Basic OPSEC Tips for Crypto Traders on Social Media
By CMM Team - 24-Jul-2023
Social media are very common online attack vectors.
Especially for crypto traders and investors, protecting online accounts is an essential component of basic operational security (OPSEC). From public platforms like Twitter to private accounts on Telegram and Discord, taking simple steps to ensure user security can avoid headaches and heartache from significant financial loss.
Profitable trading is worthless, after all, if poor OPSEC leads to an exploit that causes financial ruin.
In this article, readers will find a few simple steps to boost their security on:
- Telegram
- Discord
General Crypto Safety Tips
Before diving into specific tips for social media platforms, crypto traders should also think about:
- Consider using hardware-based 2FA (e.g., Google Titan, YubiKey) to change 2FA from an app-based process to a physical USB device that will be used to authenticate a user's identity before logging in.
- Carefully monitor installed Chrome extensions and watch out for extensions may have excessive permissions to read and control user data. Browser extensions are useful tools for productivity and efficiency, rogue extensions exist. Unless a trader has complete trust in an extension's developer(s), it's safe to simply uninstall them and avoid the risk.
- Avoid doxing to any company or individual unless absolutely necessary (e.g., required by law). Sending funds from a wallet doxes that address to the recipient. Doxing name or other identifying information will remain on the internet forever (deleting a tweet or direct message does not prevent this).
- Do not click on ads and always be suspicious of shared links, even if they are shared by an familiar account but especially if a cold email, private message, or other method of communication is received. All too often accounts are compromised and used to share malicious links. Ads and other promoted material are also regularly used to spread malicious links. Ignore them all.
- Be mindful of the need to occasionally audit personal security on a recurring basis. Security takes time and energy, but for anyone in crypto, this process is essential. Mistakes are expensive, but they can be avoided with a bit of time spent on appropriate preparation.
Safety Tips for Twitter
As the primary platform for every community in crypto, Twitter accounts are a high-profile target for every attacker. Even if a user does not have hundreds of thousands of followers, Twitter safety is essential.
Two key steps for Twitter safety:
- Remove the phone number from Twitter. By navigating into account privacy settings and deleting the phone number, users can successfully disconnect a phone number from the account.
- Setup two-factor authentication. While in privacy settings, setup two-factor authentication (2FA) to add a secure form of verification that thwarts unapproved attempts to login and control an account. It is important to select 2FA using an authentication app option, not SMS verification.
See more information from Twitter on 2FA here.
Safety Tips for Telegram
If Twitter is “Layer 1” for the online crypto community, Telegram might be considered “Layer 2.” As a hub for all sorts of communities (private and public), Telegram is another hotspot for attacks. Every crypto trader should ensure the security of their Telegram account(s).
Two key steps for Telegram safety:
- Turn off Automatic Media Download. Known as “media file jacking,” Telegram users can unknowingly download malware to their devices simply by downloading seemingly innocent media files in Telegram chats. Avoid this by going to “Data and Storage” in settings and turning off the automatic download setting.
- Restrict Adding to Groups Settings. Telegram users can easily prevent bots and other forms of spammers from adding them to unwanted Telegram communities in their security settings. In user settings, select for only Telegram contacts to have permission to add that user to new groups or channels – this is a great form of spam protection.
See more information on Telegram security settings here.
Safety Tips for Email
Every crypto trader uses email – often many more than one address. From creating exchange accounts to communicating with third parties for investments or other matters, email security is of paramount importance.
One simple way to bolster email security is to create unique emails for any new online account. Avoid repeat uses of email addresses so as to limit the effects of a compromised, suspended, or otherwise vulnerable email. Instead of gaining access to one email used for 10 accounts, a hacker can only access one account connected to one email, for example.
When creating email addresses, moreover, users should try to not include personal identifiers in the addresses (e.g., names, important dates) to avoid giving unnecessary personal information to a third party who might connect their identity to the email address.
Safety Tips for Discord
Discord may be the one arena most commonly associated with crypto exploits. Countless headlines have told stories of users losing coins, NFTs, and other assets to Discord attackers. Here are a few simple steps for better Discord safety.
- Remove the phone number connected to an account. By navigating toUser Settings > My Account > Remove – listed next to the account’s phone number – a user can prevent their phone number from giving an attacker access to their account.
- Disallow DMs from server members when joining a new Discord. Traders can control who can send messages to them in a group's settings when they join the group. Not only is this a good spam protection, but direct messages are a common vector for Discord attacks, and limiting who can message direction prevents attacks before they can even be attempted.
- Verify the authenticity of any link shared in Discord. Before clicking any link shared in a Discord channel or direct message, always verify its authenticity before clicking. Never haphazardly click a link and assume it is safe.
For more security tips, browse this list published by Discord.
Final Thoughts on Crypto OPSEC
Crypto is a high-risk industry, and this is not only because of its characteristic volatile price action. All of the platforms mentioned in this article have made headlines for high-profile attacks carried out on innocent users who had one or more weaknesses in their security.
Traders should ensure they do not become a target (or a victim) because of soppy online activity.
Also, traders should say something if they see something. Scams easily propagate from information asymmetry. Don’t hesitate to warn friends and colleagues of anything that seems suspicious from a Twitter account, in a Telegram group chat, or otherwise.
Final thought: Anyone who finds this article helpful should share it with other friends in crypto. It could save them.