How to Avoid Hackers From Stealing Your Crypto Funds on Binance Exchange
Less than a month ago the largest cryptocurrency exchange was the object of a?hacking?of seven thousand bitcoins, which at the time of the computer crime, amounted to almost $ 40 million dollars.
Although the evil did not happen of majors and?Binance?responded in a very professional way to the subject, he left as an instructive in his blog so that his users and the community, in general, improve their security practices in their accounts of the platform in order to prevent future attacks with the loss of resources for users.
In this opportunity, we present you in a compacted way these ‘best practices’ that you should apply in a general way not only in the exchange but in any other platform where you can compromise your privacy and that of your funds.
This two-step authentication factor, widely known and used by many platforms today, is first on the list. If you have not yet activated this option in your account, go to the configuration of the same and activate with your smartphone by downloading the Google Authenticator application. If you do not have a mobile device with these characteristics, there is no excuse. The 2FA can also be configured to receive codes via SMS, although this is more vulnerable than its app version.
Binance has announced that they will soon offer a third option of 2FA, the second universal factor (U2F), which supports Yubico devices.
2. Close session of devices outside your property
Check the list of devices that have been authorized to access your Binance account. In your ‘account’ go to the section ‘Device management’ at the bottom of the page or in the ‘Security’ menu and delete any device not recognized or not used.
It is sometimes common to access accounts from third-party devices occasionally, so it is imperative to close these sessions and remove them from the lists of devices used in your account.
3. Strength of passwords
At this point, there are two fundamental keys: one is to obtain a strong password of at least 8 characters combined with capital letters, numbers, and special character.
But in view of the fact that there are more and more sophisticated hackers, the password alone is not enough, no matter how secure we consider establishing it. Because of this, we must change it periodically.
As part of improving ‘best practices’, Binance has announced that each time you change your password, withdrawals will be temporarily suspended for 24 hours, as a security measure.
4. Reliable addresses and the white list
Binance has the function ‘retirement address management’, which allows you to limit the wallet addresses to which you can withdraw your funds, after confirmation by email.
As a reinforcement practice, review these addresses periodically and update it.
5. Improve to ‘Binance Level 2′
A Level 2 check not only allows you a higher withdrawal but also protects you from an attacker who claims ownership of your account. Also, if you have made a mistake, the technical support of the exchange can help you more easily if you know who you are dealing with.
6. Fondee in your personal wallet
As part of the transparency of the platform, Binance itself recommends not leaving too much time on the wallet of your platform, however secure and reliable the exchange may seem. For this, it offers the TrustWallet option, the official application of the cryance wallet of Binance with support for almost all existing cryptocurrencies which is not associated with the exchange.
This app is compatible with iOS, Android and allows integration with Binance DEX.
In general, you can keep your funds in the personal wallet of your choice, cold or hot, the options are varied.
7. Protect your Binance account when using the API
A large part of the community uses the Binance API, widely used to display data in applications. However, this may result in a honeypot for the attackers if the necessary provisions are not taken. To do this, restrict access by IP address, avoid providing API keys to third-party services and change keys regularly as well as using whitelist addresses for withdrawals.
8. Antivirus software
It is part of the ABC of computer security, and especially in Windows systems. Use antivirus software even on your smartphone and keep it updated. Also, do not trust unknown third-party applications and do not run any suspicious programs on your devices. These are fundamental general steps to keep your computer safe from computer attacks.
9. Lock your phone
To avoid the cloning of keys or 2FA keys through the loss or theft of your smartphone, it is important to keep your computer locked either with a fingerprint or password.
10. Secure password manager
Although it is an option to discuss, there are password managers for multi accounts, given the number of applications and services that we use which all require passwords to access.
Remember all these, sometimes it is a titanic task and therefore must resort to this type of software. But be careful to read before entrusting your keys to a third party, the reputation of the software owner, as well as the source of origin that is reliable.
As an additional fact, personally, I opt for the old one: a notebook with all my passwords, safeguarded in a safe place.
11. Check your internet connection
The verification of the security of your connection extends to multiple fronts, from your Internet service provider and how you are connected to them to any software and/or intermediate services.
Avoid at all costs for matters related to money, connect to public WI-FI networks.
12. An account, an email
In most cases we use the same email for all accounts, a bad practice to improve because if our mail is committed by another provider outside Binance for example, it will be easier for the attacker the range of possibilities of power You steal the funds not only from the exchange but from any other financial provider that we have associated with the compromised account.
Use unique emails for each of your accounts to avoid the involuntary exchange of information.
13. Invest in authenticators of the second universal factor (U2F)
Authenticators compatible with U2F, such as the Yubico YubiKey, securely grant access to your account when they are connected or paired wirelessly. This process is similar to traditional two-factor authentication methods (2FA), such as SMS and Google Authenticator, but manual entry of a code is not required, which makes physical access to the device a necessity.
14. Identify and avoid phishing attempts
Binance Academy has an excellent tutorial on this subject widely used today and many times we do not know. First, educate and then put into practice what you have learned, to identify possible malicious identity or mail spoofing sites that can obtain your private keys.
Remember, by policy, no serious website or service provider will ask you by any means to provide your account access credentials. So do not be silly and do not fall into this booby trap, no matter how desperate you are to have access to your service.