Four top tips for blockchain asset security | Kaspersky official blog
Credit to Author: Kaspersky Team| Date: Wed, 12 Apr 2023 08:34:43 +0000
Cryptocurrencies and other blockchain assets aren’t protected by bank guarantees or other “traditional” financial security measures. Therefore, investors need to take every possible precaution to protect themselves. Here are four key tips for storing cryptocurrencies securely and protecting other cryptoassets.
1. Expect scams
The variety of different cryptoassets combined with a lack of regulation makes crypto investing a prime target for scammers of all calibers. Crypto investors therefore need to exercise extreme care (with a healthy dose of paranoia) much more than when working with traditional finances.
What are the most common scams?
- Giveaway scams: super-profitable investments through an “investment fund”, “experienced manager”, “celebrity”, or “large investment firm”. Schemes differ: in some scams the criminals simply make off with the first payment, while in others they afford the victim a small profit — prompting further investment.
- Value inflation: investing in promising new coins or tokens. The value of the token constantly increases, but it’s actually impossible to subsequently cash out your investment.
- Romance scams: scammers find victims on Tinder or other dating platforms. After a long romantic correspondence, the conversation turns to the topic of investments… and then it’s business as usual, as in the first point above.
- Fake cryptocurrency exchanges or investment platforms: typical phishing schemes, except the scammers are phishing for cryptowallet details rather than credit card data.
Some scams seem like they came right out of the movies, like when $4 million in crypto was stolen in a face-to-face meeting.
Protection methods:
Always thoroughly double-check the validity of any firms, individuals or websites that offer to help you invest.
Don’t make any hasty decisions, and carefully study in-depth any new investment opportunity you come across. Fraudsters often rush their victims into acting before they realize what’s happening.
Ignore any unexpected offers. If you see a seemingly profitable crypto investment offer on social media, in your e-mail, or via an instant messenger, it’s highly likely a scam. Don’t waste time investigating every offer you see; simply ignore anything that you didn’t go looking for yourself.
Use anti-phishing protection on all your devices. Any site must be carefully checked to make sure it’s the real deal. Kaspersky Premium does this job for you, blocking visits to fake sites on both your computer and your phone. It’s important to make sure that all platforms are protected, as phishing scams are just as dangerous for Apple devices as for Windows or Android.
Use a reliable VPN. By itself, a VPN won’t protect you from phishing or fraud, but it will protect you from website spoofing and spying — especially useful when you’re working with your cryptoassets in cafes, airports, hotels and other places with public Wi-Fi. Kaspersky Premium includes a high-speed VPN subscription with multiple servers around the world.
2. Protect your computer and phone
Criminals don’t need to resort to social engineering to steal cryptocurrency or tokens. They can just as easily infect your computer or smartphone and then do their dirty work in various ways:
- Intercept wallet passwords entered on websites, or “hijack” the session directly from the browser. In this way, scammers can gain access to your accounts on cryptocurrency exchanges.
- Change addresses when making transfers in Bitcoin, Etherium or other cryptocurrencies. You’re about to make a payment, you copy the recipient’s wallet address to the clipboard, but then some malware changes the address just as you paste it. Since the wallet address is such a long combination of characters, it’s difficult to check it, and the switcheroo often goes unnoticed. As a result, the payment goes to another wallet at the last moment — and neither you nor the intended recipient can get it back.
- Install a miner on an infected computer that will put an additional load on your system and quietly mine cryptocurrency in the background. This is how hackers usually mine Monero, and it’s effective even on relatively weak computers. The earnings from such “cryptojacking” attacks are small but stable, and victims may not notice they’ve been infected for weeks or even months.
- Change the address of the wallet to which earnings are sent in a “legal” mining application. If you’re mining on your own, then all the cryptoassets you’ve accumulated through working your processor and graphics card to the bone might suddenly end up in someone else’s cryptowallet.
- Steal funds using fake or trojanized cryptocurrency apps. They look like the real thing, but they’ll steal your crypto at the first opportunity. The most recent example is games that offer players winnings in cryptocurrency.
Protection methods:
A comprehensive cybersecurity solution that can protect against the risks of crypto investing. It should include the following features:
- application behavior monitoring
- a malware detection rate of 99% or more
- special protection of password entry windows against interception (keyloggers)
- additional browser protection when visiting financial websites
- detection of remote access to the computer
- warnings about potentially dangerous applications
- automatic search for outdated versions of applications and their updates from official sources
All this is already included in a Kaspersky Premium subscription.
Strict hygiene for all devices on which you carry out cryptocurrency transactions. Only install apps from official sources (app stores). Avoid little-known apps with few downloads and reviews. Don’t use cracked versions of any software, as this is one of the main ways that criminals spread malicious applications.
Restrict access. Don’t allow children, household members or anyone else use computers or smartphones that you use to carry out cryptocurrency transactions. Password-protect your device and set it to automatically lock after a short period of inactivity. Use full disk encryption — like Bitlocker.
3. Create multiple cryptoasset repositories
Storing large amounts of cryptocurrency in online vaults or on devices connected to the internet (that is, in “hot” wallets) lets you quickly manage your funds but increases the risk of theft.
Investors who manage large amounts of cryptocurrency are advised to keep a small portion of their savings in a “hot” wallet for operational costs, and to move the rest of their funds to a “cold” wallet completely disconnected from the internet. It looks like a USB stick and is just as easy to use.
Ways to protect assets in a cold wallet:
Select a secure model of wallet by reading the search results for “brand model vulnerability” and “brand model security assessment”. Some cold wallet models are vulnerable to hacking.
Buy cryptowallets only from trusted sellers or suppliers. There have been cases of attackers creating fake cryptowallets of well-known companies and then selling them at online auctions or on message boards.
Only carry out wallet transactions on a personal computer you know is safe.
Make sure you store the wallet itself in a safe place, since losing it is equivalent to losing all your money. Don’t think just about theft; you should also consider risks such as losing the wallet accidentally, through fires or natural disasters. A safe deposit box or safe in your home are probably the most suitable storage options.
Create a long and unique password for your wallet. Make sure that nobody sees it and that it’s impossible to guess — but also impossible to forget.
4. Take care of passwords and keys
The biggest fear of any crypto owner is having the password or seed phrase for their cryptowallet stolen. To prevent this from happening, follow these rules for creating secure passwords.
Protection methods:
Use long and unique passwords for every site and service. Storing them in encrypted form in a password manager synchronized across all your devices is highly convenient.
Use two-factor authentication with a USB key or mobile app wherever possible. SMS authentication is best avoided because of the possibility of interception.
Regularly check if your credentials have been exposed on the web from hacking or third-party service leaks.
All of the necessary functions for this are already included in a Kaspersky Premium subscription, which also contains the password manager:
Password Check warns you if your crypto passwords have been leaked online or are easy to crack and you may be vulnerable to identity hackers. Besides this, passwords are checked for compromise — if there were other users somewhere in the world with the same password, and it was hacked, you’ll know that this password is no longer secure. At the same time, your passwords themselves are not sent anywhere, and for their secure verification, the SHA-256 cryptographic hashing algorithm is used.
Data Leak Checker checks and informs you if your accounts are leaking personal data, like passwords or crypto wallet credentials, on both the internet and dark web.
Identity Protection Wallet stores your sensitive documents such as your passport or crypto wallet seed phrase in encrypted format in the cloud to prevent identity theft, and syncs them with all your devices.
Secret Vault converts your sensitive data like crypto credentials into an unreadable format and protects it with a password. Your data is securely encrypted on your device hard drive (locally, not in the cloud).