You've been asking me for a long time and finally I decided to write an ultimative thread on an advanced (and authorial, please note) cryptocurrency storage technology π
Read carefully, there will be only Spy-level trips π
Read carefully, there will be only Spy-level trips π
1/X
Understand that all sorts of blockchain.info, TrustWallet, MetaM/\sk and other wallets are just interfaces.
Understand that all sorts of blockchain.info, TrustWallet, MetaM/\sk and other wallets are just interfaces.
2/X
Consider cold wallets, personally I do not trust Ledger or Trezor. There is a hardcore version BitLox Ultimate, which is literally stuffed with security-related features, lets the traffic through Tor, and has several levels of encryption: bitlox.com
Consider cold wallets, personally I do not trust Ledger or Trezor. There is a hardcore version BitLox Ultimate, which is literally stuffed with security-related features, lets the traffic through Tor, and has several levels of encryption: bitlox.com
3/X
Or an ascetic cold card which is a good choice for those, who love simple and clear mechanics. coldcard.com
Or an ascetic cold card which is a good choice for those, who love simple and clear mechanics. coldcard.com
4/X
Make a cold wallet yourself. For example, from an old smartphone. You can also make a cold wallet with Electrum and let all the traffic through Tor. Know AirGap weak sides.
Make a cold wallet yourself. For example, from an old smartphone. You can also make a cold wallet with Electrum and let all the traffic through Tor. Know AirGap weak sides.
6/X
Check what are you signing, if we speak about ETH L1 L2, never use your main cold storage for casual work, but if you have to, always check if there are no allowance approve (which allows to drain your wallet) or proxy behind which mentioned function may be hiding.
Check what are you signing, if we speak about ETH L1 L2, never use your main cold storage for casual work, but if you have to, always check if there are no allowance approve (which allows to drain your wallet) or proxy behind which mentioned function may be hiding.
7/X
Revoke approvals here.
Revoke approvals here.
8/X
Never use your main cold storage and Β«Back Office PCΒ» for casual work, but if you have to do it, use only open-source wallets like alphawallet.com, electrum.org, sparrowwallet.com
-
-
Never use your main cold storage and Β«Back Office PCΒ» for casual work, but if you have to do it, use only open-source wallets like alphawallet.com, electrum.org, sparrowwallet.com
-
-
9/X
Check out wallet rating: walletscrutiny.com
Check out wallet rating: walletscrutiny.com
10/X
Accept as a fact that if the device falls into the hands of intruders, only custom capacitors can save your money (so that you can not get directly to the brains and read electric signals) and other things like self-destruction, epoxy, and so on.
Accept as a fact that if the device falls into the hands of intruders, only custom capacitors can save your money (so that you can not get directly to the brains and read electric signals) and other things like self-destruction, epoxy, and so on.
11/X
That is, ideally, you can not allow physical contact in any case. You can use special logic bombs or logic gates, extra passwords that trigger some kind of security action, alert events on your address via tenderly.co or using 2/3 multi-sig.
That is, ideally, you can not allow physical contact in any case. You can use special logic bombs or logic gates, extra passwords that trigger some kind of security action, alert events on your address via tenderly.co or using 2/3 multi-sig.
12/X
One could also create a honeypot wallet and have a script that listens for tx originating from those addresses that alerts authorities, security companies and/or friends & family that you are under duress, perhaps even sending your location or last known location via GPS.
One could also create a honeypot wallet and have a script that listens for tx originating from those addresses that alerts authorities, security companies and/or friends & family that you are under duress, perhaps even sending your location or last known location via GPS.
13/X
Always double check an address you've copied to the clipboard. There is an evil software existing which can replace an address in your clipboard to a very similar-looking address which has the same symbols in the beginning/end as your address.
-
Always double check an address you've copied to the clipboard. There is an evil software existing which can replace an address in your clipboard to a very similar-looking address which has the same symbols in the beginning/end as your address.
-
14/X
Be aware of modern attack methods, carefully read step-by-step my Guide and a Compendium, you don't need a deep understanding of how hacks work exactly but that's important to know how does it looks like to be a victim:
- github.com
- graph.org
Be aware of modern attack methods, carefully read step-by-step my Guide and a Compendium, you don't need a deep understanding of how hacks work exactly but that's important to know how does it looks like to be a victim:
- github.com
- graph.org
15/X
Cold wallet attacks list:
- adatainment.com
- ieeexplore.ieee.org
- cossacklabs.com
- cipherblade.com
- arxiv.org
- bloom.co
- phishfort.com
- arxiv.org
- arxiv.org
Cold wallet attacks list:
- adatainment.com
- ieeexplore.ieee.org
- cossacklabs.com
- cipherblade.com
- arxiv.org
- bloom.co
- phishfort.com
- arxiv.org
- arxiv.org
16/X
Study threat modeling and establish all possible threats even if they seem crazy to you. Being suspicion is always a good thing. After all, fake news only works best with those who carry it to their acquaintances, becoming a kind of donor.
Study threat modeling and establish all possible threats even if they seem crazy to you. Being suspicion is always a good thing. After all, fake news only works best with those who carry it to their acquaintances, becoming a kind of donor.
17/X
In the same way with attacks, very often you may try to be hacked through acquaintances, pretending to be acquaintances or acquaintances themselves. Always keep this in mind. This world is cruel and dangerous.
- usenix.org
In the same way with attacks, very often you may try to be hacked through acquaintances, pretending to be acquaintances or acquaintances themselves. Always keep this in mind. This world is cruel and dangerous.
- usenix.org
18/X
For deals use escrow and tx alarm clock and with special services like safient.io, sarcophagus.io, safehaven.io.
- github.com
- github.com
For deals use escrow and tx alarm clock and with special services like safient.io, sarcophagus.io, safehaven.io.
- github.com
- github.com
19/X
Use OpenSource password storage, self-hosted link system, reliable communication method, use #OpSec services, be aware of the latest anonymity and #privacy techniques:
- keepass.info
- obsidian.md
- github.com
- docs.google.com
Use OpenSource password storage, self-hosted link system, reliable communication method, use #OpSec services, be aware of the latest anonymity and #privacy techniques:
- keepass.info
- obsidian.md
- github.com
- docs.google.com
Also check out my #OpSec guide github.com
Tip: use this tool when working w ith PDFs, CVs and such files πOr just use Qubes OS
Or make a paper wallet. Store it in reliable safe. Thatβs for the part of money, ideally is to split them.
Choose Water proof and Fire proof material for such purpose. Ideally is o use medical steel.
Why OpSec in general and Counter-OSINT in particular are important? Letβs take a look π
coindesk.com
This guy used his real name and/or a phone number associated with his real identity. Bad OpSec and no Counter-OSINT been used⦠These techniques might saved him.
coindesk.com
This guy used his real name and/or a phone number associated with his real identity. Bad OpSec and no Counter-OSINT been used⦠These techniques might saved him.
- Conduct an OSINT investigation against himself or hire an OSINTer
- All information that cannot be deleted by queries/abuse and complaints/attacks should be made unreadable by "obfuscation".
Example:
Visit my OpSec Map: github.com
- All information that cannot be deleted by queries/abuse and complaints/attacks should be made unreadable by "obfuscation".
Example:
Visit my OpSec Map: github.com
Loading suggestions...