Blog
Is My Crypto Wallet Compromised?
Have you ever wondered if your crypto wallet was safe and whether it could have already been compromised, without you even knowing? Are you worried that one day all your crypto might get stolen without a warning?
“Your crypto wallet may already be compromised”
If you have to ask yourself that, then you likely haven’t taken the necessary precautions, as outlined in our crypto security guide, and your crypto wallet may be compromised indeed. Given the nature of crypto, you should not expect any warning signs before it happens, which is why you must make sure to protect your investment ahead of time.
“But my crypto is still in my wallet…”
Just because your funds are still there, it does not necessarily mean that they are also safe. The attacker might just be waiting for you to transfer in a bigger amount, knowing that once he steals from you, his presence will be known and opportunity for further profits gone.
“Crypto is safe, but not immune to user error”
This post is not meant to cause panic or instill distrust for crypto in general, but rather to show you there is an easy and a rather affordable way to keep your crypto funds entirely safe. Any potential loss will be your fault and your fault only for not informing yourself on time and taking the proper safety precautions.
“How do I know whether my crypto wallet has been compromised?”
Given the nature of how crypto and crypto wallets work, you really can’t know, unless you’ve made sure to set up your crypto wallet securely to begin with, in which case you know you are safe.
Here is a safe rule of thumb:
- If you ever held your private keys even for a moment on any device other than your hardware wallet, consider them burned
- If you ever even just displayed your private seed phrase on your monitor, consider the entire wallet burned
In which case:
- Consider the entire wallet burned and move your funds to a safe hardware wallets address as soon as possible.
- Do not import old software wallets seed phrases into your hardware wallet as you will achieve nothing by doing so. Instead, send the funds over to the new wallets address, one that was freshly created on the hardware wallet itself.
- Once the old wallet is empty and all the funds have been transferred to a safe address, do not use to old one anymore.
For more details on the matter:
- How to keep your Ledger hardware wallet safe
- How to keep your crypto seed phrase and your private keys safe
“Are you sure you are not overreacting?”
Some might argue that this is being too cautious, too extreme, or even too paranoid. But it really isn’t, or at most, it’s a healthy dose of paranoia that you have nothing to lose to (other than the cost of the cheapest hardware wallet ~$59), but everything to gain from in the long term, as proper safety techniques will save you a lot of money over time. Even if there’s only one in a thousand chance that your software wallet gets compromised, it is not worth the risk. And trust me, it is higher than that and will only get higher as crypto becomes more mainstream.
Just think about how many of the people you know were ever infected by a computer virus. It’s probably like one in 20 that you know of, one in 5 that you don’t know of, and very likely every single one of them (including you) at some point in time, that even they probably were not aware of, as it was not openly attacking them or causing visible damage, despite being present and doing things it was programmed to do in the background. Any of those viruses could steal your private keys, seed phrases or passwords held on your computer or phone, if programed to do so, and more.
The more people start using crypto, the more viruses will emerge trying to steal it. And that is just viruses and worms randomly distributed through various means, including just randomly attacking computers online, and does not even account for deliberate attacks on you by hackers that might target you specifically, knowing that you hold crypto on your device (usually computer or phone).
It can be someone you know, someone your friend told about you in a casual conversation discussing crypto, or just a random person on Reddit, Twitter, Youtube, Facebook or another platform, that based off of your interests or posts can assume you might be holding crypto. If you’re a part of any crypto groups, if you ever posted about crypto, if you ever shilled a coin that you want to succeed, if you ever bragged about the enormous returns your small investment in crypto made you, or even if even just shared or liked a crypto related post… you are a target.
If you were never to be attacked, you are at worst out $59 (though even just the peace of mind is more than worth it IMO), if however your were to be attacked, then this $59 might just be your highest return yielding crypto investment of them all, as it basically saved your entire account and without it you would be left with nothing.
So do not think twice about it, buy a hardware wallet and make sure to set it up securely, a process that we will show you step by step in our next post.
* Security related devices should always be bought directly from the manufacturer or official distributors. Never buy second hand, which includes “brand new, still sealed” offers on Ebay or “fulfilled by” Amazon, in which case Amazon is only acting as an intermediary between the seller and you and is not the actual source of the product. Your best bet would be buying directly from the manufacturer, as at only $59 you are not likely to get it much cheaper elsewhere anyway (including the shady second hand deals that you are to avoid) and the few dollars you might be able to shave off are not worth losing the peace of mind and additional risk that comes with it.
Just as predicted, the market has certainly reacted to Elon Musk’s latest tweets, pushing crypto into red. Obviously there’s always more to it than just a single celebrity Tweet, but it is a good catalyst for whales and institutions to further manipulate the market, at which point retail panics, stop loss orders eventually start kicking in and everything goes red from there.
Makes one wonder, assuming Tesla hasn’t sold their Bitcoin (BTC) as promised they wouldn’t, how does the latest FUD spread by Elon Musk benefit them. After all, if they still hold their Bitcoin, they stand to lose quite a bit as well, and while retail hodlers can just HODL through all the FUD and come out on top in the end, publicly traded companies actually need to comply with a separate set of rules and keep the unrealized crypto losses on the books as well. Something Tesla and Elon Musk are certainly aware of, which makes public statements with an excessively negative tone towards Bitcoin even more strange and mindboggling.
People argue they will probably just buy more as it dips, then make a nice profit as it pumps back up again, but that would come off as a pure market manipulation, especially given the perfect timeline of how they’ve first stopped accepting BTC, then all the Musk Bitcoin FUD that followed, including but not limited to Elon calling BTC centralized, just to eventually buy more of it as it dips.
Is it possible that a person as smart as Elon Musk is still just a human with emotions that can get the better of him and sometimes speaks before he thinks even when smart money would be on remaining silent? Or is there more behind it… only time will tell.
There are two things a Ledger owner should ensure in order to keep his Ledger wallet safe.
- Never disclose your seed phrase to anyone, it is your most valuable crypto related possession!
- Verify the transaction amounts and addresses on your hardware wallet’s screen!
Always review the transaction details on your Ledger device as a fake ledger Live app or another type of malware or virus could alter the addresses and amounts you type into the Ledger Live or another connected software wallet, before they are received by your Ledger device for confirmation. As long as you make sure the addresses and amounts on your verification screen correspond to desired values, and keep your seed phrase safe (must read!), you should be fine, even if your computer or software wallet app gets compromised.
But What if my Ledger Wallet Gets Stolen?
Unless you wrote your PIN on the Ledger device, the device cannot be used to access your funds even if physically stolen. After 3 wrong attempts, the thief is locked out and the device along with your seed code and all the stored private keys gets wiped. This is not a problem, however, because you can always restore your account on a new Ledger device by typing in the recovery seed phrase you keep in a safe place. The PIN can be long anywhere from 4 to 8 digits, and assuming you are using at least a 5 digit PIN, the chances of a thief guessing it within 3 attempts are slim to none.
More about seed phrases and how to store them.
Your 24-word seed phrase is CRITICALLY IMPORTANT and so is its safety.
We cannot stress enough the importance to keep your recovery seed phrase and your private keys safe and secure, outside of the physical and even more importantly digital reach of ANYONE not you.
No one should know your seed except you. If you ever lose or break your ledger, or forget your PIN, the ONLY way to recover access to your assets will be by re-entering this 24-word seed in another hardware wallet device. Entering it into a software wallet is unsafe and should only be used as a last resort (just don’t).
The 24-word seed is your master private key to access all your crypto account derived from it (i.e. secured by your ledger device).
The value of your seed is the total value of all your crypto assets controlled by it. There is no single asset more valuable than your recovery seed phrase.
Your seed phrase gives full access to your funds to anyone in its possession, and does not require access to your device, your PIN code or your passwords in order to use or abuse.
If you lose your seed, and one day your ledger device breaks or malfunctions (that can happen with any electronic device), you would lose forever access to all your cryptos.
To be extra safe, you should have 2 physical copies of your seed in two different locations, in case your house burns down along with your seed and ledger, then you would not lose access to your crypto assets.
- How to store your seed phrase properly
- Steel product for storing your seed phrase on a fire, water and damage resistant medium (link to buy)
If your seed gets compromised it means you haven’t secured it properly and someone (or malware, most likely) got access to it.
Common causes of leaked seed words and private keys
Do not do the following with your seed words:
- Do not use a seed phrase that came pre-printed (if) on a card with your Ledger or other crypto wallet of choice (the common pre-seeded package scam, where a scammer inserts a pre-printed seed phrase directly into your then re-sealed box, hoping that an unsuspecting non-savvy customer would not realize the scam and use that seed-phrase, that scammer has a copy of, to set up his new Ledger device). Return such package immediately!
- Do not use your old software wallet’s seed phrase in your new Ledger device as migrating a potentially compromised seed phrase over to a hardware wallet will not keep you safe. Never use a seed phrase that you ever used anywhere else other than on another hardware wallet. Only use a seed phrase that you created directly on your hardware wallet from scratch and transfer the funds from your old software wallet(s) over, leaving the old unsecure wallet(s) behind.
- Do not take a photo of your seed words with your phone (which happens to be the most common sources of leakage, as malware or hacker gains access to your photos, either on your phone or as they get uploaded to the cloud)
- Do not type or in any other way enter your seed words on your computer or phone. For instance, to send an email to yourself for safekeeping, thinking it would be safe and easily accessible there (second most common source of leakage)
- Do not enter your seed phrase in “Ledger Live” or any other app or wallet, even if it claims you need to do so in order to recover from “damaged Ledger memory” or to “unlock your wallet”. Those are known phishing scams! The legit Ledger Live will never ask you for your seed phrase and if it happens, rest assured it is not Ledger requesting you to do so. Only ever type your seed words straight into your Ledger hardware wallet and nowhere else!
- Do not enter or store your words in a computer, phone’s notebook, digital notepad or any app, website, cloud or other digital device / service, other than your hardware wallet, as they can all get compromised.
- Do not have your words in sight of any webcam, laptop cam, phone cam, home security cam or any other camera whatsoever.
- Do not print or photocopy your seed words using a computer printer, a wireless printer or a commercial copy machine as they can all be compromised.
- Do not digitalize your seed words in any matter, even if just to encrypt them with a computer, thinking they would be safe that way.
- Do not send your seed phrase to any “support” representative. NO legit support person will ever ask for your seed phrase!
- Do not respond to any unsolicited messages online (Reddit, Facebook, Youtube etc) offering you crypto related “support” even if they seem legit representatives of companies or services you are in business with. They probably are not who they say they are. And definitely do not follow any links to “initialize your wallet” etc, which is a known scam. While this alone will not put your seed phrase in danger, assuming you followed all the other rules above, you do not want them to potentially compromise your system, which can lead to a plethora of other problems, nor do you want to be on their list of “receptive” targets in the future.
As a rule, never expose your seed words and your private keys to anything digital, other than your hardware wallet, and keep them safe outside the reach of others, including your otherwise trustworthy family members that might not be aware of the necessary security precautions we have just outlined here.
We all make mistakes though, so in case you ever did take a photo of your 24 word seed or at some point in the past, entered it in a phone or computer or anything digital, you should consider that your seed could be compromised, and move all your crypto assets to a new hardware wallet generated seed ASAP.
Other than that, use common sense and if something looks or feels fishy, investigate and research further. Never click first and ask questions later. And never give your seed phrase to anyone from any “official support”. If they ask for your seed, they are NOT. And if they contact you through private channels first (unsolicited DMs or emails), you are best off just ignoring them as any sort of reply, even a negative one, will mark your contact as active.
Also, make sure your family and heirs / next of kin could have access to your seed, in case something happens to you (e.g. you die). Without it, they will never be able to get access to your crypto assets should you be incapacitated or gone.
-
Blog3 years agoKeeping Your Ledger Hardware Wallet Safe
-
Blog3 years agoWhat is Elon Musk Going to do on SNL?
-
Blog3 years agoImportance of Your 24 Word Recovery Seed Phrase and How to Keep it Safe
-
Blog3 years agoThe Latest Shitcoin Marketing Ploy Backfires as Vitalik Buterin “Pulls the Rug” on Doge Copies
-
Blog3 years agoDogecoin Did Not Plunge Because of Elon Musk SNL Appearance
-
Blog3 years agoHow Does Bitcoin FUD Benefit Tesla and Elon Musk?
-
Crypto3 years agoVitalik Buterin Says Elon Musk’s Plan for Scaling Crypto is ‘Fundamentally Flawed’
-
Crypto3 years agoCumRocket and the Power of Elon Musk Tweet
You must be logged in to post a comment Login