Come on in! It’s a bit chilly outside, as you can see, and you’re welcome to stay here with us all month long—warm yourself up and grab a cup of hot cocoa!
Throughout the month of December, come back and visit us each day for a new #MyCryptoWinter tip.
This year we’re partnering up with some fantastic friends of ours to provide solid tips & prizes. Thank you to Aave, Axie Infinity, Brave, CoinGecko, Ledger, Status, and Uniswap for joining us!
These daily tips will help you survive not only the winter, but help you navigate the crypto world and the internet in general! With us, you’ll stay safe, secure, and full of knowledge that you can apply to yourself and others.
Today is an easy day—all you gotta do is post this and invite others to join!
Everyone uses Telegram, but Telegram is notoriously bad with default security settings. Your entire account is tied to your phone number, and that's dangerous.
There are a few important settings that you need to make sure are set properly:
Enable Local Passcode: 'Settings' & 'Privacy and Security.' Add a PIN under 'passcode lock.'
Disable Discovery: Navigate to 'Settings' & 'Privacy and Security' & 'Phone Number' and select 'Nobody.'
Deactivate phone calls: Choose 'Nobody' under 'Settings' & 'Privacy and Security' & 'Phone Calls.' Add exceptions for people you trust and do want to be able to call you.
Lastly, Enable 2-Step Verification.
Your email account is oftentimes a single point of failure. Access to your email is like access to your entire life, so you need to Lock. It. Down.
Go to https://myaccount.google.com/security.
Click '2-Step Verification'
Return to https://myaccount.google.com/security.
A browser can store a lot of things that can be used against you.
Consider creating a browser profile that you only use when you're interacting with cryptocurrency. This'll keep your crypto-specific extensions, settings, caches, and everything else behind an additional layer of protection.
There are also plenty of non-crypto use cases for browser profiles—they're extra helpful if you share a computer with more than one person (which is another reason to be security-minded). You can even use guest profiles!
This tip brought
to you by Brave!
The internet is dark and full of terrors, also known as fake websites, browser extensions, and applications that are designed to steal your cryptocurrency directly from your wallets.
Fake websites: Phishing Campaigns Take Aim at Web3 DeFi Applications
Fake extensions: Discovering Fake Browser Extensions that Target Users of Ledger, Trezor, MEW, MetaMask, and More
Fake applications: Intercepting and Saving $5,000 Worth of Phished Crypto
There are many ways to avoid interacting with fake websites and installing fake extensions and apps:
Nothing makes us feel warmer than knowing our cryptocurrency is safe in cold storage. Simply put, you need a hardware wallet.
Have friends or family who are dabbling in cryptocurrency this year? They need one too.
Ledger and Trezor are two major hardware wallets and they've been on top for years. They both support various cryptocurrencies including ETH, BTC, and others, and both work seamlessly with MyCrypto. The Keycard is an up-and-comer from our friends at Status!
When signing up for services or creating accounts and entering personal information into an application, ask yourself:
Try to look for tools and services that do not require divulgence of unnecessary Personally Identifiable Information (also known as PII).
This tip brought
to you by Status!
Ethereum 2.0’s Genesis event recently occurred and the beacon chain is officially live!
With ETH2 comes a whole lot of product upgrades and staking (proof of stake) - something that many aren’t yet familiar with. And with unfamiliarity comes opportunity to be tricked and scammed.
Take some time to learn about ETH2 today:
We’ve recently published an article that has all of these answers and more.
Public keys are inefficient and impossible to memorize. Thankfully, the Ethereum Name Service is here to solve that.
You can easily have one name for all your cryptocurrency wallets, set up a decentralised website, and more - all with the security and decentralisation of the Ethereum blockchain.
Visit ens.domains right now and get started with your very own address.
One stipulation with this is that you need to be careful about revealing your identity. If you assign an identifiable name to one of your addresses, you’ll be connecting yourself to that address and every address it has interacted with.
This tip brought
to you by Axie Infinity!
Enable 2-Factor Authentication everywhere you can. Start by downloading and installing Google Authenticator for Android or iOS.
Also, consider getting a Yubikey or other physical 2FA device and use it for accounts that support it.
This tip brought
to you by CoinGecko!
An active session is when you're logged into an application (or website) on a device, which then allows you to open up the app again later on that device and still be logged in. This is convenient and generally fine if it's a personal device.
However, leaving active sessions untouched becomes risky over time. If one of your old (and still logged in) devices gets in the wrong hands, it can be catastrophic. Let's avoid that risk.
Example - How to clear your Twitter active sessions:
Click this link to skip to the proper section, or go to Twitter > Settings and privacy > Account > Apps and sessions to review all the devices that have access to that account, their login times, and their locations.
You can revoke singular sessions that you don't recognize, or click 'Log out of all other sessions' to do it all in one fell swoop.
Bonus!
It may be MyCryptoWinter, but it has been the season of DeFi all year long as well. And unfortunately with anything new and anything good, comes plenty of the opposite - scams, exploits, rugpulls, and other bad things.
Here are a few ways to avoid getting rugpulled:
With the amount of surveillance, tracking, and data-collecting in the world today, not having a VPN is essentially asking to be exposed. A VPN is a key tool for protecting yourself, and helps by:
A few options:
VPNs have a variety of features and toolsets, and it may be helpful to view this comparison chart to find a VPN that fits your needs.
Custody is an important term to understand—if you don’t hold the keys to your crypto, is it really your crypto?
This oftentimes boils down further to centralization vs decentralization, and generally we’re always going to recommend that you lean towards decentralization and self-custody, aka not keeping your funds in centralized services. These services almost always require giving up your information with KYC as well.
If you’re inherently irresponsible or concerned about your ability to manage your own funds, it’s reasonable to consider a centralized exchange/custodian/etc.
A vast majority of the time, it’s much better to hold onto your own keys and manage things properly yourself. Decentralize your life by using noncustodial wallets, exchanges, and other services.
This tip brought
to you by Uniswap!
SIM-Swapping happens to a lot of people, and if you’re in crypto you are a potential target. Protect yourself with a few quick preventative tips:
For a full breakdown of how to prevent SIM swaps, how to handle a SIM swap that’s currently happening, and how to rebuild after a SIM swap attack, check out our comprehensive guide.
Cloud storage is extremely convenient but is an extremely dangerous attack vector and that risk is often overlooked. If your cloud storage is compromised, you’re gonna have a bad time. Let’s lock it up.
Cloud storage being compromised is the reason for many highly-publicized leaks. And it’s not just personal accounts either -- company cloud storage breaches happen all the time. Secure your storage.
This tip brought
to you by Ledger!
When interacting with various products in this industry, you’re prompted to connect your account and allow that product to use/spend your cryptocurrency. This is common and expected, but those allowances may be unnecessarily large, or even infinite, and give that product much more power than it needs.
Make sure to update and/or revoke unnecessary token allowances by visiting https://revoke.cash/.
You may be surprised by what you see there.
Cameras are windows into the world, and webcams are a window into your personal world. They're also easily accessed by a hacker that knows what they're doing. It's a best practice to cover your webcam when you're not using it.
Webcam covers aren't just for webcams! In addition to covering up your desktop or laptop webcam, you can cover up your phone cameras, Amazon Echo, Google Home Hub, or Facebook's Portal.
Hackers use personal information that is freely available on the web to target you for attacks like sim-swapping, phishing, social engineering, or recovering your account via “security” questions. Google yourself and:
More reading: https://edu.gcfglobal.org/en/google-tips/google-yourself/1/
Keeping regular backups of your devices is a healthy practice. This includes not only your phone, but your computer too. What would you do if you lost your computer, it was stolen, or was somehow irreparably broken? If you had a backup, it’d be less painful.
Lets face it. Many tout the importance of security, but few follow through and change their passwords at proper intervals. Maybe you even have a few passwords that haven’t been changed in years. Time to fix that!
Here are a few helpful pointers:
Whenever you install a new app on your phone or browser or connect to a service via Twitter or Facebook (and many others), certain permissions are needed. ALWAYS review this.
Always look closely at what is being requested. For example, if a flashlight app is requesting access to your phone contacts... you should think twice.
Be EXTRA careful when something is requesting read AND write access to your Twitter.
Read access means that it can see things like your Twitter feed and see the tweets you’ve posted, but write access means that the service can post and delete tweets from your account for you. Double, triple, and quadruple check that this is a service you *really* need before you allow these permissions.
We’ve shared a ton of tips with you throughout the month and we’re not done yet!
Today, your mission is to share these tips with a friend, family member, or someone you know who could benefit.
Many of the tips throughout this month are second nature to you, but even the most basic of security practices are foreign to newbies. Onboard the people you care about so they start off on the right foot.
In this day and age, your information is everywhere. Every day it becomes more and more important to be cautious about what products you’re using and what information of yours is being shared.
Today, we want to re-state the significance of privacy and invite you to be anonymous.
It’s difficult to be truly anonymous, but you’re already on the right track by becoming involved in cryptocurrency. (of course you still need to be vigilant when using cryptocurrency, but if you do it right, you’ll retain more privacy than ever)
This tip brought
to you by Aave!
Today is the final day of MyCryptoWinter! If you participated in any way, shape, or form, we appreciate you. If you shared any of these tips on Twitter, with a friend, or applied them yourself to become more secure, you’ve done well.
THANK YOU to Aave, Axie Infinity, Brave, CoinGecko, Ledger, Status, and Uniswap for joining us this year.
Enjoy the rest of your holidays and have a happy new year!
We’ll finish collecting all the entries, announce the winners, and ship prizes out when the MyCrypto staff are back from the holiday break. Stay tuned, and happy #MyCryptoWinter!