Doc's Daily Commentary

Mind Of Mav

The Ultimate Guide To Protecting Your Crypto In 2021

So, the market hasn’t been much fun lately.

Thankfully, that presents us with an opportunity to sow the seeds of success through learning and preparation.

Today, we’ll talk about one of the most important aspects of your cryptocurrency holdings: keeping them safe.

As the popularity of cryptocurrencies grows, so does the level of activity of cybercriminals who seek to steal crypto in any way possible, by launching phishing attacks, finding vulnerabilities in the source code, or impersonating people who work for companies to obtain confidential user information such as private keys, passwords, seed phrases, and more.

The biggest challenge in securing your crypto is considering the variety of attack vectors and layers of protection that are necessary to truly ensure your funds are safe. There are three primary layers of security to consider when protecting cryptocurrency funds:

Network : Are your private keys cryptographically secure? Is the blockchain secure from a network attack (like a 51% attack)?

Application :  Does a third party (exchange or app) control your crypto? How do they store their funds? How is your account login secured?

Real World :  Are you vulnerable to offline attacks? Is your computer/device secure and encrypted? Is your phone/2FA account safe from attacks? Have you provided recovery instructions to your beneficiaries in the event you die?

Navigating all of these issues can be very challenging, but the good news is there are a growing number of practices and tools designed to help users secure their coins. There are two crucial practices in particular every user should familiarize themselves with: self-custody and cold storage.

As a crypto holder and investor, keeping your crypto safe is all what you should care about and what your primary job should be. If you understand the risks and learn how to control them, you are set to succeed. Securing your crypto is not complicated but requires a bit of knowledge about how crypto wallets work and how they are used to store your assets. In simple words, when you own crypto, what you really own is a private key that is connected to your crypto on blockchain.

Being sloppy with passwords or sensitive information could get you hacked or become another casualty of phishing. Most people who lost their crypto shared/exposed their private key (something that should never be done) or if they kept their crypto on exchanges, they used the same passwords too long on too many accounts and maybe they didn’t have 2FA enabled as well.

So what should you do? Let’s take it step by step:

Email:

Email Providers: Use any reputable email provider with 2FA available (e.g. gmail, outlook, protonmail)

Two-factor authentication (2FA): This is probably the most important thing. Activating 2FA on your email accounts is crucial so nobody can access it even if they got your password.

The ideal would be to create an email specifically for crypto, and not use the regular email you are using for everything else and you are signing up in websites that can leak your data.

Look out for Phishing emails. Attackers pray on your emotions, you see this email and start to freak out and click the link without even thinking.

Step 1) Remain calm, before you do anything analyze the email. NEVER click on any links that the email has. Always go to your browser and type the official website by yourself.

Step 2) Check the sender and the email. Attackers will also try to mimic emails similar to the legitimate one.

Step 3) Check the language. Most of the times phishing emails are rushed and loaded with spelling errors.

Quick tips for emails:

Don’t trust email links.

Double check the address bar of login pages.

Many crypto exchanges allow an anti-phish banner that displays a code with their emails that you set

You can check haveibeenpwned.com to see what data breaches your email has been a part of. If your email shows up and passwords are listed on the data that was compromised, assume the worse and change the password and never use it again, along with any other accounts that use that password.

Passwords / PINs:

Do not use the same password everywhere.

Use strong secure passwords. Passwords managers make these easy to manage and generate passwords. This includes your phone and 2FA app, if you have a weak pin for your phone and someone takes it, remember your 2FA app is then available (if same pin, or no pin/pass set), your email is automatically signed in (same for other accounts auto signed-in), and they can access everything.

Password Managers: These work wonders when managing passwords securely. They generate random strong passwords which can be adjusted, and its all kept in an encrypted database file, so even if a attacker gets access to it, they won’t be able to access it without the password.

Don’t save passwords in your browser. There have been several leaks, bugs and issues on browsers.

Reputable Password Managers:

KeePass

BitWarden

LastPass

1Password

Two-Factor Authentication (2FA):

Enable 2FA on everything possible (Email, Exchanges, social media and every account or app that has any sensitive information).

NEVER use SMS authentication. Always use 2FA Apps like Google Auth ( with SMS disabled). SIM swap attacks are very common and this method is vulnerable.

Backup codes: When you activate 2FA on any account you should have the ability to generate backup codes, these are used incase you lose access to your phone or authenticator app (accidentally delete it or anything), you should treat these like your crypto private key / recovery phrases. It’s the only way to recover them.

DO NOT take pictures of your QR codes, if you screenshot it, might end up syncing somewhere you don’t want it to and if it ever gets compromised they have the ability to continually receive your 2FA code.

DO NOT sign up for your 2FA app or any crypto service for that matter using your work or school email address. You lose access to that email, then consider all accounts gone as you won’t be able to access the codes if you switch devices.

Crypto Wallets

Do not store your crypto on exchanges, especially significant amounts. Always own your keys and be your own bank. Hardware wallets are the most secure wallets.

Cold wallets (hardware wallets) will always be more secure than any hot wallets as they aren’t connected to the internet.

Verify the details you are confirming on your hardware wallet device. the wallet app interacting with your cold wallet device could be compromised (especially if you haven’t updated the firmware to the latest version), but you would still be safe using it, as long as you verify each action on the cold wallet device, and reject the transaction if anything seems off. There is known malware which replaces crypto addresses with an address owned by someone else. Before sending a transaction always check if the receiving address is correct.

Private keys – The most important thing

Always write down your private keys on paper or/and physical things, have many copies and have them in separate secure locations. There are also fireproof and waterproof devices, capsules, safes that can protect your private keys. Another great solution would be Safe Haven’s Inheriti.com, the first and only decentralized inheritance and backup platform.

NEVER write/save them online or on devices like phone or PC or on cloud.

Private keys should always remain private and known only by you. NEVER share them with anyone or type them on any website that promises you giveaways etc.

Browsers:

The top 3 Browsers built for privacy are Firefox, Epic and Brave (if we’re not counting Tor)

The best Search Engine for privacy is DuckDuckGo.

Extensions: One of the most dangerous threats that aren’t taken seriously are extensions. These can start out legitimate, then through an update turn malicious. Especially if you are using online/browser wallets like metamask and you copy-paste your words or anything similar, the extension can steal your copied data. After an extension turns malicious it might be removed from the webstore, but not your browser. Some will be removed the store due to not being supported anymore which means no more updates, and no more updates means vulnerabilities that won’t be fixed If you have Google Sync activated. These extensions will also sync to all those devices. Remove any extensions you don’t need, check to see if they are still available on the store, and even search them to see if some security articles top up about it. Check the privacy practice tab of the extension to see what data it collects.

Phone:

Always update your phone everytime there is an available update.

Never store critical and sensitive data on your phone.

Unique pin / password for the phone.

Be careful on what you click and download.

Avoid apps you don’t need or that may be dangerous.

Download VPN / be aware of the wifi you are connecting to.

Be aware of phishing.

Seriously: Be aware of phishing. Always suspect a random phone call or text is a scam.

Call your service provider and see if they can lock your SIM card and prevent SIM swapping.

Other General Safety Tips:

Harden your PC (This guide is for Windows 10, but can translate to other OS) Update OS and any software whenever there is an available update. Everything you download is an attack vector.

Whitelist addresses on exchanges (Some exchanges allow you to designate a address as ‘safe’ any other transactions besides those won’t go through).

Don’t disclose your crypto holdings and earnings publicly – online.

Don’t access your crypto (exchanges or online wallets) on computers that do not belong to you and might not be trusted.

Don’t answer PMs from people that ask you about crypto or they pretend to be investors or advisors that can help you earn money.

 

Actual hacks in the crypto world are rare, and the most common ways to steal cryptocurrencies are phishing and fraud. Often, users themselves provide private information, not suspecting that there is an thief in front of them.

That why security isn’t a chore, it’s an opportunity.

We often find good security measures to be a burden, but the better mindset to have is one where you view security as an opportunity to bring yourself peace of mind in an uncertain and turbulent world. Whatever you chose, think critically about your threats and ensure that you aren’t the reason that your cryptocurrencies suddenly vanish.

Stay safe.

 
 
 
 
 

The ReadySetCrypto "Three Token Pillars" Community Portfolio (V3)

 

Add your vote to the V3 Portfolio (Phase 3) by clicking here.

View V3 Portfolio (Phase 2) by clicking here.

View V3 Portfolio (Phase 1) by clicking here.

Read the V3 Portfolio guide by clicking here.

What is the goal of this portfolio?

The “Three Token Pillars” portfolio is democratically proportioned between the Three Pillars of the Token Economy & Interchain:

CryptoCurreny – Security Tokens (STO) – Decentralized Finance (DeFi)

With this portfolio, we will identify and take advantage of the opportunities within the Three
Pillars of ReadySetCrypto. We aim to Capitalise on the collective knowledge and experience of the RSC
community & build model portfolios containing the premier companies and projects
in the industry and manage risk allocation suitable for as many people as
possible.

The Second Phase of the RSC Community Portfolio V3 was to give us a general idea of the weightings people desire in each of the three pillars and also member’s risk tolerance. The Third Phase of the RSC Community Portfolio V3 has us closing in on a finalized portfolio allocation before we consolidated onto the highest quality projects.

Our Current Allocation As Of Phase Three:

Move Your Mouse Over Charts Below For More Information

The ReadySetCrypto "Top Ten Crypto" Community Portfolio (V4)

 

Add your vote to the V4 Portfolio by clicking here.

Read about building Crypto Portfolio Diversity by clicking here.

What is the goal of this portfolio? 

The “Top Ten Crypto” portfolio is a democratically proportioned portfolio balanced based on votes from members of the RSC community as to what they believe are the top 10 projects by potential.
 
This portfolio should be much more useful given the ever-changing market dynamics. In short, you rank the projects you believe deserve a spot in the top 10. It should represent a portfolio and rank that you believe will stand the test of time. Once we have a good cross-section, we can study and make an assessment as to where we see value and perhaps where some diamonds in the rough opportunities exist. In a perfect world, we will end up with a Pareto-style distribution that describes the largest value capture in the market.
 
To give an update on the position, each one listed in low to high relative risk:
 
SoV/money == BTC, DCR
Platforms == ETH, XTZ
Private Money == XMR / ZEC / ZEN
DeFi == MKR / SNX and stablecoins
 
It is the most realistic way for us to distill the entirety of what we have learned (and that includes the RSC community opinion). We have an array of articles that have gradually picked off one by one different projects, some of which end up being many thousands of words to come to this conclusion. It is not capitulation because we all remain in the market. It is simply a consolidation of quality. We seek the cream of the crop as the milk turns sour on aggregate.

Current Top 10 Rankings:

 

 

Move Your Mouse Over Charts Below For More Information

Our Discord

Join Our Crypto Trader & Investor Chatrooms by clicking here!

Please DM us with your email address if you are a full OMNIA member and want to be given full Discord privileges.