Keyloggers and Safety Procedure: An Overview

A user asks: I have been hacked. I would like to learn some security procedures to guard against keyloggers. What can I do?

H!

We are working to fix this through a variety of ways, including more education to help users become more aware of how Ethereum works and MetaMask / Web3 best safety tips:

Possible causes: As for your funds, if you did not enter those transactions, then you may have been a victim of:

  • phishing (giving away your seed phrase aka secret recovery phrase)

  • Key logger attack (malware that reads your clipboard, keystrokes and stealing your seed phrase)

That wallet is compromised along with any other accounts in it.

It is interesting to note that if ALL your tokens in every account have been compromised, it’s probably a hacker. On the other hand, if only some of them have been compromised then, it may have been a pending transaction that finally went through.

Either way, create a new wallet. If you have any funds left over, move them over to that wallet. And remember never to share your secret recovery phrase.

Software Keyloggers: How they appear

Key logger attacks can happen via downloading malicious software. This is usually delivered via pirated software, email attachments, even PDFs and ePUBs. Therefore, it is highly recommended to use MetaMask on a clean computer.

Your level of security usually depends on the amount of the amount of funds you hold and your level of comfort with risk.

For the highly paranoid, you can (in order of paranoia):

  1. Get a good antivirus. Avoid downloading pirated software and opening weird items from the net.

  2. Always make sure to back up your secret recovery phrase and never share it. It won’t stop key loggers, but it’s a necessary habit.

  3. Get a NEW hardware wallet. They may not protect you from key loggers, but they will protect you from a host of other issues. MetaMask currently supports Trezor and Ledger. Avoid buying USED hardware wallets as they are compromised. Only buy these directly from the company.

  4. Use a virtual machine emulator like VirtualBox and set up Ubuntu or your favorite and easy to install Linux distribution. They are all free and open source. Then get a browser like Firefox and use MetaMask off of there. The virtual environment can help segregate any files.

  5. If you want to go the extra step, get a USB to set up the OS as a separate device using a security-focused distribution of Linux. Use a security-focused distribution like Linux Tails or Linux Kodachi. Having a USB allows you to interact with insecure computers and offers more protection. If you want to secure your browser further, check out these steps.

  6. Set up a multi-sig wallet. This is for advanced users and will require you to understand how Ethereum and smart contracts work. This requires more than signatures from multiple accounts to allow this transaction to happen. You will NEED to read up a lot on using this and not shoot yourself in the foot.

  7. Get a new and CLEAN computer and Install Qubes OS. Qubes OS has specific requirements, and it is advised not to be dual booted on another machine. The idea is that you want complete segregation, physical and virtual. You can see the computers recommended by Qubes OS or the Qubes OS community. Think of it as a supermax prison that compartmentalizes everything. If you are curious about how it works, check out their intro.

Hardware Keyloggers:

If you have a hardware keylogger installed, that means someone has gone through the trouble of physically compromising your computer… This means you probably have bigger problems going on, lol. These are organized individuals or organizations with capital and technical skills who can get close to you. Luckily, most issues related to crypto-assets are related to software keyloggers.

For more security tips, check out this blog post and Ledger’s Phishing education.