A guide to personal and financial security when dealing with cryptocurrency

With the increasing popularity of cryptocurrencies, there are growing risks for those who in any way interacts with it. This guide will be useful to everybody who works with cryptocurrency in different fields. And it may be either a banal fraud such as an SMS request for verification codes, or the attack on the cryptocurrency. An inexperienced user may not even have a clue about how this happens, what is to be feared, and how to behave to avoid problems. In this article security experts recommend to follow a set of rules to stay anonymous on the web, thereby ensuring personal and financial security:

1. Use a separate notebook for any cryptocurrency transactions;
1.2. Do not connect to this notebook any third-party storage device;
1.3. No one except you (and those people who could inherit the crypto assets on your opinion) should be aware of the purpose of use of this notebook and other storage devices with the access keys;
1.4. Pay special attention the notebook has the latest updates to the minimum required set of programs and applications.
Pay special attention to the fact that your notebook should have the latest updates to the all programs and applications installed on it.
Security issues are used to be found in ActiveX, NET Framework, Internet Explorer, different parts of the Windows etc. Anti-virus software has to be updated timely for enough protection if you decided to use it although usage of this software does not seem to us undoubtedly obligatory.
Absence of security updates can cause identity theft, loss of data and damage of software. Thus to defend your computer from malicious attacks you have to use available updates.
Sufficient protection from malicious attacks can be provided to your computer in case of timely security updates.
1.5. Do not visit any sites (including search engines) except for the official websites to download the wallet installation files;
1.6. Do not install any programs except wallets and encryption programs;
1.7. Download wallets only from the official websites;
1.8. After installing the wallet make a backup copy, delete the wallet file and connect it from the backup. So you make sure the copy has been made successfully. Deleting a wallet program does not mean that you deleted the wallet file itself. It is usually located in the folder C:\Users\User\AppData\Roaming
1.9. Any file with the access key, pass phrase for the wallet and the password for 2FA:
1.9.1. should be stored in encrypted form (special file container) only, with the name not attracting attention and atypical extension, for example mp3 or avi;
1.9.2. should be used quickly to gain short-term access to assets for outgoing transactions, balance, or to make a copy of your wallet;
1.9.3. should not be used anywhere except this notebook;
1.9.4. should have at least two container file backups located in different locations, such as the unpopular cloud, for example;
1.9.5 Do not forget to make backups of the entire system, for instance, once a week, to keep a backup on separate storage device, thus, if your computer is infected with malware, you can always restore the entire system in its original condition.

2. It is necessary to allot a separate notebook for each purpose: whether it is a exchange, an ICO or any financial activity with cryptocurrency.

3. A separate smart phone with the configured 2FA should also be used for trading on the stock exchange and other cryptocurrency transactions.

2FA ('Two-factor authentication', or two-step verification) is a technology that gives to user identification through a combination of two different components.

2FA is not impenetrable to intruders but it seriously complicates their lives. To crack this authentication, "bad guys" will have to steal your fingerprints or to get cookies or codes generated by tokens.

The latter can be achieved, for example, by phishing attacks or malicious software. The Account recovery also can be used by intruders as a tool to bypass two-factor authentication.

4. Use a separate email account to register on exchanges or for storage of confidential information related to your cryptocurrency activity;
4.1.1. Do not create accounts to work with cryptocurrency on popular email services, such as Google, Yahoo, Baidu;
4.1.2. Use encrypted mail, for example https://mail.protonmail.com.

ProtonMail encrypts the email before it is sent to the server. The whole process of encryption/decryption takes place directly in the browser and encrypted data only is stored on their server. In terms of security this email service is better than most but in terms of anonymity it is not so optimistic. The use of JavaScript brings the whole anonymity to zero. That can not only de-anonymise but in some cases could lead to other scenarios.

The OpenPGPjs library is at the heart of the service. This means that the mail password is stored in Session Storage as a fully open process.

The service applies an encryption system using public keys implemented on the browser side of the user in JavaScript.

On the Internet there are many opinions about the impact on the security of issuing software code by the service at every request. Summing up, the gist is that at any time, for example, at the request of law enforcement, the service can provide them with the changed program code, thus opening access to the user's email password.

According to the statements of the ProtonMail team Swiss law cannot obligate them to install a backdoor. The full text of their application can be viewed here: https://protonmail.ch/blog/switzerland~.

The fact is that the service has the ability to change the program code at any time and this is a serious reason to think about because such changes may be relevant to specific users.

5.1. Tor ('the Onion Router') is a system of proxy servers, an anonymous network connection that provides encrypted data transmission. Multiple random nodes are used to transmit data. But which of them - no one knows. Therefore, it is impossible to understand what kind of site you have opened in the window of your Tor Browser.

But note that only the path (routing) is encrypted and the contents of the packets are not encrypted. Therefore, in order to transfer secret data, it is better to encrypt them beforehand (at least in the TrueCrypt) since the possibility of their interception (for example, with the help of sniffers) exists.

In addition this technology has several disadvantages:

- an ISP (or anyone who monitors your traffic) can understand that you are using Tor. He certainly will not find out exactly what you're doing online but sometimes the very fact that you're hiding something can have consequences. Note this and if possible use methods to strengthen the disguise if it is critical for you;

- any plug-in or add-on in the browser can "multiply by zero” all your anonymity at once, as the browser itself;

- the main problem of the Tor network are the constant attempts to break into the software from outside. Sometimes such attempts are successful and entire segments fall out of the Tor network. The conclusion is simple: Tor is not a panacea and any anonymity is relative;
That's why we recommend you to use Tor together with a VPN.

6. To complicate and make impossible tracking of your transactions in crypto currency network use the bitcoin mixer BESTMIXER. This service breaks connection between the source of your crypto assets and their destination, sending money from you to other people and their money to you. So your financial activity with crypto currency becomes anonymous.

BESTMIXER provides you with absolutely new level of security and privacy in crypto currency ecosystem.

7. Do not store your crypto currency assets on third-party services on the Internet as they own the access keys but not you.

8. Additionally
8.1. Use only reliable and proven blockchain browsers;
8.2. Use financial services, mail, and exchanges that encrypt traffic.
8.3. Do not forget to check the signature to the installation files of wallets, published on the official website of the services.

9.1. Do not show the possession of mining farms or crypto assets in social networks, photos or youTube channels;
9.2. Do not mention about possession of crypto assets in personal conversations.

10. Do not participate in 'Pump&Dump'-groups speculate in the auctions by manipulating cryptocurrency prices. This practice is illegal on usual exchanges and strictly controlled by the state.

11. Files encryption
Use a special utility such as TrueCrypt (version 7.1, not higher!) or VeraCrypt to encrypt any file. These programs produce a file-container with any extension and size, such as .bmp, for instance. This file is attached as a separate logical disk to which any files can be copied and all files will be instantly encrypted. It is possible to make such files with a hidden container, in other words, you can set two passwords to the file: the usual and the hidden storage area. In the usual storage area you can place a part of the keys to wallets that contain only part of your assets, which in case of force majeur can be given up while maintaining access to the bulk of the assets, the keys of which are located in a hidden storage area.