Reddit Posts
Don't be stupid. Don't become a statistic. Be safe than sorry. MUST dos.
Daily Discussion - January 2, 2022 (GMT+0)
Erased Old Phone before Transferring Google Authenticator. How can I fix this?
Climb Everest Coin - Climbing to $29,032 [Market Cap under $1k!]
Daily Discussion - January 1, 2022 (GMT+0)
Cell Phone Unauthorized Phone Number Port- Crypto Theft Attempt
🚀 Baby Tiger INU 2022 Launched - Grab Your BAG 🚀 | 🔥 HOT CMS Icoming 🔥 | 💰 2K MC 💰 | 🌟 Telegram Calls + Shilling + Twitter Shilling 🌟 | ✔️ Audit Confirmed ✔️ | 💸 Top Holder Free NFT 💸 | 🎁 NFT + BTI-2022 Giveaways 🎁
🚀 Baby Tiger INU 2022 Launched - Grab Your BAG 🚀 | 🔥 HOT CMS Icoming 🔥 | 💰 2K MC 💰 | 🌟 Telegram Calls + Shilling + Twitter Shilling 🌟 | ✔️ Audit Completed ✔️ | 💸 Top Holder Free NFT 💸 | 🎁 NFT + BTI-2022 Giveaways 🎁
🚀 Baby Tiger INU 2022 Launched - Grab Your BAG 🚀 | 🔥 HOT CMS Icoming 🔥 | 💰 2K MC 💰 | 🌟 Telegram Calls + Shilling + Twitter Shilling 🌟 | ✔️ Audit Confirmed ✔️ | 💸 Top Holder Free NFT 💸 | 🎁 NFT + BTI-2022 Giveaways 🎁
🚀 Baby Tiger INU 2022 Launched - Grab Your BAG 🚀 | 🔥 HOT CMS Icoming 🔥 | 💰 2K MC 💰 | 🌟 Telegram Calls + Shilling + Twitter Shilling 🌟 | ✔️ Audit Confirmed ✔️ | 💸 Top Holder Free NFT 💸 | 🎁 NFT + BTI-2022 Giveaways 🎁
🍀 Lucky Coin 🍀 | 🚨 Presale Is Live On DXSale | ⚙ Multi-Product Ecosystem | 100K Initial MC | 🔐 Liquidity Locked | 💰Get Paid To HODL | 🔁 4% Reflection | 💱 8% Tax
Daily Discussion - December 31, 2021 (GMT+0)
Do you use SMS 2FA? If so, your funds are at risk. Crypto security
MAMA DAO - OHM fork on Polygon with small market cap and huge upside. High risk degen play. Not FA. DYOR. (Website: mamadao.co)
GalaPlay rewards you 12% GALA tokens! Just Fair Launched A few days ago. Great entry point before huge marketing incoming! 1000x moonshot this one! Dont miss it!
Fotostak👥 Decentralized social network🌟Buy NFT with Fotostak and NFT Marketplace 🎁Total supply 100million🚪Launched today
Daily Discussion - December 30, 2021 (GMT+0)
My Best Attempt to Give an Objective Perspective on Crypto.com
Battle for the Ocean | Stealth Launched on BSC Network 5 hours ago | Holding strong at 35k Mcap | Mini-Game platform | Our own save the ocean Game | Great Marketing plans | And a lot more coming!
Friendly reminder to use cold wallets and 2FA : What Is the Log4j Flaw, and How Does it Affect You?
Real Phishing Attempt and Security Advice
Real Phishing Attempt and Security Advise
Daily Discussion - December 29, 2021 (GMT+0)
Will 2FA apps ever stop working on old devices?
The truth is, for a lot of people, leaving their coin on a big CEX is the best solution.
Daily Discussion - December 28, 2021 (GMT+0)
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
I got hacked for 72k. I think im done with crypto.
Hide your moons in a burner vault that has never received distributions
Daily Discussion - December 27, 2021 (GMT+0)
ShibaFlokiRise | Just Launched 🚀 We are going to the Moon! ✔ Great team and amazing community! - Join our great community | 📉 Very small MarketCap | 💣 Big potential good marketing strategy!
Some of you guys that have 10k+ Moons and don’t have 2FA turned on are absolutely insane.
Lost my 2FA Codes - My experience with getting my accounts reset (Binance, Kraken, Coinbase, Celsius, Nexo)
Just got hacked for 72k. I think im done with crypto.
Daily Discussion - December 26, 2021 (GMT+0)
Google Authenticator app susceptible to malware attacks /// How hackers can use message mirroring apps to see all your SMS texts and bypass 2FA security (link in the comments)
There is a Better and Cheaper Way to Hide Your Crypto Keys by Spankmyhairyasss
FalconFire Stealth Launched! 🚀 | 🔥 Renounced & DXSale Audit Locked 🔥 | 💰 1,2K MC 💰 | 🌟 Marketing Incoming (4Chan + Telegram Calls + Shilling & More) 🌟 | ✔️ Audit KYC Incoming ✔️ | 💸 BuyBack at 10K MC 💸 | 🎁 Ton Of Giveaways! 🎁 Ever Investment Goes for an actual design clothing
FalconFire 🚀 | 🔥 Renounced & DXSale Audit Locked 🔥 | 💰 1,2K MC 💰 | 🌟 Marketing Incoming (4Chan + Telegram Calls + Shilling & More) 🌟 | ✔️ Audit KYC Incoming ✔️ | 💸 BuyBack at 10K MC 💸 | 🎁 Ton Of Giveaways! 🎁 Ever Investment Goes for an actual design clothing
Some tips to help you avoid getting scammed
If you got a new phone for Christmas, use your old one as a wallet.
Question about Microsoft Authenticator backup
Daily Discussion - December 25, 2021 (GMT+0)
$BRAH |💎 Meme Token 💎 | 💻 Based Dev 💻 | 📄 Reviewed by RugDoc 📄
Privacy tips for someone joining a crypto trading platform?
Daily Discussion - December 24, 2021 (GMT+0)
Daily Discussion - December 23, 2021 (GMT+0)
Protect your Investments - Basic Security Tips
What’s the most you’ve won in a Crypto.com mystery box?
Verizon App Manager is a vector for malware. Add 2FA and biometric security to all your wallets and exchange apps... and buy phones directly from manufacturers!
Daily Discussion - December 22, 2021 (GMT+0)
My binance account got hacked, I don't know what to do
Stay safe, the internet is a scary place once money gets involved. Use Google Passwords to see which of your passwords have been leaked.
Rant about losing my crypto and the current economic state in Turkey
Daily Discussion - December 21, 2021 (GMT+0)
How does 2FA work while travelling and frequently changing phone #'s ?
A deeper dive into a lesser known metaverse project that has a very interesting concept
Daily Discussion - November 26, 2021 (GMT+0)
The Booming Underground Market for Bots That Steal Your 2FA Codes
Have you heard of Goji Crypto? They have a Billboard in times square right now
Daily Discussion - November 25, 2021 (GMT+0)
CRO and the bullish news and demand that is comming.
I feel like some people have a misconception about "cold" wallets
💹 No Name ⭕️ | Just Launched 💰 | LP Locked 💯 | Renounced Ownership ✅ | Join US ☄️
🎁 BTC Rewards🎁 Just Launched 🎁Hold $BTCR and Get in while it's still fresh! Earn $BTCR rewards just by holding! Fair launch/ low MCap!!🎁
🎁 BTC Rewards🎁 Just Launched Hold $BTCR and Get in while it's still fresh! Earn $BTCR rewards just by holding! Fair launch/ low MCap!!
Daily Discussion - November 24, 2021 (GMT+0)
A friend of mine lost 11k on Coinbase and coinbase sent them this response. Is this just a way for Coinbase to pass the blame because their computer has no virus, it's totally clean. Both computers are clean. Thanks in advance for help
$85k worth of crypto stolen in Peru - A cautionary tale
Put your feet back on the ground about LRC
Daily Discussion - November 23, 2021 (GMT+0)
If you’re in it for the long term, pumps and dips shouldn’t matter to you
The impossible happened. Any help be appreciated :(
I’m Justin Hartzman CEO of CoinSmart, a crypto trading platform in Toronto. This year we registered with regulators in Canada, expanded to Europe, and became a publicly traded company (SMRT.NE)—AMA about going public, complying with regulations and the tradeoffs for centralized platforms.
Looking for recommendations and info about hardware security keys for 2FA please
Friendly reminder: use a 2FA authenticator and turn off SMS 2FA
Friendly reminder: turn off SMS 2FA, use a 2FA authenticator
Daily Discussion - November 22, 2021 (GMT+0)
Simswap Careful: A Teenager in Cancade has been arrested over €32 million crypto heist
Simple reminder to not use Google Authenticator as 2FA solution
Real gem on Terra - $LUNI - All LP Burnt, NFT and Play2earn games. LUNI Wallet incoming!
Real gem on Terra - $LUNI - All LP Burnt, NFT and Play2earn games. LUNI Wallet incoming!
Real gem on Terra - $LUNI - All LP Burnt, NFT and Play2earn games. LUNI Wallet incoming!
Real gem on Terra - $LUNI - All LP Burnt, NFT and Play2earn games. LUNI Wallet incoming!
B O O S T-C O I N Stealth launch 🚀|Ownership renounced✅|LP locked for 3 months🔒| Great Potential X100💎 | Don't miss it ! 🎈
Mentions
All the FA mentions are actually 2FA mentions.
Bought EthLend in 2017 on Kucoin. Marked crash, so i just forgot about it. Lost my 2FA so did not Get in until May 2021. EthLend migrate to AAVE and was up 3500%
I can say that kraken will not screw you over with fees if you place market orders and such - not purchasing with the buy button also they have good support and let you 2FA with TOTP basically everything - iirc even different 2FA TOTP keys for different things
Phone completely dead, you’ve got an exchange account with numerous internal wallets/coins. Your exchange account is linked to a DeFi account , both exchange & DeFi are protected/linked to 2FA. You’ve also got several other wallets/coins. You have your SEED phrases so should be able to resurrect your various wallets but do you need more than seeds? Will the SIM card work in a new phone or will that be dead also? Can you get into your exchange without the 2FA, do you need to set up same 2FA or can you recover everything from Cloud?
It goes to show that, although OP likely did compromise his seed phrase somewhere, you really do have to be tech savvy and very aware of a lot of topics to not get really screwed over by this. Using a large exchange + 2FA is such a better option for non-tech savvy people. Combined with staking or some minimal withdrawal time makes it near impossible for you to lose your funds to a personal hack, and it probably won't be long now until exchanges have some more formal sort of insurance covering all their assets. Hopefully OP can discover what happened here to help make everyone else more aware.
Yeah, specially with 2FA and whitelisting.
They should at minimum have 2FA for any kind of transfers as an option.
One option would be to put it all on an exchange for now. should secure well your access to that account, of course…2FA and such
Totally agree. Crypto will NEVER get mainstream adoption if people have to jump through hoopes and verify PGP signatures. No way, it will just not happen. Exchanges with hardware based 2FA and whitelisting are perfectly safe for this, and orders of magnitude easier for the average user. The NYKNYC FDU is overblown, IMHO.
No idea how easy/hard it is to implement. But would it add any real level of safety? For example: I can imagine people keeping their seedphrase on their computer or "handing out" their phrase would also be an easy target with 2FA (think keeping the QR-import as a screenshot). People who have their phrase offline would likely do so with their import as well. Not implying it's less secure, just having a brainfart.
Would this be possible if you had your coins on Coinbase with 2FA on withdraw / deposits?
The exchange gives it to you when you register and setup your 2FA authentication so that if you lose your device, you can setup your 2FA authentication again in another device. It is important to save the key because the exchange will never show it to you ever again.
For amounts under 1 M $ I would use exchanges. I know not your keys not your money but we are not in 2015, exchanges are more secure and the big ones have hack insurances, your money are safe even if hacked. The bigger advantage is 2FA, I think I need to enter email code, sms code and Google Authenticator code I trust the exchanges more than my own judgement and my antivirus when it comes to security
2FA a seed phrase? Passphrase is the closest thing to that I imagine.
1 year ago if I found a piece of paper with 24 words on it, I’d just screw it up in a ball and throw it away. Now I’m into crypto I would think different. On saying that the,percentage of someone into crypto finding said paper isn’t as high as one would think. If you add 2FA to the equation, and no one can log into your device you trade on, I’m not sure how risky a breach this actually is.
If you do that, at least make sure you have 2FA set up (and not via SMS).
I have 2FA approval on all the exchanges, lp pools, etc. You can't move a dime of my money without my approval on a local device that also requires biometric approval to open.
This is exactly what I do! Never been hacked wouldnt wish it on anyone in the crypto world! Have one for my crypto only and a spare phone I do not take out my home for all my security and 2FA on there this is definitely the best way and the safest.
Set up non sms 2FA for security. Send small test amounts before sending large sums.
if you use ur brain and thus a unique, secure password and proper non-SMS 2FA, you are like 99% safe from getting hacked. i‘d argue more funds get lost by people incorrectly trying to withdraw than by actually hacking big exchanges
Physical 2FA security keys and hardware wallets are a must for anyone with crypto they can't afford to lose
Just reading your comment now, I have never heard of a yubikey prior to this, so you mean using the yubikey 2FA for Bitwarden login or do you mean 2FA for your crypto logins?
Yep, a lot seems to be someone signing something they don't understand. 2FA ( even by SMS ) would drastically cut that number down. I'm.shocked they don't have such a simple and secure security implementation.
Sir this is /CC, people only read these sort of posts after getting scammed! Jokes aside, stay safe fellow crypto members. 2FA on exchanges, never use email or sms as 2FA. Either security key (yubikey) or Authenticator app. Once you get $1k+ look into cold wallet. Most would recommend trezor or ledger.
You are overthinking it. All you need is a password manager (this will also save you from phishing attacks as it auto completes), enable software 2FA on all accounts including your email, protect your phone and computer sign in with password/biometrics, enable full disk encryption on you computer. Other than that you need to develop an understanding and an eye for scams how they work and how to navigate the space. Getting instructions do this and do that won’t cut as it is an arms race with scammers. You just have to understand how it all works. If you are new to this I would suggest to skip self custody and just leave everything in a top 5 exchange.
Nobody cares about IT security until they need it and regret not implementing it properly. Yes complex passwords and 2FA are annoying but for the sake of an extra 5 seconds it could literally save you thousands of dollars.
A list of common attack vectors: ​ * Browser Addon X gets bought up by a shady company and the addon becomes malware or a trojan * Google Ads (Use Ublock Origin, because the brave browser doesn't block all ads) * Disable jscript on pages you visit the first time (Use noscript or setup your browser like that) * Social Engineering on reddit. I am active on r/gamedev and r/CryptoCurrency from time to time I receive message from people I haven't asked and I don't know that want me to test their game. * Compromised Github, exe files etc. * Phishing e-mails (like "Please review your account... we had to block your account due to suspicious activity" * Hijacked Front-Ends where you have to suddenly accept a new smart contract * Using the same password for all your accounts and using no 2FA * Echelon Malware on Telegram, which autodownloads and install itself just by being in a group chat * Log4Shell attack/exploit * Compromised indie games on [itch.io](https://itch.io) or even steam Solutions: * Use as less browser addons as possible (noscript, ublock Origin and your wallets are enough) * Use Linux instead of Windows. I recommend a distro like r/EndeavourOS * Always check SHA256 or verify the certificates of every file you download * Check the reviews of the and numbers of users of any browser addon you download * Don't pirate software, don't use cracks * Don't download the next Metaverse-Game on Day 1 or if you have to install it on a non-crypto laptop or computer.
Missing some basics if they aren't in place. Secure, long passwords which aren't re used anywhere else. 2FA either via app or hardware tokens. SMS isn't as secure. Password/pin protect your phone and apps
Yes, that is a bad idea. Anyone with access to the backup codes for your 2FA can use that (along with your user/pass) to login as you. You can login to the exchange and reset your 2FA and it will give you a new set of backup codes.
If you haven’t already, I recommend looking into security keys like yubikey for 2FA!
OK, friends. New year, new me. Dedicating my first day off this year to the topic of cyber security. Two online courses lined up, planning to wipe my laptop clean and set up the whole new system of strong passwords, 2FA, backups and what not. Wish me luck! 🤓
Use 2FA for all exchanges
Well, that's a good idea, but the problem is that if you keep your passwords and 2FA in the same place, you have one big attack vector, if you want, try AEGIS authenticator, it's Open-Source alternative to Authy
Never use the same browser for anything crypto as for web browsing. Try to avoid any browser-based wallets (when possible, it's not always so). And in general avoid Chrome if possible. If possible, use two different computers. One for crypto transactions online. Permanently shut off. Only on when you need to do something. Only used for transacting crypto, nothing else. No other apps, tight security. Same for 2FA, use a dedicated phone, or hardware device, for 2FA. Not your actual phone. Also, and this is important, NEVER EVER download any crypto apps from google play / app store under your account. When your account there gets hacked (that is very common), hackers will know you are into crypto. Setup a throwaway account under which you download crypto apps, if you must use such, on the dedicated crypto phone, which again like crypto PC, is shut off unless you need to use it for 2FA or what not.
Honestly... Coinbase with NON SIM 2FA, whitelisting, and insurance coverage sounds better and better and better all the time.
> see if you can ever remember taking a photo of the phrase I took a photo on my phone of the 2FA security code from my exchange. Bad idea?
Adding on, Coinbase offers a vault option which is pretty cool. If someone bypasses your passwords and 2FA, anything stored in a vault requires verification from 2 separate emails then a 2-day waiting period before any funds are transferred back to a wallet. If someone chooses to store on the exchange, this is probably the most secure way of going about it.
Learn how to keep your account safe by using password managers, to help manage your password for various accounts and exchanges, and enable 2FA (use app or physical security key) to help protect your account and exchanges. It would suck to make all those profits and gains, by having it compromised, cause you reused or used a bad password that has been leaked, and not enabling 2FA via app and/or physical security key. Check your breaches @ haveibeenpwned.com Also, never ever give out your seed phrase to random site or random people, unless you want them to have access to your crypto.
How difficult would it be for Metamask to integrate a 2FA into the wallet.
Research two or three good exchanges and only use them. No point in handing out your data when those 3 have what you need. Look for low fees and good feedback. Write down your private keys and keep them private. Every exchange you have activate 2FA and use a app or physical key based method. Ditch sms MFA.
Are you keeping it on an exchange or moving it to wallet? If you plan on leaving it on an exchange, look up security key (yubikey) as 2FA. Probably the best option if you keep it on an exchange, if not then use an Authenticator app. Never use sms/email as 2FA. I recommend once you got $1k+, look into cold wallet.
Ah yes that's a fair point on deciding on purchasing now when there's a dip for a smaller amount, versus doing a bigger lump sum when the price could be higher but you pay less in fees. Just do the math to figure that out. Interesting you say most people aren't concerned about leaving a few grand on the exchanges for a few months considering I read so many comments from people saying to take your coins off the exchange. My friend lost some amount of BTC (less than 1k worth) on BitBuy by keeping his coins there. Even though I have unique passwords for everything and 2FA, I'm still wary to do that because there's no way to get them back.
After erasing old phone you won’t get it back. Don’t worry. Not too hard to go through coinbase and any other site you use 2FA and have them turn it off. Then log back in and turn 2FA back on with your new phone and Authenticator app. If you are afraid you might do this again then save the security code with your new 2FA app. I don’t personally. I’d probably lose it and it seems like a security hole. Can more easily just remember to setup 2FA app on a new phone before deleting old phone.
I leave half my crypto on coinbase and half on a software wallet. At least it coinbase gets hacked I can get my shit back. You can also whitelist addresses and google 2FA is nice. Never use SMS verification
it's crazy to me in 2022 people aren't using 2FA
1. Always use 2-factor authentication (2FA) on exchanges to minimize your risk of having accounts compromised. 2. When using 2FA, go with a device-based solution such as Authenticator or Authy, rather than SMS based. The risk of a SIM-swap attack is small but not negligible. 3. To be extra safe, create unique new emails to use with all exchange accounts, rather than your usual email. A hacker can't compromise your email address if nobody knows that it exists. 4. Always send a test transaction first. And triple-check your seed, to make sure it's the correct one. 5. If you're getting excited when reading about a new project, you're doing it the wrong way. You should never be excited about a project or emotional about an investment. DYOR means "do your own research," but always do it as if you're looking for problems or holes in their plan. Start off by being as critical as you can about a project. Listen to the people who are attacking the project and try to see if their criticism is valid. 6. The blockchain is permanent and immutable. Remember that. This has advantages and disadvantages. Money is supposed to be fungible. 7. Most people don't realize how important privacy is. See point 6. The pursuit of privacy doesn't mean that you have criminal intent. So don't post any identifying info on reddit, and remember that most blockchain transactions will be visible forever.
Is 2FA even on metamask? I have it for some exchange apps but I didn’t see the option on metamask
Use a password manager and give every account a random and long password. Write down your master password to your password manager and keep it somewhere safe with your seed phrases. Turn on 2FA where you can, avoid SMS 2FA.
My only issue is with #3 is some of my addresses change per use. Some don’t though. At least I have 2FA (app Authenticator) setup so it can’t withdraw unless 2FA is successful.
2FA would probably protect you a bit, or have some basic locking mechanisms on your phone
I guess mine would be from reading others mistakes: 1. 2FA that shit. EVERYWHERE. 2. As added security if anything has additional verification for withdrawals (like a Nano X or XUMM tangem card) SET IT UP
Everyone should do this: ​ * To find out if you are safe, the best thing to do is figure out what to do if you are stolen. * Put all 2FA codes in an old phone completely offline from internet and network which only serves as a backup!
Ok, I see this option. However, this is after I've already established a 2FA. So you're saying all I have to do is take a screenshot of the QR code and save it for later?
That's why you should use Authy, it syncs your 2FA across multiple devices.
Had the same with Binance. No luck with restoring the google authenticator App. Lucky enough i was able to restore my Binance Login with sms/Mail 2FA
You can back up Google 2FA by going to menu and Generating a backup QR code by choosing "transfer accounts" You should consider yourself lucky if it's just coinbase you were using Google 2FA with. You'll likely have to send them a passport photo and all sorts of proof of identity to get it reset. Hope it's not too tedious.
You have to go through Coinbase or other sites you had 2FA activated, it's the only way.
8 probably. A lot of coins are available, the UI is somewhat intuitive, and with 2FA it seems relatively secure
8. Mainly because of super low fees and if you enable 2FA, its super safe and it has most of the coins.
Yeah, it does, that's a good option, but I like authy because it doesn't rely on my Microsoft account, but if you make sure your Microsoft account it's using SMS 2FA, you're fine.
And when they inevitably end up getting hacked they are the first one to bitch and moan that it isn't their fault, act like they have no idea how it could have happened, and it is IT's fault for "letting it happen". Enabling app based 2FA is still the biggest shitshow I have seen in a decade or more, especially when the mouthbreathers get a new phone and summarily dismissed all the advice about exporting the 2FA.... then cannot access their sites anymore. I can only imagine that criminals are making more money now than ever before. Bullish times for a black hat, it seems.
For CEX register both yubikeys, so you have a backup. For other things that require 2FA codes you can register your pair of yubikeys with the same secret key provided. Also get a ledger, doesn't matter if your bags are not heavy yet.
SMS 2FA has problems a determined hacker can contact your company transfer your service to a new SIM card and bypass the security. It’s safer than nothing but If you have lots of money and leaked personal information you can also get extremely hurt.
For this reason I use SMS 2FA
Do not trade on CDC app. Use the exchange(sorry America). 2FA is a no brainer. But be carefull with Google Authenticator. If your phone dies and you don't have the proper codes backed up, you can not reinstall. Read a lot, this sub included, althoug good info is hard to find here these days with the moon farming spam. Don't trust Celebs/YouTuber shilling coins, probably just pump and dump shit. Keep it simple, try stuff out with small amounts (Yieldly, Farming, DeFi, Earn....). That is wat I learned this year. Started in september.
Not to beat a dead horse, but write down your seed phrases and any pws on PAPER. Do it now. Shit can happen. Your latop where you store the pws in a word doc can die. When you upgrade your phone with all your crypto apps, the pws may not transfer. Or they will, but your 2FA will not. Lots of stuff can go wrong. Keep the info on paper, and keep that paper in a safe place like a locked drawer or file cabinet or a safe.
And always use 2FA!! Very important
2FA is really good I also prefer SMS 2FA
Google Auth was mainly what I was referring to, however you still have to be careful about the device you use for 2FA (and don't forget to write down the recovery code!) ​ What recovery code? I use Google Authenticator and I can't find anything about a recovery code in the app.
Use non-sms 2FA. Authy is better then Google authenticator.
You can buy on exchange withdrawal to your wallet. Unless you are freaked out by KYC this shouldn’t be an issue. Keeping it on exchange is another thing to consider security wise. I would say as long as you have your device 2FA in place it is pretty secure if you stick with established exchange. Exchange hack rarely affect someone directly, if it is then it is most likely the case either they are phished or they don’t protect themself with 2FA properly. Exchange hack typically occurs in exchange’s wallet level and it is a matter of whether they are solvent after the hack or not and so far some exchanges, their user funds are not affected.
Also backup the 2FA key, many people have it enabled, without backing it up and when they loose or reset their phone, they are screwed
I'd also add enable 2FA whether an authenticator app, can't be too secure when it comes to your crypto
Set up 2FA security through an app (not messages or email) to add an additional layer of security.
12. SECURITY! Make sure your crypto is safe! Unique password, 2FA, and other settings (when you keep crypto on an exchange) and save your seed phrases and private keys in a secure location
As the amounts of money I’m dealing with have grown in crypto, so have my methods for dealing with it. This is my current setup. -Laptop DEDICATED to crypto. This means it is used for literally nothing else. No random web browsing. No games. Just buys/sells/moves. Windows 10 with Bitlocker enabled. All AV services turned on. -Yubikey and LastPass. Where possible I use the yubikey as my 2FA option. If hardware isn’t allowed I use Google Auth (never SMS). All my passwords are 24 character randomly generated and I don’t know what they are as LastPass manages them. I use the yubikey in conjunction with LastPass as well. Brave browser to handle chrome based wallet extensions. -Ledger Nano S. To date it’s still the most reliable hardware wallet and with the latest firmware, is not known to be hackable if lost or stolen. -Seeds twice documented on paper only. One copy stored in my gun safe and the other in another location I feel comfortable with in case of a fire. Probably gonna pickup a Nano S plus when that drops and use that as my new primary and move my old Nano S to the secondary storage location.
Yes secure your router, if your machines are on wifi (ideally not) secure your wifi. If you access on the move use VPN. Use open source password managers and secure 2FA on all accounts. You can go way down the rabbit hole of course, including using your own DNS servers, pihole to stop unwanted ad/malware, having segregated and firewalled networks for your secure/insecure devices etc.
MM is run completely locally meaning that there is no point in adding 2FA because the 2Fa would also bee stores locally the security comes from the token being stored on an external server.
2FA, proper passwords that aren't re used.
I’m sorry for your loss, but please stop saying that you didn’t have your seed phrase or private key on your PC. Of course you had, how else would you be able to sign transactions in MetaMask? You can even look up your seed phrase in the settings menu of MM. That’s what a software wallet is and precisely the reason why hardware wallets exist. And all accounts in MM use the same seed phrase and password. You know this because you enter the password first when opening MM and then switch accounts. And you know this because the seed phrase is located under MM settings, not account properties. And you know this because you wrote down *one* seed phrase, not multiple, on your piece of paper, because you only had one. So it’s pretty simple, really: You installed malware, the malware pulled your seed phrase after you unlocked MetaMask, and the scammer then just transferred funds. You got scammed, not hacked. However I agree that *not getting scammed* requires significant effort and knowledge, which not everyone wants or deal with. So there is definitely room for improvement to protect the user from himself, and for this reason there will always be custodial wallets with advantages like 2FA, IP checks, device recognition, spending limits, support, refunds, etc.
As someone who works in IT I'm telling you straight up, people for the most part are completely and entirely uninterested in learning about IT security and best practices etc. They piss and moan about mandatory security training and even something as simple as enabling 2FA for offsite access is met with hostility and constant bitching and moaning. Tell them they also need a secure password and you'd think they are about to die the way they react. Whilst I know you used the general term "hacked", most people aren't "hacked". They are phished / scammed or unknowingly run malware etc. Social engineering is one of the most common ways attackers get into your shit. In terms of hardware wallets, if the device isn't connected and it's protected by 2FA using an app or hardware key then they have absolutely no way of getting your investments unless they physically have every single device.
Oh for sure, SMS verification is actually extremely easy to bypass via SIM swap attacks and spoofing, and this is where the "social engineering" aspect of this can come into play Google Auth was mainly what I was referring to, however you still have to be careful about the device you use for 2FA (and don't forget to back up the recovery code!) That being said, I do very much agree that stuff like this should be kept in mind at all times. When we get complacent and overconfident with our security is when we can lose everything, just like a machinist getting that little bit too comfortable with their lathe and losing an arm
Hardware/cold wallets may have vulnerabilities but there's a point where the effort to exploit these specific vulnerabilities isn't worth it, and there's no getting past secure 2FA for exchanges As far as sketchy sites, just use the D.O.N.T. rule
MM doesn't support 2FA. Most wallets don't. The problem is we want to be our own bank, but don't have any of the security measures a normal bank has.
2x Pfizer, boosted by 2x Moderna. If you put on 2FA to protect your accounts, put 2FA on your lungs by getting vaxxed
These wallets need to include a 2FA method. Coinbase Wallet offers SMS and Biometric authentication, while Metamask doesn't offer anything. Increase adoption will also increase with more security on these hot wallets. Outside of staking my coins I just don't feel comfortable with anything else because one wrong clicked link - and poof!
Good to hear, don’t forget to do research on securing your assets! Look into security keys (yubikey) or Authenticator apps if you keep your crypto on an exchange. Highly recommend you don’t leave 2FA as sms/email. Also look into cold wallets once you have more than $1k in crypto. Happy New Year friend!
on the crypto.com app you can set up 2FA. you can also do it on their exchange. is it different right my main question tho is... i cannot set up the first 2FA on the desktop right? i can only log into their exchange on the browser right?
Download Authy onto your new phone and then export the 2FA to it from the app in your old phone. You should always have a backup on a 2nd device in case you lose access to your main device. If that happens you're looking at getting exchanges to take 2FA off your account. Not an easy task.
Are you importing your transactions via CSV files or do you have an API connection with your exchange set up? CSV is safe and so are API’s, as long as you’ve set them up for querying only. That’s all to say, they can’t touch your money but I do wish Koinly would add 2FA
I love how AUM, for you, classifies someone’s level of understanding of Crypto, hell, even assets for that matter. I’m not doxing the individual, but I’ve met some pretty sophisticated individuals with money, FA’s, and so on. I’d gladly take a listen to his advice any day of the week. Nor, did i even mention that I’m listening to his crypto advice. I’d rather an FA who is risk adverse with his clients over one that’s not.
For coinbase, you go to settings and security section. Then you pick 2FA options. If you don’t manually set it up, it automatically becomes set as sms. If you get sim swapped or phished, someone can easily recover your account. I recommend downloading an Authenticator app (like google or Microsoft) and setting that up as your 2FA. Plenty of videos on YouTube on how to set it up etc.
The average AUM is 92 million.. so i wouldn’t call a “Single Mid-Tier financial advisor” who oversees $650M AUM that at all. Mind you; this individual himself oversees $650M. That is his top tier clients. His office itself, with 2 other highly qualified FA’s oversee an additional $250M. Putting his office close to $1B AUM - which is located is a very small mid-west office. I’ll gladly listen to his counter-arguments. Learning is pretty smart to do.
Don’t forget to look into securing your assets! If you keep it on an exchange, use security key (yubikey) or an Authenticator app. Never use sms/email as 2FA. Once you hit $1k+, maybe look into cold wallet if you haven’t already.
Ignore DMs about crypto and any offers that seem too good to be true. Do not share your seed phrase with anyone. Use 2FA in every platform (with an auth app or a yubikey).
I suppose you don't enter your seed phrase to make transactions with either at any point so all it would take is for someone to have control over your PC and potentially no extra 2FA or password mechanisms to stop the transaction, but I wouldn't know as I don't use metamask. With trust wallet all it takes is your phone being unlocked and knowing the pin to get in right