Posts

How secure is your crypto?

avatar of @onealfa
25
onealfa
@onealfa
·
·
0 views
·
3 min read

Warning email

This morning I received (as probably many more people worldwide) a warning email message, that my hardware wallet LEDGER "may be affected by a major security breach". And that I should take an immediate action, and download an updated software version from a provided link. A well written, profi-style and personally to me addressed email, in a perfect English language.

I said - WHAT !? First thing what came to mind - how can my LEDGER wallet be in any way "associated with my email address" (as stated in that mail) ?
I can reset, and change my 24 word seed 20 times a day, and never ever I must enter anywhere my Email.

Second - How the funds can be under the "risk to be stolen" , if the private keys NEVER leave my Ledger, and the signed transactions can go to a dozens of their "infected Ledger LIVE servers", and it just has not, even theoretically, a possibility to do any damage. Transaction is signed, and it can travel through the unsecure media with zero risk. The basics of crypto.

After being in crypto for years, these first two things soon made me smile, and calm down.

Then I took a bit closer look.

This Email came from a domain @ledgersupport.io. Hmmm... ? Had I ever any communications with them before? NOPE ! Can I reach www.ledgersupport.io site in browser? Nope. Asked google, what it knows about this domain. And here it is - many fresh warnings on a phishing, SCAM attack these days. Issue closed.

So how much do you TRUST your hardware?

To be honest, I do not 100% Third party remains third party. No matter how good it seems. One of the basic rules of crypto world should always be remembered:
TRUST NOBODY ! Verify.

Several simple precautions principles is worth to follow, and can be used with ANY hardware wallet.

If your really think you should upgrade your hardware wallet's firmware, or associated ( LIVE ) software, follow this simple route:

  1. Do not rush. Wait a few days, or a week, after upgrade been announced. If something wrong - soon you will hear about it. As long as your LEDGER is unplugged, in a cold state - YOU ARE SAFE.
  2. Make sure you have your 24 word seed, which has been verified, and been used before to recover your wallet.
  3. RESET, erase you wallet completely.
  4. Create a NEW wallet, with new 24 word mnemonic seed
  5. Drop some $20 worth of crypto in this new wallet. (A bait for thieves !)
  6. Upgrade to a new firmware, new Ledger LIVE or other associated software.
  7. Wait few days, or a week, and see if your $20 crypto bait is still in place.
  8. If $20 bait is there - move them to you main, old wallet, and recover your old, main wallet with saved old 24 mnemonic phrase.

And finally - the main thing. NEVER EVER enter you 24 words anywhere online, or in a software, in application, or on a computer or phone, which is online, connected. Always assume, that your PC ( or phone, tablet ) is a place, where five dozens of trojans and viruses are waiting for you crypto day and night, 24/7. Always.

NO connected device is a safe place !

As simple as that.

@onealfa

Posted Using LeoFinance Beta