Tips for storing and protecting crypto from dusting, tampering, and malware attacks
During the crypto investment process, how to safely store and protect crypto assets?
In the volatile and risky crypto market, asset protection is extremely important. This article is the beginning of a series of articles and videos sharing the most basic asset protection knowledge for everyone, especially those just starting their crypto investment journey.
What is a private key? Why is it necessary to protect Private Key?
Private key or seed phrase can be considered a form of "password" to access assets in an e-wallet. In which:
· Each e-wallet address only has 1 unique private key or seed phrase.
· Anyone who owns the private key or seed phrase will have full control and access to the assets in the wallet, such as sending assets, signing transactions, etc.
· If you forget, accidentally reveal or intentionally share the private key and seed phrase with others, the user will face the risk of losing full access to all assets in the wallet.
· Therefore, protecting and keeping private keys and seed phrases safe is extremely important.
· Some private key attack methods and how to avoid them
· A user's private key can be attacked through many forms such as dusting, spoofing and malware attacks.
Dusting attacks occur when developers:
· Create and distribute to each wallet address a very small amount of tokens.
· Create a smart contract that fools blockchain scanners (blockchain transaction lookup tools) that the user's wallet address owns a small amount of the hacker's token.
When users see this strange token, they can do things like:
· Withdraw this strange token from your wallet to sell it for money.
· Interact to confirm (approve) the right to transfer tokens from the wallet.
· Based on that, hackers can track transactions, identify the owner of the wallet address, or withdraw all other tokens and coins in the wallet.
· Do not interact with unfamiliar tokens
· If you still want to interact with unfamiliar tokens, you should transfer assets to another secure wallet before performing the operation.
· If strange tokens appear too often, you should consider changing to a new wallet address, because this wallet may have fallen into the hacker's sights.
· Coin98 Super Wallet has been equipped with the feature of hiding strange tokens with balances that are too small or not yet listed, helping users reduce the risk of being attacked by dusting.
Phishing Attack occurs when:
· Hackers create fake websites that look like real websites.
· Buy a fake domain URL that is similar to the real domain URL (the letter o is replaced by a 0, the letter i is replaced by an l...).
· Buy fake mail domains and spam users with email templates that are similar to the official emails of the main services.
Users can have all their data and assets attacked by hackers if:
· Access and enter private key and seed phrase into the fake website.
· Click on links in fake emails.
· To prevent this, users need to be very careful when accessing any website, clicking on any link...
Malware attack is the installation and distribution of malware, viruses... on user devices. These viruses and malware can exist on any type of device from Windows to MacOS, Linux...
To prevent giving hackers permission to control the device, spread viruses, and install malicious code on their devices, users need to:
· Be careful when clicking on unfamiliar links.
· Do not download pirated, cracked or apk applications...
Should I use public wifi and free VPN to trade crypto?
Public Wifi has many disadvantages such as:
There is no firewall or user protection mechanism.
Public wifi providers can scan data coming in and out of a device, putting users at risk of revealing private keys or sensitive information.
Users should use 4G or private wifi when trading and interacting with crypto.
Free VPN usually provides low bandwidth and speed but still ensures user safety. Users can use free VPN or use the paid version.
Risk of wallet hacking when interacting with smart contracts
Non-custodial wallet works by:
Requires users to grant access to an asset limit (eg: 100 USDT, 200 C98...) for the smart contract to use the services this smart contract provides such as swap, liquidity provision...
Users pay a gas fee for each authorization.
=> Many protocols have provided an "unlimited approval" service, allowing users to interact with the protocol freely without needing permission or paying gas fees too many times.
If you grant "unlimited approval" permission to fake websites, token transactions with too low liquidity, large fluctuations... users will face the risk of losing assets. Therefore, you should grant limited permissions. moderately and regularly revoke third-party authorization assertions.
Tips for protecting private keys and seed phrases
1. Store each part in multiple places
2. When storing keys on phone/computer devices, or in applications such as Notes, Messenger, Google Drive... users should:
3. DO NOT store a complete and accurate key fragment anywhere in cyberspace.
4. Store each key part in many different places.
5. Correct one or two words, or swap the positions of words within the 12 characters of the seed phrase according to the self-defined rules.
6. If you do so, even if the user has this private key revealed, the user's right to access assets will not be lost.
7. If the user's device has a keylogger installed, the device will not know how the user entered the characters, and where the position of the character was edited.
Cloud Sync and Clear Clipboard of Coin98 Super Wallet
Coin98 Super Wallet provides 2 features: Cloud Sync and Clear Clipboard. In there:
Cloud Sync:
· One-way encrypt the private key of all user wallets, then save on Google Drive or iCloud.
· No one, not even Coin98 Super Wallet, can access this file except the user.
· If a user's Google Drive or iCloud is attacked, the attacker cannot decrypt the file containing the private key because this is one-way encryption.
Clear Clipboard:
· Erase short-term storage embedded in the user's device operating system.
· Avoid "Copy-Paste Heist" attacks, which occur when hackers illegally access data directly from the clipboard, stealing private keys and user assets.
· Users should have a habit of regularly clearing clipboard or clearing cache on their devices.
Use multisig wallet
Multisig wallet (Multi-signature wallet) offers many advantages such as:
· Requires two or more private keys to sign and send a transaction. If a multisig wallet is created from 3 private keys, the user can install 2/3 private keys to sign the transaction so that the transaction can be completed.
· Even if a user's private key is leaked, the user's assets are still safe.
· Some other safe asset storage solutions are hardware wallets, cold wallets, hardware wallets combined with Zen Card cold wallets... to help protect the safety of user assets, especially when they store assets long-term.
Use multiple wallets for multiple purposes
It is recommended to use multiple wallets for many different purposes, such as wallets for long-term asset storage, airdrop wallets, short-term asset transaction wallets... In addition, users should also occasionally change wallets. Use it to avoid being tracked and increase wallet safety because the old wallet may have interacted with malicious software and applications.
