Hello my fellow Steemians and Crypto investors,
The greatest fear of all Crypto Investors is a common one: To have their coins stolen by a hacker that has installed malware/keylogging software on their computing devices.
Smart, wealthy (relatively speaking), investors protect their coins in hardware wallets, which are the best, most secure option available. However, they are still expensive for most small time investors who have just starting investing in crypto currencies. If they are only investing $10 here and $20 there it makes no sense for them to buy a hardware wallet that is much more expensive than their total holdings. Also, they may not be available for shipping in the places where they live.
The usual way small time investors store these coins is within a third party exchange. This is both wrong and dangerous! You should never keep your coins in an exchange a second longer than it takes to trade them. Exchanges get hacked all the time, they go offline for various reasons and are subject to the laws and regulations of the countries they reside in, which means your coins could be frozen at the whim of politicians at any time.
Also most altcoins are not supported by hardware wallets. If the coin(s) you are betting on are not supported then you are out of luck.
Steem is particularly vulnerable
No Hardware Wallet currently supports Steem or Steem Dollars. The only thing keeping your funds safe are a set of long keys, impossible to remember, that eventually you have to copy and paste on your browser to transfer funds.
Any keylogging malware tracking your clipboard could easily transmit these keys over the internet. The use of a different key for posting mitigates this issue somewhat but eventually your will have to use your master or active key to transfer funds and, if you are infected, you will lose your funds fast! I’ve seen whales here on Steemit with many thousands, even millions of dollars, that are not aware of this issue and how unsafe their funds really are.
Until your favorite altcoin(s) are supported by hardware wallets you have to protect your computer from malware fiercely. You must keep your operating system updated, have good antivirus software installed and run anti malware software such as MalwareBytes at least once a week.
But this is not enough! Antivirus are not perfect, they can miss some of the malware available out there, and, keep in mind, all it takes is a single chance to steal your keys. If you want to be as safe as possible, you want to have all the software currently running on your computer be inspected by not one, but by more than 50 antivirus engines by doing what I’m about to explain below:
Process Explorer + VirusTotal.com, a match made in heaven!
The free website VirusTotal.com is super useful. You can submit files to it and it will run them against more than 50 of the top antivirus software currently available. If that file is infected, chances are the infection will be detected.
However, you likely have many hundreds of services and executable programs running on your PC at all times. Submitting them to VirusTotal.com one by one would be very time consuming an complicated for most users.
Introducing the free Process Explorer tool provided by Microsoft’s Systernals! This tool will automatically send the signatures of all processes on your PC to VirusTotal.com and let you know right away if any of them are infected by Malware.
When VirusTotal.com runs the files it gives them a "score" consisting of two numbers. The first tells you how many Antivirus engines reported the file as infected, the second, how many antivirus engines it was run against. The score looks similar to this "0/67" or "1/65".
Sometimes the first number would be 1 or 2 and that's fine. It usually means false positives returned by a small number of the antivirus software. However, when you see red scores where the first number is over 5, you can be almost certain the file is malicious and you have been infected by malware.
How to show VirusTotal Scores in Process Explorer
First download the tool from https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
You will get a Zip file, decompress it to a Program Files folder or to a USB flash drive, yes, the tool is portable, you can run it from a USB flash drive, so cool! (If you don't know how to decompress a Zip file by now go ahead and move to Sentinel Island, you are a caveman and don't deserve living in this civilization :)
Right click on "procexp.exe" and select Run as administrator. The software needs elevated privileges to "see" everything that's running on your PC.
Activate VirusTotal checking as shown in the image above
Click Yes to agree to VirusTotal's Terms of Service
If the VirusTotal column doesn't show up add it by selecting it as shown in the image above
If you see scores in red where the first number is higher than 5 then you are infected. Submit the file to your antivirus company, kill that process right away and stop using the computer for crypto transfers until you are certain the infection has been detected and cleaned by your antivirus software.
Even though Process Explorer + VirusTotal.com will very likely detect most hidden malware running on your PC this process is not infallible. There’s some very advanced malware out there known as RootKits that can so deeply penetrate the defenses of your operating system, they won’t show up under the list of running processes in Process Explorer.
To be safe, you'd want to run a RootKit scanner such as this one provided for free from MalwareBytes to detect such craftily hidden pieces of software.
Make sure you download it, update it and run it at least once a week on your PC, or before you do any cryptocurrency transactions that involve copying and pasting of master keys.
Nothing is 100% secure. Get a Hardware Wallet!
If you follow these steps you will be safe against 99.99% of Malware out there. Your “house” will be among the most well protected in the neighborhood so hackers will likely just move on and attack other softer targets, which is what you want.
However, this still leaves software known as Zero Day Exploits. This is the kind of advanced software that Governments and Big Corporations buy for millions of dollars. There’s isn't any safe way to protect against them, antivirus won’t detect them at all. They may even be baked in in your operating system, courtesy of companies cooperating with government agencies, to provide them with friendly backdoors. But, don’t despair, you are not Edward Snowden, governments are not likely to spend millions of dollars and waste their Zero Day exploits on you so can relax :).
Though the steps provided in this article will protect you fairly well, you should still try to get a Hardware Wallet as soon as possible. They sign transactions in isolation from your computer so they are very safe. Also, support and press the developers of your favorite coins to provide Hardware Wallet compatibility so that their users are really safe from hackers stealing their coins.
Have you used Process Explorer before? Did you know you could activate a VirusTotal column in it?
Do you have other methods to protect your computer from hackers and malware that you want to share with the community?
Feel free to share your thoughts on this post with the Steemit community in the comments below!
What have you been doing this crypto winter?
Accumulating patiently like a professional hodler.
Panic selling like a hopeless noob.
If you answered 1, go ahead and download Crypto Millionaire from the link below. This app will help you diversify in a smart way, especially right now that' it's such a good time to buy the millionth of supply of top coins on the cheap.
If you answered 2, sell everything and become a pimp. It's the only way you will be able to keep selling bottoms, haha!
DOWNLOAD CRYPTO MILLIONAIRE from Google Play
CHECK OUT MY PREVIOUS POSTS:
Don't forget to tell the community what you think of this post in the comments below.
Follow me for updates news and commentary on "sane" crypto investing.
Happy crypto investing!