The explosiveness and high dollar value of non-fungible tokens (NFTs) seem to prevent investors from increasing their operational security to avoid exploits, or hackers simply follow the money and use very complex strategies to exploit wallets collectors.
At least that was the case for me a long time ago when, after falling in love with a classic message sent to me on Discord, it caused me to slowly but too quickly lose my most prized assets. .
Most Discord scams happen in a very similar way when a hacker takes a list of members from the server and then sends them direct messages in the hopes that they take the bait.
WARNING: Several scams are happening on Discord tonight. QUESTION EVERYTHING. Before clicking on any links, double check who it is from and if it is legit. Then check 12 more times on Twitter via trusted sources.
—Farokh (@farokh) October 27, 2021
“It happens to the best of us” aren’t the words you want to hear in relation to a hack. Here are the top three things I’ve learned from my experience on how to double down on security, starting with minimizing the use of a hot wallet and simply ignoring DM links
A quick crash course in hardware wallets
After my hack I was immediately called back and I can’t repeat it enough, never share your seed phrase. No one should ask. I also learned that I could no longer give up security for convenience.
Yes, hot wallets are much more transparent and faster to redeem, but they don’t have the added security of a PIN and passphrase like they do on a hardware or cold wallet.
Hot wallets like MetaMask and Coinbase are connected to the internet, which makes them more vulnerable and susceptible to hacks.
Unlike hot wallets, cold wallets are applications or devices where the user’s private keys are offline and do not connect to the internet. Since they work offline, hardware wallets prevent unauthorized access, hacking, and typical system vulnerabilities that are likely to happen while online.
4/ USE A HARDWARE WALLET
A hardware wallet stores the keys to your primary device. Your device which might have malware, keyloggers, screen capture devices, file inspectors, which might also spy on your keys.
I recommend a Ledger Nano Shttps://t.co/LoT5lbZc0L
—richerd.eth (マ,マ) gm NFT.NYC (@richerd) February 2, 2022
Additionally, hardware wallets allow users to set up a personal PIN to unlock their hardware wallet and create a secret passphrase as an additional layer of security. Now, a hacker not only needs to know his recovery phrase and PIN, but also a passphrase to confirm a transaction.
Passphrases are not as well-known as Seed Phrases because most users may not use a hardware wallet or may not know the mysterious passphrase.
Accessing a seed phrase will unlock a set of wallets that matches it, but a passphrase also has the power to do the same.
How do passphrases work?
Passphrases are in many ways an extension of a person’s seed phrase, as they mix the randomness of the given seed phrase with the user’s personal input to compute a completely different.
Think of passphrases as an ability to unlock a whole set of hidden wallets in addition to those already generated by the device. There is no incorrect passphrase and an infinite amount can be created. This way, users can go the extra mile and create decoy wallets as plausible deniability to prevent any potential hacks from targeting a primary wallet.
This feature is beneficial for separating digital assets between accounts, but terrible if overlooked. The only way for a user to repeatedly access hidden wallets is to enter the exact passphrase character by character.
Similar to a seed phrase, a passphrase should not come into contact with any mobile or online device. Instead, it should be kept on paper and stored in a safe place.
How to set up a passphrase on Trezor
Once a hardware wallet is installed, logged in, and unlocked, users who wish to enable the feature can do so in two ways. If the user is in their Trezor wallet, they will tap on the “Advanced Settings” tab, where they will find a checkbox to enable the passphrase feature.
Similarly, users can enable the feature if they are in the Trezor suite, where they can also see if their firmware is up to date and their PIN installed.
There are two different Trezor models, Trezor One and Trezor Model T, both of which allow users to activate passphrases in different ways.
The Trezor Model One only offers users the option of entering their passphrase on a web browser, which is not the most ideal in the event of a computer infection. However, the Trezor Model T allows users to use the device’s touchpad to enter the passphrase or type it into the web browser.
On both models, once the passphrase is entered, it will appear on the device’s screen, awaiting confirmation.
The downside of security
There are security risks, even if it seems counterintuitive. What makes the passphrase so strong as a second authentication step to the seed phrase is exactly what makes it vulnerable. If forgotten or lost, assets are virtually lost.
Of course, these extra layers of security take extra time and care and might seem like a bit of a stretch, but my experience was a hard lesson in taking responsibility for making sure every asset was safe and secure.
The views and opinions expressed herein are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should conduct your own research when making a decision.
#NFT #DeFi #crypto #hacks #abound #Heres #double #wallet #security
Trading2 weeks ago
Pharma Co. Exec’s wife signs insider trading SEC settlement – Law360
Investment5 days ago
Time Series Data Reveals Insights to Inform Investment Decisions
Blockchain1 month ago
Top 20 Cryptocurrencies to invest In 2022 before you regret
Forex1 week ago
3 Israelis arrested for links to Forex fraud, face extradition to Italy
Blockchain4 weeks ago
Catheon Gaming partners with CyberStep to launch Onigiri on the blockchain
NFT1 month ago
Sports NFTs of the week