OpSec in Crypto: Thoughts
0xB25C
June 1st, 2022

1. Why do you keep saying that cold wallet devices are not secure?

I am often asked why in my recent articles: about secure cryptocurrency storage, about an attack on old-and-forgotten hard-drives and on how hackers are caught I do not recommend using Trezor or Ledger devices for a main cold storage.

Well, I just took the two most popular devices and I have no preconceived notions about them. I believe that any technology itself cannot be bad, just that it can have different conditions for safe use and reasons for using it. So, let's get back on topic and look at these two samples using two different technical approaches. If you have a Trezor or Ledger, I can get data from there.

But there will only be a couple of attempts. That's why I've never recommended Trezor or Ledger... If the device falls into someone's hands, you're screwed. They have different approaches, you can read more about them here, here and here, but the gist is basically the same. There's a great fresh video on cold wallet hacking.

If you own something like this device, it is unlikely that it will be possible to restore anything without his participation. Because there are all sorts of cool, bulletproof features. Keep in mind that this is not a panacea and that you will be saved from some attacks (2) only by diligence and common sense.

In essence, cold wallet is just a pseudo-AirGap system (100% AirGap is impossible to achieve on Earth by definition, that's why CubeSat topic is so interesting) and it can be cracked. And you can make a cold wallet out of a regular phone, for example via airgap.it - there will be almost no difference from Trezor or Ledger!

The really safe thing would be to use something like a cold card or a "paper wallet". And it's better to keep a private key on the paper wallet, not a seed phrase. And hide it like pirates hide treasures. You can read about it here!

2. Why are you writing about Ethereum and OpSec when anyone can just get Monero?

Well, I’ve already done it. There is a huge demand for OpSec in popular chains as there are a huge flow of new people who have never heard of crypto. If new people I have talked about in my first post get scammed they probably become disappointed in a whole industry so my mission is to make this percentage lesser.

Anyone can use Ethereum securely, same with Monero, in which you should keep in mind way less security rules.If you need a bulletproof anonymity or ultra privacy, then read this awesome ultra hardcore guide and a DeepWeb «Bible»‎. Read my recent article dedicated to a «Timing Attack» or «Attack via a representative sample».

In short, it describes how hackers are caught. Read what counter-OSINT (counter-ADINT and counter-GEOINT) is. See how I investigate on-chain hacks. This skill will help you to get started anywhere. I’m not kidding, OSINT is a huge power.

3. What else can you advise to improve the system you already have?

Follow the 25 rules in this set, the first 10 rules relate to personal security, and the rest to corporate security, also keep an eye on the latest trends in crypto OpSec, that always makes sense. Don’t be afraid of links, you don’t need all of them but you should be able to pick up which will interest you the most for your own Pathway.

Use extensive measures when working with files and always keep an eye on the latest security trends even if your area is far from it. Take this subreddit and this awesome old & trusted resource as the first step. In our dangerous world anyone can become a target, especially in crypto.

One thing victims tell after being defrauded or attacked is “I can’t believe it happened to me”. Always remember that we all are a natural target for all sorts of attacks — from garden-variety cybercriminals to competitive spying.

That said, it doesn’t really matter what industry you’re in. If you have any sensitive, proprietary information at all, then you could very well be a target. This is a good thing to always keep in mind.

Learn the latest attack techniques, white-hat cheatsheets and defense methods, join hacker communities - because only with knowledge can we defeat the knowledge of hackers. In this intellectual battle the most prepared will win and I believe that it will be you, Anon!

May the Force be with you!


Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!

If you want to support my work, you can send me a donation to the address:

Thank you! ❤️

Subscribe to CIA Officer's Blog
Receive new entries directly to your inbox.
Collectors
View
#1
#2
#3
View collectors
This entry has been permanently stored on-chain and signed by its creator.