Recently I read a post about how a user on our blockchain lost money as his BSC wallet got hacked. In addition to this, I also came across a number of videos/posts that discussed how people got hacked using MetaMask and the likes.
If you are completely new to crypto, my first piece of advice for you is to never keep all your crypto on exchanges. The problem has been mitigated to a large extent these days as most prominent exchanges use insurance to cover hacking-related losses and also use cold storage to protect funds. However, exchanges are most prone to hacking attacks, and leaving crypto on them will make you vulnerable.
Second, if you use mobile wallets, keep the least amount of crypto on them. Treat it like a current account and have a cold wallet/hardware wallet to store most of your savings. Third, use 2FA authentication for your hot wallets, those that are used on public WiFi (for example a wallet on your laptop).
Now if you are aware of DeFi and have participated as a market maker by becoming part of liquidity pools, then you have used wallets such as MetaMask and Binance Side Chain Wallet. Unfortunately, I am learning that a lot of people keep their crypto on these wallets and fall prey to hackers quite easily. Let's find out how.
Firstly, setting up a MetaMask wallet or a BSC wallet is quite simple. Open the app store on your browser and you can set up either of the 2 wallets mentioned above quite easily. Keep your passkey secure and you are good to go. Logging in and out of the web extension wallet also happens via a username and password.
If you've used UniSwap, then you know that you need to link the exchange with a web-based wallet to access the liquidity pool, for e.g. Metamask. The problem of hacking is quite common with people who keep their browsers open at all times and log in to MetaMask to check their portfolio balance. Once you've logged on to Metamask, you stay logged on till you close the browser. If you keep your browser open and log in to Metamask on public WiFi, then you are making yourself vulnerable.
lock your wallet after you're done using it
There are multiple ways in which you can be hacked. It is now known that governments are spying on citizens using spyware called Pegasus, which can be installed on your phone by a phone call. Mobile phones can be hacked using Sim Swap methods and texts and phone calls made/received by your phone are vulnerable. You should be very careful about what links you click on and what .exe files you open and what documents.
While setting up these online/web-based wallets, do not store your seed phrase/password as a screenshot or on google drive. There is support for these wallets on Twitter! Also, make sure that you do not approve just above any transactions on Metamask for a $100 airdrop!
One has to manage these risks based on their levels of awareness. However, using wallets that remain open after logging in once should only be used to conduct transactions swiftly on a decentralized exchange and not for storage.
In the present scenario, all your devices and connections are vulnerable. Keep your holdings in diversified wallets, mostly cold wallets if possible. Use safe browsers.