online with it to trade or buy.
Again: most hacks aren’t people coming in your computer’s back doors. Most hacks are bozos pretending to be you and getting some minimum wage phone help worker to not be smart, which isn’t hard.
Social engineering is stuff like where the thief calls the phone company, claiming to be you, saying you lost your phone, bought a new phone, and need to port the number to your new phone. “oh and by the way, can you lock my old phone in case some hacker found it.” lol.
Doesn’t take much info to do this, and a lot of times, those idiots from the phone company let you guess. Who the fuck remembers their phone pin login if they’re on vacation, for instance.
Lastly, DON’T KEEP YOUR CRYPTO ON AN EXCHANGE. BUY IT THERE AND IMMEDIATELY MOVE TO A WALLET ON YOUR COMPUTER.
Be smart. don’t lose your hodlings.
-=-=
Also: How to make paper wallets securely (ignore the “intentionally ugly as art to hide in plain sight” part sez Virgil Văduva, but the rest is very solid). More on making paper wallets securely.
You can make paper wallets with any coin where you can export the private key. DO NOT USE AN ONLINE SERVICE FOR THIS, AS THEY WILL HAVE YOUR KEY AND CAN TAKE YOUR COIN. Read both these articles linked here on how to do it on your own computer.
And yes, after you make a paper wallet, you can send more coin to the address.
MOST IMPORTANT: OWN CRYPTO QUIETLY. If you brag about your riches, you’re a target. For hackers, criminals & kidnappers (government and private).
-=-=
Feel free to copy and share this document, but leave this in please:
This is covered by the BipCot NoGov license: http://bipcot.org/
This allows use and re-use by anyone except governments and government agents. There are no government guns for violators, only shame.
-Michael W. Dean