Contents
Security researcher Officer’s Notes posted a guide on how to hold your keys. The tweet gathered more than 450 retweets, one of which was made by Binance CEO Changpeng Zhao, urging everyone to follow the instructions described.
The guide consists of five points, each of which the specialist described in his blog. Changpeng Zhao himself advises using these rules on small amounts until you have mastered all the mechanics completely.
Learn to hold your own keys, by doing ALL of the following.
Recommend starting with a small amount, until you master the tech/setup involved. https://t.co/AiKzrZWkKz
— CZ 🔶 Binance (@cz_binance) December 20, 2022
The brand new newsletter with insights, market analysis and daily opportunities.
Let’s grow together!
Let’s look at each point in more detail.
1. Store a private key, not the seed phrase
In this paragraph, the author considers different types of money storage, mainly describing how wallets work. For example, the expert explains why he does not recommend using Trezor or Ledger devices as the main cold storage. You can read more about this at the link.
As for the safest option for storing funds, according to the expert, it is to use a cold card or “paper wallet.” The main thing with this is to keep a private key in the paper wallet, not a seed phrase. Why? Because the private key gives access to a single address (account), and the seed phrase gives access to the entire wallet, which may contain multiple addresses and private keys.
Here are a few more tips:
- When saving a private key, do not save the starting number.
- Don’t use the same keys as your hot wallets to manage multi-signatures, and don’t use the same keys forever.
- Do not use online services to create private keys.
2. Use stenography
Stenography is a science that allows you to hide the transmitted data in a certain container, thus hiding the very fact of information transfer. It should not be mistaken for cryptography, which hides the content of a secret message, while stenography hides the very fact of its existence.
In a blog dedicated to stenography, the author told the story of the origin of the science and named its main existing methods and algorithms. If interested, you can read about it here, but we are interested in the main thing, how to protect our cryptocurrency with stenography, or rather to hide a seed/private key phrase, file, audio, or picture.
It is important to remember that the text created with stenography contains the same information as the original seed, so it must be handled very carefully and also not shown to anyone. Here are a few options on how to secure your data.
- https://incoherency.co.uk/stegoseed/ — a site where you can encrypt and decrypt your seed phrase.
- https://stegcloak.surge.sh/ — a service that allows you to hide data using invisible characters into plain text using passwords.
- https://github.com/samjhill/skin-wallet — encrypts words using the Vigenère cipher.
- http://github.com/danielcardeenas/AudioStego — allows you to hide a password in audio (for example, in a track by your least favorite artist)
- https://github.com/dzhang314/YouTubeDrive — encodes/decodes data into RGB videos, which are automatically uploaded to YouTube.
3. Be aware of physical attacks
Physical attacks refer to the direct impact on people in order to take cryptocurrencies from them. The author provides a link to all known attacks on bitcoin and other cryptocurrency-holding entities that have occurred from 2014 to the present.
The list is not comprehensive because many of the attacks have not been publicly reported. People on this list have been kidnapped to take possession of their digital assets or simply robbed under threat of reprisal. Check out the cases below, so you don’t fall victim to something like this.
Know physical cryptocurrency attacks
We recently reported on the death of a MarkerDAO co-founder who died under mysterious circumstances. It is possible that he was a victim of extortionists.
4. Follow #OpSec (operations security) guide
In this unit, an expert shares a useful resource that discusses the best OpSec research related to DeFi, blockchain, and cryptography. Here are some tips from the guide about OpSec:
- Use a secure email provider like Protonmail or Tutanota.
- Never link phone numbers to crypto platforms.
- Instead of SMS-based 2FA, use Authy or Aegis OTP for iOS or Android.
- Offline back-ups. Store them in a safe.
- Never do anything you don’t understand.
- Be careful about using your real home address online for delivery purposes.
- Analyze security holes and other vulnerabilities.
- If you use a smartphone, be extremely aware, etc.
You can find more tips here.
5. Stay accurate
It is about the human factor. The specialist explains that this aspect is firmly connected to human psychology and the fear of the unknown. You need to know how hacking works and how exactly your money can be stolen. This is necessary so that in case such a situation occurs, you do not get up in a frozen stupor but react effectively and take logical actions.
The author suggests that you refer to the OpSec guide above, specifically to rules 7, 12, and 21. Always be on your guard, and don’t let scammers catch you off guard!
How can I make money on this?
These rules are unlikely to help you make money, but they will definitely keep your funds safe! The year 2022 has already been one of the largest in terms of the number of attacks on cryptocurrency holders. In the half of October alone, the market was hit by 11 hacking attacks to the tune of $718M. The anti-record continues even now; for example, on December 2, it became known about the attack on ANKR protocol, as a result of which the attackers earned at least $15M.
Learn to not only make money but save it!