With #Crypto #Phishing attacks at an all-time high, here are some of the most pertinent prevention methods for ensuring robust #security of your personal assets.
2/ Storing on-chain cryptoassets on an Enterprise Grade Custody Solution:
An EOA secured by one hardware wallet is highly vulnerable as hackers can insert a false @MetaMask browser extension allowing them to approve unintended transactions.
An EOA secured by one hardware wallet is highly vulnerable as hackers can insert a false @MetaMask browser extension allowing them to approve unintended transactions.
3/ A multi-signature wallet like @gnosisSafe, secured with several hardware wallets, is the best alternative. I highly recommend utilising next level custody solutions like Fireblocks, Copper, Qredo etc. As they come with native multisig 2FA for transaction approval.
4/ For small businesses: Exercise extreme due diligence in hiring remote teams, especially software engineers/developers.
5/ Have dedicated computers for crypto transactions. Ultimately you should have dedicated computers solely reserved for executing #Crypto transactions that do not interact with any emails, internet links, messaging apps, opening word documents, PDFs etc.
6/ Implement 2FA for all sign-in: This is non-crypto specific but is crucial nonetheless. #Cloudstorage, Emails, Messaging apps like @telegram should all have 2FA for logins, do not use SMS 2FA and use @Google authenticator instead.
7/ Whenever possible, a hardware 2FA like YubiKey should be used. Apply to both company and personal accounts.
8/ Bookmark your commonly used crypto #Dapps website. From time to time, phishing websites are being served out by search engine apps. If not careful during the search, you may end up accessing a phishing site. It will be better to access them through your bookmark list.
9/ Implement an address monitoring system: Internal crypto wallet addresses should be monitored closely, allowthe team to take unauthorized transaction, the team can be made aware immediately and take action as soon as possible. Both #Etherscan and @nansen_ai have such solutions.
10/ Regular #cybersecurity training for team members: All team members should be required to go through cyber security training for their on-boarding, this is something that tends to be neglected as the organization grows.
11/ Improve phishing and spam email detection by properly configuring your DNS setting for your email. Use hard fail or strict mode where possible for SPF, DKIM and DMARC
12/ Trust the browser and not the website. Any content below the browser bar should be deemed insecure and can be a potential attack vector. Some DApps may pop up a window to ask you to login into your crypto extension wallet if you are not logged in. Do not type your password in
• • •
Missing some Tweet in this thread? You can try to
force a refresh
