There is no universal solution for all occasions, but we will try to give tips that apply almost always. The specific implementation of the architecture should be planned based on your needs and risks. This article can be used as a checklist for verification.
Recommendations for organizing the storage of cryptocurrencies and tokens
Don't put all your eggs in one basket! Split your funds, and store those that you do not plan to use in the near future in a cold wallet. If necessary, there can be several cold wallets. For example, part of the funds will be in a hardware wallet, part in a multi-signature wallet, part in the form of a private key in a crypto container with a strong password. In case of real danger, you can even pass 1 or 2.
Separate computers for crypto. If you work with crypto-assets, which cost several times more than the cost of their storage facilities, then allocate separate computers that will not be used for anything else. It is better to surf the web, play games and edit sent documents on another computer.
Nothing extra. Wallet computers should not have any third-party software installed, not to mention Windows hacked with a crack from C001_][aker's. Only proven distributions from the manufacturer.
Fault tolerance. The biggest nuisance in terms of fault tolerance is hard drive failure. The remaining parts in the computer are usually replaced quickly and without any special consequences. In the case of hard drives, system fault tolerance is easiest to achieve using RAID arrays with mirroring. Roughly speaking, this is when two hard drives are installed, and write and read operations occur on them in parallel, and the system sees them as one disk. In this case, the increase in price goes to one hard drive; the raid controller can even be used built into the motherboard. The likelihood that both hard drives will fail at once is extremely small, and if any one fails, you insert a new one in its place and continue working. Some RAID controllers can do this even on the fly, without turning off the system.
Backup. You must be prepared for the fact that the most fault-tolerant system may become unavailable. Fire, thieves, special services, or just a cat peeing in the power supply and all the boards and hard drives will burn out, it doesn’t matter. This can happen. You must have up-to-date backups of all wallets. Moreover, they must be encrypted and sent to several places at once. To the cloud, to the mail, a flash drive in a safe, an archive in a smartphone, etc. Choose several options, better come up with your own, and use them. Create a backup schedule and stick to it. Periodically download one of the backups and check the availability of the information in it, that nothing has been broken, you remember all the passwords and are able to extract information from the backup.
Encryption and passwords. Accept as a fact that your computer, phone, flash drive, or access to your mailbox and other services may end up in the hands of criminals. At the same time, it is necessary to prevent an attacker from gaining access to wallets. If all your devices are securely encrypted and the passwords are not similar to Qwerty123, then at a minimum you will gain time to transfer assets to other wallets, and at maximum, obtaining devices and access will be useless for an attacker. Therefore, use encryption to the maximum, including on system partitions, smartphones, archives, and backups. Set passwords for loading and unlocking your smartphone. There should be no accounts on computers without strong passwords. On web services, use two-factor authentication where possible. Set strong and different passwords for all services and devices. It is advisable to replace them with new ones at some intervals.
Updates. Pay special attention to software updates. Often, attackers exploit errors in the update algorithm or disguise downloads of malicious software as updates. This has already happened with some cryptocurrency wallets, for example, with Electrum, when a message about the need to update was displayed, and a Trojan was downloaded. A simpler method is to display a window in the browser on a web page that supposedly asks you to update the browser. Sometimes this opens in a new pop-up window and tries as much as possible to copy the interface details of the real update window. It is clear that if the user’s consent is obtained, a Trojan will be downloaded to him. So only updates from official sites, and it is advisable to check them further.
Don't leave things unattended. Everyone understands everything about flash drives or a smartphone without a password. But in some cases, even a laptop can be hacked simply by inserting a device similar to a flash drive into the USB port. But in reality it will be a hardware HID keyboard emulator and a set of exploits. So in a Windows environment, after setting up all your devices, it is recommended to prevent automatic installation of drivers and devices by activating the “Prohibit installation of devices not described by other policy settings” policy.
What to do if a hack has already been detected?
Disconnect the attacked computer from the network, check what is stolen and what is not.
Transfer the remaining cryptocurrency and tokens to other wallets, and if necessary, create them on a clean computer. To speed up the process, you can create temporary addresses in the most famous web wallets.
Track where the coins went, perhaps these are services such as exchanges or online wallets. In this case, urgently write to their support about the incident indicating addresses, transaction hashes and other details. If possible, call, after sending the letter, call and use your voice to draw attention to the urgency of the situation.
Change all passwords from a clean computer, even those that are not directly related to wallets. The infected computer most likely had a keylogger that collected all entered information. Passwords must undergo at least 2 cleanings - temporary and a new permanent one. Passwords must be strong: long enough and not dictionary.
Back up all the necessary information from computers, smartphones and tablets that you don’t want to lose. Executable files and other files that could be infected should not be in the backup. Encrypt the backup. Make several backup copies to geographically dispersed locations.
Clear all flash drives and hard drives, reset the smartphone to factory default and configure everything again. If you plan to work in the future with very important information, or amounts that are many times greater than the cost of the equipment, then ideally it is worth replacing the entire hardware, since some types of Trojan programs can be registered in service areas on hard drives and are not deleted even when formatting, and also modify the BIOS on motherboards.
General safety recommendations
Phishing. Most often, websites of exchanges, online wallets, and popular exchangers are attacked. The leaders are myetherwallet.com, blockchain.com and localbitcoins.com. Most often, scammers register a domain similar to the one being attacked. They upload a harmless website or forum there. They buy advertising in search engines for it. As soon as the advertisements pass moderation, the site is replaced with a clone of the attacked site. At the same time, it’s not uncommon for people to start DDoSing. The user cannot get to the site, enters its name in a search engine, clicks on the first line in the search results without noticing that it is an advertisement, and ends up on a scam site that looks like a real one. Next, he enters his logins and passwords, and money from his account leaks to the attackers. Often even two-factor authentication, PIN codes, etc. do not help. The user will enter all this himself. Let's say, when you log in, you enter a code, the system will say that the code is incorrect, enter it again. He will enter the second code. But in fact, the first code was used to log in, and the second to confirm the withdrawal of funds.
Another example is delayed attacks. When you open a site sent to you that appears to be secure and leave the tab open. After some time, if there is no action on the page, its content is replaced with a phishing site that asks you to log in. Users usually treat previously opened tabs with more confidence than previously opened ones, and may enter their data without checking.
Also, in some cases, there may be phishing attacks on specially prepared public networks. You have connected to a public Wi-Fi network, but its DNS gives the wrong addresses to domain requests, or all unencrypted traffic is collected and analyzed for important data.
To avoid falling for this, do not turn off your vigilance, use additional checks and a more secure channel, more on them below.
Additional checks. For the most visited and important sites on a secure computer, detect several indirect parameters. For example, the issuer of the certificate and its expiration date. Alexa counter value or estimated traffic by Similarweb. You can add your own parameters. And when you visit websites, keep track of them. For example, if the certificate suddenly changed long before the old one expired, this is a reason to be wary and check the site additionally. Or, for example, if bitfinex.com used to show about 7 thousand points on the Alexa counter, but now it suddenly shows 8 million, then this is a clear sign that you are on a fraudulent site. Same with Similarweb metrics used by CDN, domain name registrar, hoster, etc.
Passwords. Don't use weak passwords. It is better to remember the most important passwords without writing them down anywhere. However, taking into account that it is better to set different passwords for all services and wallets, some of them will have to be stored. Never store them open. Using specialized "key keeper" programs is much preferable to using a text file. They are at least stored there in encrypted form, plus the data is automatically erased from the clipboard after use. It is better to use offline open source solutions.
Create some security rules for yourself, for example, even adding three random characters to written down passwords at the beginning. After copying and pasting where you need the password, delete these characters. Don't share password storage methods, come up with your own. In this case, even if the key holder is compromised, there is a chance that the attacker will not be able to use it.
Secure channel. To work more securely from public networks, it makes sense to make your own VPN server. To do this, you can buy a virtual machine from one of the hosters abroad; you can choose the location at your discretion. The average cost of a virtual machine is $3 - $7 per month, which is quite reasonable money for slightly more secure access to the network. You install your own VPN server on the server and allow all traffic from mobile devices and computers to go through it. Before the VPN server, all traffic is additionally encrypted, so they cannot poison your DNS, or obtain additional data from your traffic by installing a sniffer along its path.
Windows/Linux/Mac OS? The best operating system is the one that you can configure most professionally and work safely in. A well configured Windows is better than a poorly configured Linux. Security problems are found in all operating systems, and they need to be patched in a timely manner. However, the largest amount of malicious software is written under Windows; most often, users have administrator rights, and when probing the system, scammers first try to use exploits under Windows. Therefore, all other things being equal, it is worth choosing a less common and more security-oriented operating system, for example, one of the Linux distributions.
User rights. Give the user exactly as many rights as required to perform tasks. Do not sit under a user with administrative privileges. Moreover, you can further secure your wallet using limited user rights. For example, create two accounts, the first one has access to the wallet, but you cannot log in under it either locally or over the network. The second account can be used to log in, but does not have access to the wallet. To work with the wallet from under it, you must additionally launch it using the Runas command.
Antivirus. Should I install an antivirus or not? If the computer is connected to the network and is used for any other tasks other than storing cryptocurrency, it has the ability to connect flash drives or otherwise load malware - we recommend using an antivirus. If the computer is specially configured only as a wallet, security is tightened to the maximum everywhere, there is no extraneous software on the computer and there is no way to load it there, it is better to do without an antivirus. There is a small chance that the antivirus will send the wallet to the manufacturer’s company as a suspicious file, for example, or a vulnerability will be found in the antivirus itself. Although this is very unlikely, similar cases have already occurred and they should not be completely ruled out.
If you have installed an antivirus, keep the databases up-to-date, do not delete or “swipe” malware checks, pay attention to all alerts and periodically conduct a full system scan.
Consider the advisability of installing an antivirus on your smartphones and tablets.
Sandboxes. Create a separate virtual machine to view sent files. There is always a risk of receiving a document with a 0-day exploit that is not yet detected by the antivirus. Virtual machines have the advantage of fairly fast work with snapshots. That is, you make a copy of the system, run questionable files on it, and after finishing the work, return the state of the virtual machine to the moment when you had not yet opened the suspicious files. This is necessary at a minimum for subsequent safe work with other data.
Check addresses. When sending payment data to a secure computer, immediately before sending, additionally visually check the address and amount. Some Trojan programs replace the addresses of cryptocurrency wallets in the clipboard with their own. You copy one and the other will be pasted.
Environment. Please note that the primary attack may not be on you, but on your employees or your loved ones. Once in a trusted zone, it will be easier for malware to reach your assets.
Communication. Treat any messages during telephone conversations or correspondence as if they were definitely being read/listened to and recorded by third parties. So no sensitive data in clear text.
Better to be on the safe side. If you suspect that some wallets may have been compromised, then create new ones and transfer all funds from those that are suspicious.
Give out sensitive information less. If at a conference the presenter asks those who have cryptocurrency to raise their hands, you shouldn’t do this, you don’t know everyone in the room, and putting potential victims on the pencil is the first step in which you can help the attacker. Or, for example, there was such a case: one cryptocurrency owner took storage security quite seriously. But the attackers found out that he was selling a plot of land. We found one and contacted him under the guise of a buyer. During dialogues and exchange of documents, the attackers were able to plant a Trojan on the victim’s computer and monitor its operation for some time. This was enough to understand how the funds were stored and steal them. When selling a plot of land, the victim’s vigilance was clearly lower than when working with crypto-assets, which played into the hands of the attackers.
Conclusion
Remember that all the security tips given above are for the average attacker. If you are physically kidnapped and used thermorectal cryptanalysis, you yourself will give away all the addresses and passwords. Also, if special services with appropriate training are hunting you, there may be seizure of servers with cryo-freezing of RAM to seize keys, as well as physical seizure while working with an open channel to the wallet. And if you follow safety rules, do not break laws, or no one knows about you, then the likelihood of encountering such problems tends to zero. Therefore, choose the right protection methods depending on the level of your risks. Don't put off safety-related issues until later if you can do them now. Then it may be too late.
It is easier to prevent a fire than to put it out.