You've been asking me for a long time and finally I decided to write an ultimative thread on an advanced (and authorial, please note) cryptocurrency storage technology 😎
Read carefully, there will be only Spy-level trips 👇
1/X
Understand that all sorts of blockchain.info, TrustWallet, MetaM/\sk and other wallets are just interfaces.
2/X
Consider cold wallets, personally I do not trust Ledger or Trezor. There is a hardcore version BitLox Ultimate, which is literally stuffed with security-related features, lets the traffic through Tor, and has several levels of encryption: bitlox.com/products/bitlo…
3/X
Or an ascetic cold card which is a good choice for those, who love simple and clear mechanics. coldcard.com
4/X
Make a cold wallet yourself. For example, from an old smartphone. You can also make a cold wallet with Electrum and let all the traffic through Tor. Know AirGap weak sides.
Check what are you signing, if we speak about ETH L1 L2, never use your main cold storage for casual work, but if you have to, always check if there are no allowance approve (which allows to drain your wallet) or proxy behind which mentioned function may be hiding.
Never use your main cold storage and «Back Office PC» for casual work, but if you have to do it, use only open-source wallets like alphawallet.com, electrum.org, sparrowwallet.com
Accept as a fact that if the device falls into the hands of intruders, only custom capacitors can save your money (so that you can not get directly to the brains and read electric signals) and other things like self-destruction, epoxy, and so on.
11/X
That is, ideally, you can not allow physical contact in any case. You can use special logic bombs or logic gates, extra passwords that trigger some kind of security action, alert events on your address via tenderly.co or using 2/3 multi-sig.
12/X
One could also create a honeypot wallet and have a script that listens for tx originating from those addresses that alerts authorities, security companies and/or friends & family that you are under duress, perhaps even sending your location or last known location via GPS.
13/X
Always double check an address you've copied to the clipboard. There is an evil software existing which can replace an address in your clipboard to a very similar-looking address which has the same symbols in the beginning/end as your address.
Be aware of modern attack methods, carefully read step-by-step my Guide and a Compendium, you don't need a deep understanding of how hacks work exactly but that's important to know how does it looks like to be a victim:
Study threat modeling and establish all possible threats even if they seem crazy to you. Being suspicion is always a good thing. After all, fake news only works best with those who carry it to their acquaintances, becoming a kind of donor.
17/X
In the same way with attacks, very often you may try to be hacked through acquaintances, pretending to be acquaintances or acquaintances themselves. Always keep this in mind. This world is cruel and dangerous.
This guy used his real name and/or a phone number associated with his real identity. Bad OpSec and no Counter-OSINT been used… These techniques might saved him.
- Conduct an OSINT investigation against himself or hire an OSINTer
- All information that cannot be deleted by queries/abuse and complaints/attacks should be made unreadable by "obfuscation".
Gm fam 🙌 I see that you love my recent thread and today I would like to complete it a little bit and post 25 #OpSec tips from my Guide, in other words, let's look at the methodology from a slightly different angle.
This is the Author's methodology❗️
Different emails / different strong passwords. Store them in one place. Never use repeat passwords, especially for accounts with personally identifiable and sensitive information (e.g. Facebook, Gmail, AppleID, Twitter, banks/payments, crypto accounts).
This list does not include black hat hacks which involved user loss of funds, even if the funds are returned. There are other lists for that, including these lists:
There are three fun techniques for those who are constantly under attack.
One of them is to set up similar honeypots, IP loggers like “grabify dot link” and put a script for notifications.
👇👇👇
2/3
The second is to set up fake wallets, potential targets and name them tempting for the hacker. If you try to steal money from them (the hacker will probably notice them first), you can get a notification from @TenderlyApp or own script via SMS.