These days, online scammers and hackers have become ruthless and they leave no mercy when it comes to stealing funds from other people’s Crypto Wallets. It’s surprisingly very easy to become a prey to these hackers and scammers and one small mistake or one single careless link clicks may end up leaving your entire Crypto Wallet at risk of being stolen.
However, if you just take some good precautions, which includes using Two Factor Authentication, Using Strong Passwords, and Storing your Private Keys and 12 Word Secret Seed Phrase is a Physical Hardware Device, you can prevent unfortunate theft and increase the level of security on your Crypto Wallet. But that’s not enough to be fully protected, as there are still many ways by which hackers and scammers can steal your funds from your Crypto Wallet. This includes using non-custodial wallets, or being a prey to Phishing attacks that done by these scammers and thieves. These attacks are done in such a subtle manner, mostly through emails, social media or even Google Ads where users are taken to a fake Crypto Website of their Crypto Wallet. Most common Crypto Wallets are Coinbase, MetaMask, and Trust Wallet, and what these hackers do is they direct the users to a copy of these Crypto Wallet sites that look exactly like the real site, but have a different URL. Victims are then asked to not only enter their passwords but also they private keys and the 12 Word Secret Seed Phrase. Not only do these sites get access to the users password but also their private keys and the moment, these hackers have it, users lose their entire funds. This is real and it’s been happening on the internet for a very long time, where in one case, users are taken to a fake Amazon website, where they are baited using a “Too good to be true Amazon Offer” and users can only claim the offer after entering their Credit Card details.
As dangerous as it sounds, we as users have to be very careful on the internet and today in this article, we hope to help and educate you on how you can protect your Crypto Wallet.
Protecting your Crypto Wallet
1. Always use Custodial Wallets
In the world of Cryptocurrencies, there are two kinds of wallets.
- Custodial Wallets
- Non-custodial Wallets
Traditionally, Non-Custodial Wallets first came into existence where the users were solely responsible for storing their private keys and maintaining their security for their wallet. This means, if the user forgot his private keys, he would lose all of his funds and there was no possible way for him to recover his funds. This was during the time when Bitcoin was in it’s early stages, probably between $4 – $30 and when everyone just used non-custodial wallets. Users had to store their keys locally in a physical device such as USB stick, Steel Units or write those keys on a piece of paper and store it locally.
On the other hand Custodial Wallets are those where the Private Keys of the user wallet was stored or handled by a third party Crypto Company. These companies allowed users to create Crypto Wallets on their site and users and can use their Crypto Wallet service for storing their funds in their app. This doesn’t mean that, these companies know what your private keys are. You are still responsible for storing your private keys, however, there is a layer of security on your Crypto Wallet as you can set a Strong Password, Enable Two-Factor Authentication and it’s not possible for Hackers to hack these Crypto Wallet Companies.
These companies will never ask your private keys unless, if you need to recover your account, incase if you forget your password.
Always use Custodial Wallets unless if you are 100% sure that you will be able to protect your Crypto Wallet using a Non-custodial wallet. As for using a Non-Custodial Wallet, if the hacker hacks your computer, there is a high possibility that he can also get through your Crypto Wallet. That is if you store your Seed Phrases and Keys on your PC.
With Custodial Wallets, even if a hacker hacks your PC or Computer, he needs to get access to your Login Information to your Crypto Wallet and get hold of those Seed Phrases. This means, if you enable 2 Factor Authentication on your Custodial Wallet, it’s impossible for the hacker to get past the Login page, unless he has your phone.
In most cases, you will be immediately alerted by the Wallet company that someone has failed to get pass the 2FA and this alone provides a single layer of protection for your Crypto Wallet.
However, this is just one case, as there’s more.
2. Using a Strong Password and Enabling Two-Factor Authentication.
We all know the rule that using strong passwords is very important and for Crypto wallets that have over $100,000 of funds in them, it’s a not a good thing to set a weak password. Weak passwords today can easily be hacked using a Brute Force Attack.
Brute Force Attacks are essentially done when Hackers try to figure out the login information of the Crypto Wallet by using a software that keeps trying different password combinations until the software figure’s out real one. For Non-Custodial Wallet, this can be a big problem but for Custodial Wallet, you will be immediately notified by the company that there has been a Failed Login Attempt on your Crypto Wallet. This is an issue you may not be worried about if you are using Crypto Wallets like MetaMask, Coinbase and Trust Wallets and these wallets are already highly secure.
However, in case if the Hackers gets to your PC and somehow, get’s access to your Login Details, you can always turn on the option for Two-Factor Authentication. By doing this, you will the hacker will not will able to get past your login page because he can only do that, if he gets access to your phone. This is one of the best ways initially add a strong layer of security to your Crypto Wallet.
But today, even with 2FA enabled, hackers can still get access to your Crypto Wallet if they get hold of your Private Keys and 12 Word Secret Seed Phrase.
3. Store your Keys and 12 Word Secret Seed Phrase Locally so Called Cold Storage.
Cold Storage is essentially when you store your 12 Word Secret Seed Phrase and Keys inside a Cold Wallet that normally comes in the form of a Hardware Wallet. These days, however it’s really easy to lose Hardware Wallets, especially when they are of a size of a USB stick. I have personally lose several of my own USB Drives and Memory cards and unfortunately, I’ve never found them.
However, today, there are companies like BillFlod who are creating Hardware Devices like these.
This is essentially a steel unit in the shape of a credit card that stores your 12 Word Secret Seed Phrase. You have to manually enter those words in that Steel Card and you can easily store it inside your actual wallet. As what most people do is they write down the 12 Word Secret Seed Phase on a Piece of Paper and most of the time, they lose it.
For Wallets that have less than $5000 worth of funds, it’s not a big deal to lose those funds. However, for Crypto Wallets that have over $100,000 worth of Crypto Currencies, losing the 12 Word Secret Seed Phrase may mean losing your entire account balance. Especially, if you happen to lose your password as well.
Just recently there was case of theft in the Crypto Community, where EasyFi CEO got Hacked for Over $80 Million in MetaMask Attack. According to EasyFi CEO – “My computer was compromised, and Metamask was altered from the disk.” Essentially, what happened was the hacker compromised the Metamask browser extension by hacking into his computer. After hacking the computer, a fake MetaMask Popup was used that asked for the users “Private Keys and 12 Word Secret Seed Phrase”. The hacker using those keys, stole over 2.98 Million EASY tokens worth $75 Million.
As you can see, the 12 Word Secret Seed Phrase is so important and it should never be entered into any website even if it is MetaMask or Coinbase itself.
There are only two scenarios when you should enter the 12 – Word Secret Seed Phrase:
- When you are Importing your Wallet into your Mobile
- When you have lost your Password and you are trying to recover your account.
Additionally, the 12 Word Secret Seed Phrase must never be used for these purposes:
- Logging into your Crypto Wallet, you always use your password.
- Signing contracts.
- Buying and Selling Crypto or Sending and Receiving Crypto currency.
If you ever find yourself in such situations where the Website asks for your Seed Phrases and keys, you can be sure that, you are not in the right website and entering your details may lead your Crypto Wallet at risk.
4. Consider Using Two to Three Wallets & Split your Funds
It’s always a very good option to use two wallets instead of one and diversifying your funds across these two wallets. As if you have just one wallet and if you put all of your money into just one wallet, you are at a huge risk and if you lose your wallet, you may end up losing your entire funds incase if you get hacked.
What you should do?
You can create two even three wallets and split the funds according to your needs. For one Crypto wallet, you can just store enough funds that you need in order for you to carry out your daily or yearly Blockchain activities. This can include, buying and selling Crypto Currencies, Buying Non-Fungible Tokens or NFT’s, Connecting with Different Blockchain Platforms and using the first Crypto Wallet as the daily driver. This Wallet may be connected to all of your Crypto Applications and Networks. While, this wallet also has the least funds.
Your second wallet is sort of like the “Current Account”. It is only used to fund your first wallet for daily activities while it may also have good amount of funds stored in it. This is the wallet that you occasionally touch and use and you only use the wallet to fund your first Wallet. This wallet should also never be connected to any apps, or must never be involved in any blockchain activities besides sending or receiving funds.
The third wallet is like the Fixed Account or Savings Account. You hardly touch or use the Third wallet and this is the wallet that is highly secure. To a point where you rarely even login into your Crypto Wallet. You only use it to store your Funds and you don’t even buy Cryptocurrencies from this account. This wallet also must not be connected to any blockchain activities and is only used for storage.
By doing this, you can really protect your funds and increase the level of security for your Crypto Wallets. Because if a hacker finds out that you have over $1 Million dollars worth of Cryptocurrencies on your Crypto Wallet, there is a high chance that he will try to hack your computer or PC. The first thing that he will try to do is to learn and study your activity on the Crypto Community and Network. So, even if he does enter your PC and hack your Crypto Wallet, he won’t be able to steal your entire funds because your main Account will completely be hidden.
WAYS BY WHICH YOUR CRYPTO WALLET CAN BE HACKED
Phishing is essentially when hackers try to steal your details by requesting login information from users through fake emails, cloned websites or even from Social Media where the users are directed to a link that can possibly ask your login details or even more advanced hackers can steal your login information, the moment you click on those links.
How to Protect yourself from Phishing?
Phishing attacks are hard to avoid, especially, if you aren’t aware whats happening on the internet. Most of the elderly citizens are very prone to Phishing attacks and they unknowingly click on links and enter important information that hackers easily steal.
Phishing can be avoided by:
- Double-checking Websites that you enter. Many times, there have been cases of cloned Amazon sites, and in our case, Clone Crypto Wallet Sites, where users are frequently being victim to getting their login details and Private keys being stolen. Always double check the website that you are entering and check the spellings. Here is a YouTube Video by The Bitcoin Express, where he explains about Cloned Crypto Sites and how hackers steal Login information really well. Definitely check his video and it is really informational and helpful.
- Don’t click links from unwanted Emails. Most common methods for hackers to do Phishing attacks is through Emails. They will send you an email that is highly related to your social media activity or your personal hobbies and the email may come with an offer that directs you to an unknown website where you are asked to enter your credit card details. In the similar manner, even in the Crypto Community, such things happen and many have fallen into these Email Traps.
- Company Impersonation: Many times hackers impersonate a Crypto Company like MetaMask or Coinbase and they can send you emails informing you that they are from the support section. Impersonations can come in these forms such as “[email protected] or [email protected]“. These email addresses looks too good to be true and they can send you emails like “Protect your Crypto Wallet” in the email “Add an Extra Layer of Security, Login into your account and update your Private Keys – click on this link”. As you can see, the email itself looks so smooth and real and many of the people who don’t know about Phishing Attacks may click on those links, enter their private keys and end up losing their Crypto Wallet.
Malwares are used by hackers to install unwanted hacking applications on the victims computer that gives control access to the users computer. By doing this, hackers will have full control of the victims computer and they can even track and watch the activities that the victim is doing on his computer. Most of the time, these Malwares are in the form of a fake application that the user intends to download. They may think that they have downloaded the real application or program and it may function like the real program but, they don’t realize that, additionally, there is a malware installed that tracks his computer.
How to protect yourself from Malwares?
- Malware’s are usually send through emails, cloned websites where downloads are required and even in social media. One should check what they are installing on their computer. Many times, users go to MetaMask and download the Chrome Extension. However, they download it from the wrong website. The moment they download, they have installed a Malware inside their computer that gives control to the hacker.
- When Installing different programs on your computer, check the website that you are downloading from. You never know if you are in the hackers hacking plan and at first, the hacker may just install a Malware on your Computer just to study your activity and after he has gathered his information about you, he may proceed to the second phase where he plans on to direct you to another offer that steals your Login information.
- When opening different Websites or Crypto sites, many times, the site tells you to accept something. This usually happens on smartphones when the users are prompted to accept something when they enter a website. Most of the time, users unknowingly press “Accept” without thinking or reading the text. And if it is a Malware Attack, most of the time, the Accept button is not the accept button but actually the “Install” button thats hidden behind. This way hackers install an application on your phone that gets them full control. This is also the reason why whichever site I enter, I never click on those Accept or Block link even if it is a legitimate website.
Lastly, your 12 Word Seed Phrase is the most important Key that you want to protect. Never give it to anyone or any website, even if it is MetaMask who is asking for it. As one should only use these 12 words for account recovery purposes.
By doing and understands the tips above, you will have a strong layer of protection for your Crypto Wallet. I am also researching on Cyber Security and Security for Crypto Wallets and Blockchain Applications so be sure to follow my blog as I will write more content on such topics.
Till then, stay safe and stay home!.