# OpSec in Crypto: Thoughts By [Officer's Blog](https://paragraph.com/@officercia) · 2022-06-01 --- ### 1\. Why do you keep saying that cold wallet devices are not secure? I am often asked why in my recent articles: [about secure cryptocurrency storage](https://mirror.xyz/officercia.eth/GtKNkmRDR_hhCqrnSENjqfPDHHb0W1M2SVeXDp4swCQ), about an [attack on old-and-forgotten hard-drives](http://officercia.mirror.xyz/ewfV9-LBnKmgDeTap3FXZ--PNeDzabhQ_5kh1pkKD2A) and on [how hackers are caught](http://mirror.xyz/officercia.eth/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo) I do not recommend using Trezor or Ledger devices for a main cold storage. [https://mirror.xyz/officercia.eth/GtKNkmRDR\_hhCqrnSENjqfPDHHb0W1M2SVeXDp4swCQ](https://mirror.xyz/officercia.eth/GtKNkmRDR_hhCqrnSENjqfPDHHb0W1M2SVeXDp4swCQ) Well, I just took the two most popular devices and I have no preconceived notions about them. I believe that any technology itself cannot be bad, just that it can have different conditions for safe use and reasons for using it. So, let's get back on topic and look at these two samples using two different technical approaches. If you have a Trezor or Ledger, I can get data from there. But there will only be a couple of attempts. That's why I've never recommended Trezor or Ledger... If the device falls into someone's hands, you're screwed. They have different approaches, you can read more about them [here](https://www.kaspersky.com/blog/hardware-wallets-hacked/25315/amp/) and [here](https://www.freecryptocoinstips.com/article/ledger-trezor-and-others-hack-allegations-are-baseless-lack-proof/amp), but the gist is basically the same. There's a great fresh [video on cold wallet hacking.](https://youtu.be/dT9y-KQbqi4) If you own something like this [device](https://www.bitlox.com/pages/only-on-bitlox), it is unlikely that it will be possible to restore anything without his participation. Because there are all sorts of cool, bulletproof features. Keep in mind that this is not a panacea and that you will be saved from s[ome attacks](https://twitter.com/officer_cia/status/1491920415387574275) [(2)](https://telegra.ph/Clipper-attacks-crypto-08-16) only by diligence and common sense. In essence, cold wallet is just a pseudo-[AirGap](https://airgapcomputer.com/) system (100% AirGap is impossible to achieve on Earth by definition, that's why [CubeSat](https://www.cubesat.org/) topic is so interesting) and it can be [cracked](https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md). And you can make a cold wallet out of a regular phone, for example via [airgap.it](http://airgap.it/) - there will be almost no difference from Trezor or Ledger! The really safe thing would be to use something like a cold card or a "paper wallet". And it's better to keep a private key on the paper wallet, not a seed phrase. And hide it like pirates hide treasures. [You can read about it here!](https://www.worldcat.org/title/pirate-hunter-the-true-story-of-captain-kidd/oclc/49801386&referer=brief_results) ![](https://storage.googleapis.com/papyrus_images/39a90dbeddeba32a13ebd5110b6b6274cb8045dded8ce78694c9f61106a32230.gif) ### 2\. Why are you writing about Ethereum and OpSec when anyone can just get Monero? Well, I’ve already done it. There is a huge demand for OpSec in popular chains as there are a huge flow of new people who have never heard of crypto. If new people I have talked about in my first post get scammed they probably become disappointed in a whole industry so my mission is to make this percentage lesser. [https://mirror.xyz/crisgarner.eth/gJjASuCkbXJ1w574ePvJ3kNyWBZQfUyelMvsp4ujZ80](https://mirror.xyz/crisgarner.eth/gJjASuCkbXJ1w574ePvJ3kNyWBZQfUyelMvsp4ujZ80) Anyone can use Ethereum securely, same with Monero, in which you should keep in mind way less security rules.If you need a bulletproof anonymity or ultra privacy, then read this awesome ultra [hardcore guide](http://anonymousplanet-ng.org/) and a [DeepWeb «Bible»‎](https://telegra.ph/2022-Darknet-OPSEC-Bible-05-29). Read my recent article dedicated to a «Timing Attack» or «[Attack via a representative sample](https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo)». In short, it describes how hackers are caught. Read what [counter-OSINT](https://twitter.com/officer_cia/status/1515726848616976389) (counter-ADINT and counter-GEOINT) is. See how I [investigate](https://officercia.mirror.xyz/BFzv17UwH6QG4q711NAljtSiP8eKR17daLjTdmAgbHw) on-chain hacks. [This skill](https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws) will help you to get started anywhere. I’m not kidding, OSINT is a [huge power](https://t.me/ibederov_en/105). ### 3\. What else can you advise to improve the system you already have? Follow the [25 rules](https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap) in this set, the first 10 rules relate to personal security, and the rest to corporate security, also keep an eye on the [latest trends](https://0xrusowsky.substack.com/p/on-operational-security) in crypto OpSec, that always makes sense. Don’t be afraid of [links](http://mirror.xyz/officercia.eth/GtKNkmRDR_hhCqrnSENjqfPDHHb0W1M2SVeXDp4swCQ), you don’t need **all** of **them** but you should be able to pick up which will interest you the most for your own Pathway. Use [extensive measures](https://twitter.com/officer_cia/status/1516440538999922694) when working with files and always [keep an eye on the latest security](https://www.usenix.org/system/files/1401_08-12_mickens.pdf) trends even if your area is far from it. Take this [subreddit](https://www.reddit.com/r/opsec/) and this awesome old & trusted [resource](https://www.bleepingcomputer.com/) as the first step. In our dangerous world anyone can become a target, especially in crypto. [ GitHub - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap: Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome. - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap https://github.com ![](https://storage.googleapis.com/papyrus_images/96bddd94c6028a561d8969bbd8763216bd3e4ef0911f4a251f0ace245194d311.png) ](https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap) One thing victims tell after being defrauded or attacked is “I can’t believe it happened to _me_”. Always remember that we all are a natural target for all sorts of attacks — from garden-variety cybercriminals to competitive spying. ![](https://storage.googleapis.com/papyrus_images/187675e319ce138b0b10bd188c2efee3d609c487ca018e3ec4a96e1558baf60d.gif) That said, it doesn’t really matter what industry you’re in. If you have any sensitive, proprietary information at all, then you could very well be a target. This is a good thing to always keep in mind. Learn the latest [attack techniques](https://medium.com/@marcoworms/avoiding-rug-pulls-at-web3-part-2-social-engineering-6c3078cbc8f9), [white-hat cheatsheets](https://telegra.ph/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31) and [defense methods,](http://mirror.xyz/officercia.eth/GtKNkmRDR_hhCqrnSENjqfPDHHb0W1M2SVeXDp4swCQ) join hacker [communities](https://telegra.ph/Channels-about-OSINT-Hacking-Security-and-so-on-04-19) - because only with knowledge can we defeat the knowledge of hackers. In this intellectual battle the most prepared will win and I believe that it will be you, Anon! **_May the Force be with you!_** * * * Support is **very** important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users! * [Check out my GitHub](https://github.com/OffcierCia/) * [Follow my Twitter](https://twitter.com/officer_cia) * [Track all my activities](https://start.me/p/QRg5ad/officercia) * [All my Socials](https://linktr.ee/officercia) * [Join my TG channel](https://t.me/officer_cia) If you want to support my work, you can send me a donation to the address: * [**0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A**](https://etherscan.io/address/0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A) or [officercia.eth](https://etherscan.io/enslookup-search?search=officercia.eth) — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc * [**17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU**](https://blockchair.com/bitcoin/address/17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU) - BTC * **4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR** Thank you! ❤️ ------------- --- *Originally published on [Officer's Blog](https://paragraph.com/@officercia/opsec-in-crypto-thoughts)*