Cookie Finance Security Check 🔐
At Cookie Finance we continuously investigate new forms of malicious behavior in the cryptocurrency world.
It is our goal to protect our users from attacks or other activities that may lead to a loss of funds or investment.
This article will touch on general Wallet & Password security as well as some Windows-specific guidance to protect you and your funds.
Wallets & Passwords
Having a strong wallet and password combination is critical to your long-term security.
An intelligent crypto-investor will not keep passwords or private keys in notepads (.txt, Stickynote, etc) nor in word composition softwares (Word, Docs, Gmail, etc).
Avoid keeping confidential information for your accounts in any web location, or any computer connected to the internet.
Keys stored in easy-to-find locations, in formats without encryption are considered low-hanging fruit for the aspiring hacker — they will be picked if the reward is sweet enough.
Everyone at this point should have an old laptop that has refused to die; disable the wifi and use it in conjunction with a USB drive to keep your keys and passwords safe and in a hard to reach spot.
Remember, redundancy is incredibly important. Never keep all of your eggs in one basket. There is nothing wrong with writing down your keys and passwords and storing on paper in a secure location.
Researching these two will undoubtedly reveal many solutions for hardware and software key storage.
Just today Binance tweeted 7 easy steps to improve your Binance & Wallet Account Security.
TLDR; this article included guidance on:
- Password Strength
- Enabling Two-Factor Authentication (2FA)
- Using Universal 2nd Factor (U2F)
An additional article will be needed on U2F, however there are many popular 2FA options for both mobile and desktop applications.
Many of us use a combination of Metamask and Binance in various browsers and environments.
With regards to browser security it is important to have additional safeguards enabled to protect you from various forms of web-attacks.
Check out uBlock Origin and AdblockPlus for web-plugins for your specific browser:
Adblock Plus | The world's #1 free ad blocker
Adblock Plus is a free extension that allows you to customize and control your web experience. Block annoying ads…
These plugins reduce the connections established to your browser and stop countless forms of malicious attacks. Do not stop at native browser security, using any form of updated plugin will help protect your browser and wallet.
Targeted attacks can come in all forms. DMs from users pretending to be admins, DMs from scammers attempting to get you to click on links, imitation websites and exchanges.
You must be highly scrutinizing of all links that you click.
Recently, an old exploit has been revived which includes hiding Executable files (Trojans) in common or misnamed file types.
Screensaver (SCR/.scr) files are being being used to send executable files that can relinquish control of your Metamask wallet.
-Do not click on any random links sent to you on telegram.
-Do not download any files from people that you do not know.
-Make sure you check the file extensions of files you download.
You may have file extensions hidden by default (on Windows). Windows is good at making you think you are viewing the real extensions, but you are probably not.
INSTRUCTIONS FOR WINDOWS 10 ONLY
(Mac users can follow these instructions.)
Navigate to This PC and go over one tab at the top to “View”.
From the View tab, you will click the Options button at the far right.
The drop menu will have an option for “Change folder and search options”.
You will want to again navigate over to the “View” tab, and below will be an option for “Hide extensions for known file types”.
You will want to make sure this is unchecked so that you are always seeing a non-filtered version of filetypes.
Go look in your Downloads, Documents, Desktop, Pictures — you may be surprised by what you find. Lets hope you aren't.
Message @JBJFourier on Telegram if you see something weird, he will help you.
Lastly, we will quickly speak about Metamask wallet allowances.
If you navigate to one of the following websites, you will find your Metamask BSC wallet allowances:
Once you have connected your Metamask wallet, you will see a list of sites. You will most likely see ApeSwap, PancakeSwap, and many others.
These are sites that you have allowed to act on your behalf during your transactions.
Go ahead and remove any that you don’t need any more. They are not necessary and we want to reduce the exposure of our accounts.
Alright everyone, this article has gotten a little bit too long. I will try to have a monthly or bi-weekly security review to keep us apprised to BSC network security and best practices.🍪