Securing Crypto Assets: Strategies and Pitfalls

0:00
In this video today, I'm going to go over some examples, some ideas.
0:05
It's not designed for do this, it's the only way.
0:08
But it is more for you to think how you've structured your crypto, your security, and to inform you on some of the scams that are out there so that you don't fall victim to them because it seems as of late, I'm getting more and more people saying, hey, my e-mail's been hacked HEI.
0:29
My wallet has been hacked and I want to not have any more of those calls. I want everybody to feel comfortable and be secure in their their crypto as well as the rest of their life. So, we're gonna go through what I call the priory threats. We're gonna look at seed phrase storage, signing scams and social scams.
0:50
And so that you can understand what is actually going on out there. Because I've decided that how I handle my hardware wallets is different.
1:01
Then how I handled them about a year ago. So, seed, phrase, storage, huge topic. And let's make sure you do it right.
1:12
Because you should never enter your seed phrase into your computer or phone.
1:18
Whether that be typing it, whether that be storing it in an e-mail or even an encrypted folder, you really have to be careful. And, you know, I've worked with some people that said, Oh, yeah, you know, I have it written down on my computer in Notepad Like. That is, that's not the way to do it. And I would consider that compromised, don't split the seed phrase up. Some people think that that's safer. But, you can brute force, if you have half of them. You can brute force most likely, the rest of them consider recovery, in case of your own death.
1:53
So, your seed phrase, I know, the dark topic, you don't make sure other people in your family that you trust.
2:02
Someone like that, knows where those are, and what they are.
2:07
Because if, know, you happen to pass, and no one has access to your crypto, they don't know the pin, they're gonna need those 24 words to gain access or 12 words to your crypto by hardware wallets directly from the manufacturer.
2:22
Don't go to Amazon.
2:24
Don't go to e-bay, God, say please do not go to e-bay, don't trust anybody, you know, that's the bottom line.
2:31
Trust yourself, but don't trust anybody else, don't trust me, Just, this is information that I'm giving you.
2:36
Make multiple physical copies of yore your seed phrase, No, where are you going to store them.
2:45
Store them in a safe or a safe place.
2:48
Don't store them in a lockbox in a bank. Those lock boxes are not really ours and other people can go into them and get that information. I'm not a fan of steel plates. That is the concept of putting your 24 words into steel.
3:03
If anybody does see that steel plate, they will know exactly what it is, Also, you really can't ever destroy those steel plates. So I had a client once who was in Hawaii, they were moving to the Mainland. It's like, how are you going to get those steel plates? And they will, we'll just send it in the mail. Like, no, you don't let those steel plates out of your site because you don't know what you don't know.
3:23
And if anybody looks nowadays at those steel plates or anything and steel, they're gonna know that those 24 words are used for a crypto hardware wallet. Do not use a password manager to store your seed phrase. Do not type them into your computer.
3:42
There's malware, do not store them on the cloud, and do not digitize them, unless, you know, 100% of what you're doing, and that's why I say, do not digitize them.
3:54
There was another video that I put out how probably a year ago and that really showed how you exploit exploits in browsers.
4:04
And not only could you see what someone was typing in their browser, you could see what they were typing on their computer, So that's why, I say don't ever type year 24 words into something. We're going to talk about signing scams because I don't think a lot of people understand what assigning scam is, and it's out there, and I'll show you a couple examples of someone who had all the crypto taken away from them because of assigning scam. Signing scams are dangerous when using D phi and FTE platforms.
4:38
Why is that?
4:39
Well, you're not exactly sure what you're signing in that smart contract. I would not trust any little website anymore, any website that I don't know for sure, even the big websites. And so I've changed my ways of how I'm going to do defy if I do that in the future how I'm going to do certain stake ins and that type of thing.
5:01
So you really have to see how comfortable you are and how vulnerable do you think you might be, But this is my, my next step of what I'm going to do when I do certain swaps, when I approve certain smart contracts that I can't read.
5:19
I mean, Would you go into a bank, sit down and have the banker, give you a contract, and say, Just please sign. Oh, no, you don't need to read it. Oh, no. You just trust us. No one would do that.
5:29
So, why do we do that for our smart contracts? Now, we really can't go in and see what the smart contract says.
5:36
So always used to, hardware, wallets, one, cold cold, which I'll explain, and then one that's hot cold, and what do you mean by that, George? What's hot cold?
5:47
Well, let's go to if you're going to use something like you in a swap, if you're going to use a site, defy site that you're just not too familiar. You're not sure how safe it is.
5:59
What I am now suggesting is that you use multiple hardware wallets, the one to your left, the black one next to the Bitcoin and Ethereum.
6:08
And who knows what that one is. This is your cold, cold wallet. This is the wallet that you store everything in. You can store them in multiple, if you feel comfortable, but that I would never have this ledger talked directly to a smart contract that I am not 100% sure about.
6:26
So if you go to unit swamp, if you go to, you know, there's a whole bunch of different ... platforms out there, that we don't know what we're signing. I would send a ledger that hold all your your crypto to a Middleman which would be another ledger that you only use for holding the coins, and then doing some type of swap or defy. So that if for some reason, you sign a smart contract, that could compromise your hardware wallet, it's only this hardware wallet that's compromised.
7:00
It's not your big bag of kryptos that is compromised.
7:06
There is an example that I'll go through where a guy lost everything because he signed a smart contract that he did not know what the fine details were because you can't read them.
7:18
So, if you're doing a lot of D Phi if you're doing FTEs, if you are on websites that you're just not sure how reputable they are, I would look at this method because it will save you a lot of painful heartbreaks in the future. So that's what I'm recommending now when you go to different platforms.
7:40
So you're saying, you know, this is this is a lot of work. You know, Why are you doing this? Because There have been a lot of people that have had some some big issues out there, and so let's take a look at them.
7:52
So, I've talked about this one on the live stream, our Thursday live streams. And it's a reminder, if you have ever used LastPass to save your seed trays, Consider a compromised blockchain security researchers among whom are revealed weeks ago that hundreds of wallets have been siphoned.
8:08
For more than $35 million. Due to LastPass, is encryption vaults being cracked and offering access to the seed phrase stored within them.
8:16
It, it is, you know, certifiably correct, that, it is, it's happening out there, and look at all the other breaches that we've had.
8:26
Read this on your own, but, you know, slack auth, zero LastPass, the less you have git Hub.
8:34
Twilio Auth, the second last signal? That's cloudflare, MailChimp, Digital Ocean.
8:41
No, this was back. I think this posting was January of this year, and there have been 23 and me is one of the latest ones.
8:49
I hate to say this, but Luke Dash junior, he was one of the core devs for Bitcoin, and I know this may not make a lot of sense.
9:01
But he says PSA, my PGP key is compromised and at least many of my bitcoin stolen. I have no idea how please help. His PGP key was basically his encryption key for his computer, And he was storing his Bitcoins all 200 on his computer.
9:23
The the the private key was on his computer.
9:28
And somehow, he was engineered into having his PGP key compromised, and they went in then, and got into his computer, and took his private key, and stole all his 200 Bitcoin. So, you know, this is an expert in the field.
9:47
And he got hacked, and it's not just him. There are a lot of people that are getting hacked, he stored his bitcoin and Bitcoin Nots and it appeared that at that point, in time, this was compromised. So, you know, we're not even trusting the wallets that are storing some of our crypto, especially when we have our own private keys in our hands, we need to put them into hardware wallets. We don't even know what they are.
10:16
Let the hardware wallet handle that. And, you know, you could have a keylogger on your computer.
10:22
So when you type those 24 words in different places, you know, someone could install that. There could be a compromise in a browser.
10:29
So here is something that is just, kinda, you know, insane to think about.
10:35
But this is a screenshot from ed, a mask and meta mask says, no, they recommend, How do I save my secret recovery phrase? Save it in a password manager.
10:45
No. Store it in a safe deposit box. No, both of those examples we've seen have been compromised.
10:51
Don't just think, it's not going to happen to me because, it will, it has happened to people that are experts in the field, and here is another, So lost 20 plus ethe overnight from hot wallet due to storing the seed phrase on LastPass. This problem appears to be widespread.
11:08
If you've ever used LastPass, it's time to G TFL. Update your passwords and abandon your wallets with the seed that were stored there.
11:16
It appears that social scams are the most common way money or crypto are stolen. I would assume everything incoming is a scam, so you get an e-mail, you get a direct DM text message. You get a call on your phone, consider it a scam until proven otherwise. I mean, I have Telegram. I think about once a week, I get, you know, some very attractive woman in a picture saying, Hey, I came across your name, and another group, and I used to, you know, play along a little bit, like, Oh. What group?
11:50
And they were literally wouldn't tell me, and now I just don't answer, I just deleted. There's no reason I want to interface with them at all, I don't need any more friends, especially from Telegram.
12:02
Just stop friending people that you don't know, that you haven't physically met, and it'll make your life a lot easier because last year, one, out of every four fraud victims said it started with either a social media direct message, ad, or post.
12:18
So how do you spot a social scam?
12:21
It's not easy at times, and yes, Sometimes it's very easy changes, over time, you know, you used to be able to easily see them. Because messages including a lot of grammatical and spelling errors, would show up, but AI is changing. that. Someone can put what they, the ideas that they want to come across, An AI will turn it into a great looking message, so you can't rely on grammar and spelling errors anymore.
12:45
If someone has a brand new social media profile with little content or a few friends, that's a real sign.
12:52
The profile longs to someone to whom you thought you were already friends to my mom, had this many times where someone would just duplicate her picture, close to her name and then tried to befriend her friends. You receive random messages with a link in it. Never click on links or engage with unsolicited direct messages. If someone is trying to contact you, can you don't know them? There's no reason to continue the conversation someone insists on taking the conversation off social media and asks to text them. Don't do it, you're asked to send money or crypto.
13:27
Just don't know, It's not a great deal, no, you really aren't going to make tons of money or crypto in exchange. I know three people in the group that have fallen for some of these social scams where be invited to a new trading platform, and you might get some bonuses for going and putting a little bit crypto because they're doing so well. And so, as time goes on, they asked for more crypto, because you login there and you're like, Oh, my goodness, you know, it's, it's five times what it used to be.
13:57
And so then you put more money and you put more money in and then when you try to take it out, well, it's impossible, number one because it's not there and number two, they'll ask for things like, well, you know, we need $1500, you need $3000 for wiring.
14:12
Because we have to have it run through our attorneys or there are many, many excuses and they asked for more and more money and you never get your money back or with someone like Caitlin Brown. Keep it, self custody, just don't trust. Like I said, right up here, assume everything incoming. It's a scam. Coinbase reveals its own attack case. How hackers breached the system through layers of social engineering? and this is the company that's keeping your crypto coin base employees fell for social engineering, you shouldn't. So, how can you prevent social scams? These are just some basic, simple suggestions, and it's to make you think, so make sure you secure your computer, secure, mobile devices. Use a hardware wallet. Don't use public WI fi. Always use the password manager always use two FA MFA on sites.
15:00
That's going to be really important lean forward. Use a service, like proton mail for trading accounts and separate your crypto trading your financial side of things in a different e-mail.
15:12
Don't use your personal e-mail so that people don't really know what e-mail address that you're using for your financial things, secure your cell phone from sim swap attacks don't rely on SMS for two FA. So don't rely on a text message to have your two FA. Don't leave your coins on an exchange. Don't connect your accounts with an API key. And some of you may not understand what that means, but let's say you're using trading view. There is the ability to hook up trading view with an API to an exchange, and so that you can trade crypto from trading view. Also, consider what you're doing, when you go across a border, you don't necessarily need to take your ledger and if you do need to take your ledger, make sure that on ledger life, or other wallets that you remove all the different accounts.
16:03
If you're asked to produce what is on your ledger, because now everybody knows what a ledger is. If you're going across a border and someone says, Hey, we need to see what you're crossing the border with. Well, it's illegal for certain amounts of money.
16:18
And if you need to bring your ledger, maybe what you need to do is on Leger Live, remove all your accounts except for maybe one. It's a small amount so it doesn't look like you have a lot of crypto because when you go into different countries and someone might know that you have a lot of crypto. Well, there could be the $10 wrench attack.
16:39
Which yes Means you're physically attacked for your crypto.
16:43
So just be careful of what you're doing, when you travel.
16:47
For the majority of you, these are just reminders of what good secure practices are.
16:54
And you can find a PDF of this document down below the video. There's some cool links in it. There's security report that talks about wallets. There's the best crypto, wallets, and another one. So go ahead, click through those, inform yourself on what some of the best ones are.
17:16
one of the things that I learned in this report is that the app rating, there's different app ratings for meta mask based on the browser that you're using.
17:29
So if you're using meta mask, the best browser to use is Firefox.
17:35
So take a look through that.
17:38
Enjoy, Hopefully, that you've learned something new today.
17:42
And everybody, have a great day.