Apr 17, 2021

3 Biggest Crypto Security Mistakes

Crypto security starts and ends with you and your decisions. While scammers are always getting more inventive, here are the biggest mistakes you can make yourself. Learn how to avoid what always hurts the most - self inflicted-damage.

1️⃣ Trust people who tell you to send money somewhere

This is one of the most popular scams. Whenever you go on crypto social media someone friendly will pop up who is willing to help. Now it may be someone who is really willing to help, but more often than not it is a scammer. He will usually have one of two aims - to convince you to send your crypto to adress xyz or to get your account information under the pretence of veryifing or whitelisting it. The latter can involve you clicking onto some official looking website or link. The website will then steal your account or wallet access data. The scammer might also pose as support and ask to get remote access to your computer. This obviously never ends well.

While the scam might seem simple, a huge number of people fall for it every day. The easy solutios is to never accept any private messages about crypto from anyone you have not messaged earlier. No one from any support team or any other legit source will ever reach out to your unsolicited on their own.

Another version of this scheme is the „double your money“ scam. Someone famous, rich or both implies you to send him/her crypto promising to send you twice as much in return. This scam made it into the limelight during a major twitter hack, when criminals compromised a number of celebrity accounts and used them to harvest victims with the promise of double returns. However it is doing pretty well even with blatantly fake accounts, with some victims losing over $0,5m. Do not ever believe someone will give you a big amount of money.

2️⃣ Share your sensitive information

Crypto is like online banking. You have information which can be shared, and is actually available but you do not generally share it with everyone to avoid social phishing - like your crypto wallet number. And there is information which you never ever ever share with anyone else - like your passwords, wallet private keys or seed phrases.

Sounds easy, right? Well apparently not. There have been people, who have accidentally posted pictures containing some of the above. This has actually induced a reverse scam - fake pictures with such private details, hoping to induce greedy victims to get interested and lose money trying to break into the account.

Being sloppy with personal information is not restricted to individuals. We have lately seen a youtube video from an up and coming crypto trading bot project, which shall remain unnamed. The authors were showing how to connect the bot to a personal crypto exchange account. All the personal details were blanked out, it‘s just that the blanks appeared a split second too late. If you paused the video at the right moment you could read the login, identifying the owner of the account. Then a few screens later you could see the full API keys to the account, enabling easy third party access. We have reported the issue to the project team.

An older version of this scam was setting up websites for people to input private keys of their wallets. The pretence was checking whether the private key is already public and compromised, which is actually quite ironic. This is a play on legitimate sites where you can check whether your personal data has been compromised. The private key phishing websites are still there in the depths of the internet, waiting for victims. Don‘t ever share your password, private key or seed phrase in anywhere else than where you already use them. And always set up 2-Factor-Authentication anywhere you store any significant value.

3️⃣ Ignore suspicious signals

Our internet security is often interconnected. If someone gets access to your HBO GO account, they might check if the password works for your email as well. And if they get access to your email they might change a few other passwords and access your crypto accounts. These might be protected by text message 2FA, but what happens if the hackers also get access to your phone?

Whenever you notice any of your online accounts behaving in a strange way - passwords not working, emails disappearing, phone switching off, becoming locked out of accounts - alarm bells should go off in your head. It might be accidental or part of a scam designed to funnel away your crypto and / or fiat money. Ignoring this might mean losing everything. If you notice any strange signs, the proper reaction would be to check wherever possible if any new devices are logged into your accounts, change passwords, log out everywhere and log in again and establish 2FA by authenticator app rather than text message. The safest solution would be to have the authenticator app on a seperate device which is not connected to the internet, e.g. an old phone.