A few people I know were recently attacked & lost their crypto assets, I can’t disclose the details publicly but what they had in common was that their seed phrases were generated 3–4 years ago, they were all 12 words!
To add, all of the victims were using Windows and were mostly from Asian countries.
The advice so far is: Be careful when using Windows, use VM! Or install Linux. Generate a 24 word phrase in a safe way (I’m not sure about this tip, it’s just a little advice based on some concerns). Don’t rely on online Bip32/Bip39 wallet generators.
If needed, use web3_antivirus dashboard or RevokeCash / @cointool for an on-chain defense! The trust model around tips above isn’t as weak as you may seem to imply when the right countermeasures are in place:
Encrypt the system with VeraCrypt (on a MacOS — FileVault);
Install an VPN. Check out mullvadnet oVPN or rent a VPN + run it through Outline app;
Install 2FA on everything you can. Forbid password reset in mail, and on all accounts (Google, Proton, X, etc.). Always hide mail under an alias;
Set up an address book in the wallet — and enter (whitelist) your addresses. At the same time, don’t forget to check and verify them in the settings sometimes;
If you have to deal with a potentially infected PDF file — ask to download it in preview mode in advance (Google drive) or use anyrun_app or dangerzone.rocks. Alternatively, work with VM/Sandbox. You can use VM from VMWare and sandbox from Sandboxie;
You can protect yourself from hacking on a logical level as well. Just put a burner bot (github.com/codywall/Burner-Bot) at all of your wallets and securely protect it: or put your own Sweeper bot;
Put a canarytokens-based honeypot on your work computer. Make an HTML file, name it “seed phrase” and put a tracking pixel in there with canarytokens (or iplogger(dot)org). Put open notifications on your phone/bot. I will provide all data on request;
Install a “littlesnitch” application on your computer/router (under OpenVRT) and configure it correctly;
Always update your browser. It is best to use the original Firefox or Chrome. But you can use the solution similar to detect(dot)expert ;
Never work when you are sleepy, hungry or sick. If you feel vulnerable or just uneasy — the chance of being hacked increases dramatically. Always double-check the addresses pasted after copying to the clipboard (watch out for the crypto clipper malware).
Personal data protection. When you are active in blockchain and cryptocurrencies, you need to pay special attention to protecting your personal data;
Software updates. It’s important to update your software regularly, as developers are constantly releasing new versions with improved security measures.