Cryptocurrency wallets are hacked regularly. In March 2022, 65,000 wallets were affected by the Horizon bridge hack, and about 8,000 more Solana-based wallets were hacked in August. Losses amount to millions of dollars, and among them, hackers may get a little of your crypt.
To begin with, cold wallets are more suitable for storing cryptocurrencies. These are standalone wallets in the form of a USB device that are not connected to the Internet. To transfer cryptocurrency to them, you connect a USB flash drive to your computer. Hardware wallets have three levels of protection - a PIN, a secret password generated by an authenticator, and a seed phrase.
However, dealing with them is not as easy as with online counterparts. But still, no wallet can be impregnable.
Simple rules for storing cryptocurrency
1. Do not use the wallet in a working browser
When visiting sites in browsers, many vulnerabilities appear. There is a very high risk of catching a stealer - a virus that steals passwords. The virus does not manifest itself in any way, but when you enter the password from your wallet, a scammer can get access to it. If your wallet is browser-based, connect it to a separate browser that you don't normally use.
2. Don't use simple passwords
Cracking the qwerty12345 password is very easy. But Myfin$2022crYpto is almost impossible. The password must consist of a combination of uppercase and lowercase letters, numbers, and special characters. A password generator can help you come up with a secure option. And do not forget that you cannot use the same password in different wallets, accounts and applications. By hacking it, attackers will gain access to all your accounts.
3. Store your secret seed securely
The secret or seed phrase is the key to your wallet. This is a phrase of 12 or 24 random words that is generated when the wallet is created and never changes. The seed phrase is the main vulnerability of non-custodial wallets, because users themselves often lose it.
Approximately 20% of the total number of bitcoins (about 18.5 million BTC) are forever lost because their owners have forgotten the passwords and secret phrases from their wallets. However, access is handled differently in some wallets. For example, BITCASH can restore your access using biometrics (face photo).
Write down the seed phrase in different places, preferably in parts. For example, one part on paper and the other on a computer. Do not save the whole phrase on social networks, smartphones, etc.
Remember that no technical support will request it. Do not believe offers to participate in the distribution of money, for which you need to enter a secret phrase.
4. Do not connect your wallet to unknown sites
You can lose all assets on fraudulent sites - with the distribution of tokens, the purchase of NFT or staking at a high percentage. If you are not familiar with the site, then check its address, for example, on CoinMarketCap or Coin Gecko . Immediately add a suspicious address to the blacklist and send a complaint to the site where the dubious offer came from.
One of the high-profile phishing attacks happened in March 2022. Users received a massive letter allegedly from the MetaMask crypto wallet team. The letter demanded to confirm the wallet and enter your seed phrase, and it was reported that if the requirements were ignored, the account would be blocked. There is no data on the number of affected customers and the amount of theft.
In July, the Uniswap V3 protocol was subjected to a similar attack , more than 4.2 thousand ETH were stolen (about $ 4.7 million at that time). 74,000 exchange and crypto wallet users using Uniswap V3 received a fake UNI token in a mailing list. To exchange coins for native tokens, customers were asked to follow a fake link and thereby “transfer” confidential login data. Hackers gained access to the data of deceived users and deducted funds from their accounts.
5. Use two-factor authentication
2FA (two-factor authentication) is allowing access to a service through the correct code from another application. The code is regenerated each time it is needed to enter. Perhaps the most famous 2FA app is Google Authenticator.
6. Check the correctness of site addresses
It happens that you went to your favorite exchange or exchanger, connected your wallet, and in a moment saw that your crypto assets were gone. The thing is that the site address was written with one inconspicuous mistake
So in October 2022, hackers carried out a phishing attack through the Twitter account of the Gate.io exchange. They hacked the profile and posted a fraudulent tweet in the feed with a call to participate in the distribution of USDT for $500 thousand. To do this, they had to click on a fraudulent link. Only the most attentive could understand that this was a scam - instead of Gate.io, the link began with Gate.com. The attack did not last long, the exchange refused to comment on the situation, as well as the number of deceived users.
7. Use a second wallet
If you need to use an exchange, exchanger or other service, do not use your main wallet, where all the cryptocurrency is stored. For frequent transactions, it is better to use a second wallet. So you will spend a couple of dollars on a commission, but if it is hacked, then you will not lose all your savings.
8. Don't turn on the "Auto Verify" feature
Some wallets have this feature, for example, Phantom. The essence of its work is automatic confirmation of transactions to speed up work. You clicked "send" or "buy" once, and you do not need to confirm your action again. But scammers use this and you won’t even understand how your cryptocurrency was written off. You will be waiting for the transaction confirmation window, but it has already passed.
9. Don't touch unknown NFTs and other tokens in your wallet
If you see an incomprehensible NFT or very expensive tokens in your wallet that you didn’t send there, it’s better not to touch it. This can be a special smart contract, which spells out the rule that when selling NFTs, part of the funds from your wallet is sent to them in their pocket. Thus, your entire balance may miraculously disappear.