During the crypto investment process, how to safely store and protect crypto assets?
In the volatile and risky crypto market, protecting your assets is crucial. This article is the first in a series of articles and videos sharing the most basic knowledge about asset protection for everyone, especially those who are new to their crypto investment journey.
Why is it necessary to protect your private key?
A private key or seed phrase can be considered a “password” to access assets in your crypto wallet. Here’s why it’s essential:
- Each crypto wallet address has only one unique private key or seed phrase.
- Anyone who possesses your private key or seed phrase will have full control and access to the assets in your wallet, allowing them to send assets, sign transactions, and more.
- If you forget, accidentally expose, or intentionally share your private key and seed phrase with others, you risk losing all access to the assets in your wallet.
Therefore, protecting and securing your private key and seed phrase is extremely important.
Some Methods of Private Key Attacks and How to Prevent Them
A user’s private key can be attacked through various methods such as dusting attacks, phishing, and malware.
Dusting Attacks
Dusting attacks occur when a developer:
- Creates and distributes a very small amount of tokens to each wallet address.
- Creates a smart contract that tricks blockchain scanners (tools used to look up transactions on the blockchain) into believing that a user’s wallet address owns a small amount of the hacker’s tokens.
When users see these unknown tokens, they might perform actions such as:
- Withdrawing these unknown tokens from their wallet to sell for money.
- Interacting to approve the transfer of these tokens from their wallet.
Based on these actions, hackers can track transactions, identify the owner of the wallet address, or withdraw all other tokens and coins in the wallet.
To prevent and ensure safety against dusting attacks, users should:
- Not interact with unknown tokens.
- If you still want to interact with unknown tokens, transfer your assets to another secure wallet before doing so.
- If unknown tokens appear too frequently, consider switching to a new wallet address, as this wallet may have been targeted by hackers.
coinrin is equipped with a feature to hide unknown tokens with very small balances or that are not yet listed, helping users reduce the risk of being attacked by dusting attacks.
Phishing Attacks
Phishing attacks occur when:
- Hackers create fake websites that mimic legitimate ones.
- They purchase fake domain URLs that closely resemble real domain URLs (e.g., replacing the letter “o” with the number “0”, or the letter “i” with the letter “l”).
- They acquire fake email domains and spam users with email templates that closely resemble official emails from legitimate services.
Users can have all their data and assets compromised if they:
- Visit and enter their private key or seed phrase into a fake website.
- Click on links within phishing emails.
To protect themselves, users need to be extremely cautious when visiting any website or clicking on any link.
Malware Attacks
Malware attacks involve the installation and spread of malicious software, viruses, etc., onto a user’s device. These viruses and malware can exist on any type of device, from Windows to macOS and Linux.
To prevent giving hackers control of their devices, spreading viruses, or installing malware, users should:
- Be cautious when clicking on unknown links.
- Avoid downloading pirated, cracked, or APK applications.
Should you use public Wi-Fi and free VPNs for crypto transactions?
Public Wi-Fi has many drawbacks, such as:
- Lack of firewalls or user protection mechanisms.
- Public Wi-Fi providers can scan data entering and leaving a device, putting users at risk of exposing their private keys or sensitive information.
Users should use 4G or private Wi-Fi when transacting or interacting with crypto.
Free VPNs often provide low bandwidth and speed but can still ensure user safety. Users can choose to use a free VPN or opt for a paid version.
Risk of Wallet Hacking When Interacting with Smart Contracts
Non-custodial wallets operate by:
- Requiring users to grant access to a certain amount of assets (e.g., 100 USDT, 200 etc.) to a smart contract to use the services that this smart contract provides, such as swapping or providing liquidity.
- Charging users a gas fee for each authorization.
=> Many protocols have offered “unlimited approve” services, allowing users to interact with the protocol freely without needing to authorize and pay gas fees too many times.
If you grant “unlimited approve” to fake websites, trade tokens with very low liquidity or high volatility, etc., you will face the risk of losing assets. Therefore, it is advisable to grant authorization with a moderate limit and frequently revoke authorizations granted to third parties.
Tips for Protecting Your Private Key and Seed Phrase
Store fragments in multiple locations
When storing your key on electronic devices like phones or computers, or in applications like Notes, Messenger, or Google Drive, you should:
- NEVER store a complete and accurate key in any single location online.
- Store fragments of the key in different places.
- Modify one or two words, or swap the positions of words within the 12-word seed phrase, following your own set rules.
By doing so, even if your private key is exposed, access to your assets will not be compromised. If your device is infected with a keylogger, it won’t be able to capture the complete key or know the location of the modified characters.
Use multiple wallets for multiple purposes
It’s recommended to use different wallets for different purposes, such as a wallet for long-term asset storage, a wallet for farming airdrops, and a wallet for short-term asset trading.
In addition, you should also occasionally switch wallets to avoid being tracked and to increase wallet security, as the old wallet may have interacted with malicious software or applications.
See more in the crypto asset security and safety guide series here.
