NFT, DeFi and crypto hacks abound — Here’s how to double up on wallet security

Published at: June 22, 2022

The explosiveness and high dollar value of nonfungible tokens (NFTs) seem to either distract investors from upping their operational security to avoid exploits, or hackers are simply following the money and using very complex strategies to exploit collectors’ wallets.

At least, this was the case for me way back when after I fell for a classic message sent to me over Discord that caused me to slowly but all too quickly lose my most valuable assets.

Most of the scams on Discord occur in a very similar fashion where a hacker takes a roster of members on the server and then sends direct messages to them in hopes they will bite at the bait.

BEWARE: Several scams happening on Discord tonight. QUESTION EVERYTHING. Before clicking on links, quadruple check who it’s from and if it’s legitimate. Then check 12 more times on Twitter via trusted sources.

— Farokh (@farokh) October 27, 2021

“It happens to the best of us,” are not the words you want to hear in relation to a hack. Here are the top three things I learned from my experience on how to double-up on security, starting with minimizing the use of a hot wallet and simply ignoring DM’d links

A quick crash course in hardware wallets

After my hack, I was immediately reminded and I cannot reiterate it enough, never share your seed phrase. No one should be asking for it. I also learned that I could no longer forego security at the privilege of convenience.

Yes, hot wallets are much more seamless and quicker to trade with, but they do not have the added security of a pin and a passphrase like they do on a hardware, or cold, wallet.

Hot wallets like MetaMask and Coinbase are plugged into the internet, which makes them more vulnerable and susceptible to hacks.

Contrary to hot wallets, cold wallets are applications or devices whereby the user’s private keys are offline and do not connect to the internet. Since they operate offline, hardware wallets prevent unauthorized access, hacks and typical vulnerabilities by systems, something which are susceptible to when they are online.

4/ USE A HARDWARE WALLETA hardware based wallet stores the keys off of your main device. Your device that could have malware, key loggers, screen capture devices, file inspectors, that could also be snooping for your keys.I recommend a Ledger Nano Shttps://t.co/LoT5lbZc0L

— richerd.eth (マ,マ) gm NFT.NYC (@richerd) February 2, 2022

Moreso, hardware wallets allow users to set up a personal pin to unlock their hardware wallet and create a secret passphrase as a bonus layer of security. Now, a hacker not only needs to know one’s recovery phrase and pin but also a passphrase to confirm a transaction.

Pass-phrases are not as spoken about as seed phrases since most users may not use a hardware wallet or be familiar with the mysterious passphrase.

Access to a seed phrase will unlock a set of wallets that corresponds with it, but a passphrase also has the power to do the same.

How do pass-phrases work?

Passphrases are in many ways an extension of one’s seed phrase since it mixes the randomness of the given seed phrase with the personal input of the user to compute a whole different set of addresses.

Think of passphrases as an ability to unlock a whole set of hidden wallets on top of the ones already generated by the device. There is no such thing as an incorrect passphrase and an infinite amount can be created. In this way, users can go the extra mile and create decoy wallets as plausible deniability to diffuse any potential hack from targeting one main wallet.

This feature is beneficial when separating one’s digital assets between accounts but terrible if forgotten. The only way for a user to access the hidden wallets repeatedly is by inputting the exact passphrase, character by character.

Similar to one’s seed phrase, a passphrase should not come in contact with any mobile or online device. Instead, it should be kept on paper and stored somewhere secure.

How to set up a passphrase on Trezor

Once a hardware wallet is installed, connected and unlocked, users who want to enable the feature can do so in two ways. If the user is in their Trezor wallet, they will press the “Advanced settings” tab, where they will find a box to check off to enable the passphrase feature.

Similarly, users can enable the feature if they are in the Trezor suite, where they can also see if their firmware is up-to-date and their pin installed.

There are two different Trezor models, Trezor One and Trezor Model T, both of which enable users to activate passphrases just in different ways.

The Trezor Model One only offers users the option to type in their passphrase on a web browser which isn’t the most ideal in the event the computer is infected. However, the Trezor Model T allows users the option to use the device’s touch screen pad to type out the passphrase or type it within the web browser.

On both models, after the passphrase is entered, it will appear on the device’s screen, awaiting confirmation.

The flip side to security

There are risks to security, although it sounds counterintuitive. What makes the passphrase so strong as a second step of authentication to the seed phrase is exactly what makes it vulnerable. If forgotten or lost, the assets are as good as gone.

Sure, these extra layers of security take time and the extra precaution and may seem a bit over the top, but my experience was a hard lesson in taking responsibility to ensure each asset was safe and secure.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should conduct your own research when making a decision.

Tags
Blockchain
Nft
Markets
Cryptocurrencies
Wallet
How To Crypto
Education
Hardware Wallet
Trezor
Related Posts
What are Bitcoin mixers, and why do exchanges ban them?
One of the original allures of cryptocurrency is the narrative that using them provides the sender or recipient anonymously, but this is a common misconception within the sector. In reality, Bitcoin (BTC) and many other cryptocurrencies are easily traceable. Proof of this came earlier this week when on April 27, U.S. authorities arrested the mastermind of Bitcoin Fog, a darknet-based BTC mixing service. Authorities were able to capture the operator after analyzing ten years of blockchain data. One doesn't need to be a forensic analyst to know that every single transaction is tied up to addresses on the blockchain and …
Blockchain / May 1, 2021
The team behind the world's first hardware wallet says it's still thriving after 8 years
Like all things, Trezor, a household name in the crypto community with over 1 million units sold, came from humble beginnings. The idea all started out in 2011 after a Bitcoin (BTC) conference in Prague, Czechia — which, by the way, was just voted the most beautiful city in the world in a Time Out magazine survey. Two crypto enthusiasts, Pavol "Stick" Rusnák and Marek "Slush" Palatinus, envisioned a small, single-purpose computer that would securely store users' Bitcoin private keys. In 2013, the two founded SatoshiLabs. The following year, the first-ever Trezor wallet — Trezor One — launched. Then came …
Adoption / Feb. 9, 2022
What bear market? This crypto wallet brand has a fresh look and an exciting new product
A crypto wallet provider has unveiled fresh, new branding as part of its quest to deliver an even better user experience. Founded in 2018, SafePal is a Singapore-based company that provides secure and easy-to-use wallet solutions for the masses. It is the first wallet incubated and invested by Binance Labs, the venture arm of Binance. With a mission to make crypto secure and simple for everyone, SafePal has built comprehensive crypto asset management solutions — including hardware wallets, mobile wallets, extension wallets, cross-chain swaps, trading services and more. At present, the business supports 48 blockchains and 15 languages — serving …
Adoption / Oct. 12, 2022
What is the Trust Wallet and how do you use it?
A secure cryptocurrency wallet is crucial for those investing in the growing cryptocurrency market. Technically, crypto wallets are pieces of software that enable users to send and receive digital currencies, like Bitcoin (BTC), Ether (ETH) and Litecoin (LTC). Cryptocurrency wallets are typically used to store multiple coins and tokens at once. However, most wallets only support a limited number of digital currencies. These wallets can come in the form of hardware (much like a flash drive) that can be connected to the internet as needed or digital storage (like a banking app) that can be accessed on a device. To …
Blockchain / Jan. 9, 2023
How to build a crypto portfolio without spending any money or time trading
Starting to invest in cryptocurrency does not necessarily require attaching a bank account or spending money (fiat) to purchase Bitcoin (BTC) and Ethereum (ETH). Another way to earn cryptocurrency and build a portfolio is to complete a variety of tasks on various Web3 platforms. Using decentralized applications (dApps) and decentralized finance (DeFi) platforms, users earn cryptocurrency and then swap, sell or hold them in centralized or decentralized wallets without even having to spend money. Let’s look at a few ways to build a crypto portfolio without connecting a bank account. Interact with Web3 browsers A person without cryptocurrency knowledge might …
Adoption / Feb. 21, 2023