badopsec,

Bad OPSEC in crypto: Five basic things to avoid

GoodOpSec.org GoodOpSec.org Follow May 12, 2020 · 2 mins read
Bad OPSEC in crypto: Five basic things to avoid
Share this

All related to simple common sense and operational security, none concerning anything gray or illegal here.

In short, here are the basics of what not to do for good opsec in crypto.

Good OPSEC fail #1: Buying hardware wallets second-hand

This is a scam that surprisingly many crypto beginners fall for. Instead of buying a crypto wallet from the official e-shop like shop.ledger.com, they go to a marketplace like Amazon or eBay and buy it from a random person for a little less.

These cheaper wallets usually have been tampered with.

Once you set up a wallet and send coins in, they will be transferred to a different owner.

How to do it right:

  • Buy hardware wallets from official stores, or authorized retailers: https://shop.ledger.com/pages/retailers/
  • Always check packaging of your wallet. There will be a safety seal that should be immaculate.

Good OPSEC fail #2: Backing up private keys electronically

Never store your seed or wallet backup files in Dropbox or any other cloud storage.

Your seed should be written on paper and stored safely.

There are kinds of data that should never be stored digitally.

Good OPSEC fail #3: Never updating your wallets

A typical problem of long-term holders is they will chuck their crypto on a Ledger Nano S and forget it. Then, two years later, they cannot access it.

Just go the Ledger wallet forum on Reddit on any day. There will be someone freaking out.

How to do it right:

  • Subscribe to your wallet’s forum. For the Ledger wallet it’s at r/ledgerwallet - this is the official subreddit, the Ledger CTO posts there. Check it out bi-weekly to see if an update was rolled out.
  • Set some time every month to plug in your hadware wallet, log into the wallet app and just see if all works and if you can update something.
  • Get multiple wallets and try to send random small transactions between them every couple of months, to see if that works too.

Good OPSEC fail #4: Never trying to recover your wallets

This can be a problem for the early adopters of any cryptocurrency. Be it BTC, ETH, XMR - all those had major changes in the codebase at some point. If you rely on being able to just type in a seed into the latest wallet and recover your account, you might be in for a not so nice surprise.

Don’t just buy and forget. Try to recover your funds every couple of months.

Good OPSEC fail #5: Keeping money on exchanges without trading or lending

Just don’t.

Crypto Wallets for Good Opsec
  • Ledger Nano S hardware wallet for your daily use or trading wallet.
  • Ledger Nano X hardware wallet for a bigger chunk of your holdings that will accessed only from a [tiered device](/ownbank/).
  • Metal wallet for your cold storage: Fire-proof, impact-resistant stainless steel by either BillFodl for shipping from the US or CryptoSteel for EU.
Join us on Reddit
Get the latest posts from the crypto opsec community!
 
Related posts

OpSec in Crypto: Fundamentals

Fundamentals of Crypto OpSec

In basics, Dec 15, 2019

Technology is not bulletproof

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco...

In blog, Dec 18, 2019

Fundamentals of OpSec in Crypto: Checklist

Your Cheatsheet of basic Opsec in crypto

In checklists, cheetsheets, Dec 19, 2019

Be Your Own Bank (PDF Guide & Checklist)

The Swiss bank account in your pocket. Be your own bank. It sounds all cool and that, like stick it to the man.

In checklists, Dec 20, 2019

Bad OPSEC in crypto: Five basic things to avoid

All related to simple common sense and operational security, none concerning anything gray or illegal here.

In badopsec, May 12, 2020
GoodOpSec.org
Written by GoodOpSec.org Follow
GoodOPsec.org - Resources for crypto opsec.