Browser-based crypto wallet hacks are becoming increasingly common. In fact, there was a Zero Day vulnerability discovered just the other week, affecting Chrome and Chromium-based browsers such as Brave (if you haven't updated your browser yet, please do so immediately!).
While The Internet Computer's Internet Identity offers unparalleled protection, your browser-based $ICP wallet may be putting you at risk. Of course, you may decide to choose convenience, especially if you trust the team developing a dApp that permits Internet Identity integration. However, if you choose to be extra careful, NFT Anvil has generously let us repost "3 Fren Tips for Improving Your IC Security" (originally found on their Medium) so that you can take these three easy steps to boost your IC security.
1. Making Sure Your Extensions Won’t Mess With You
Man In The Browser attacks are the web’s worst enemy.
If you want to get the full technical explanation of why you shouldn’t let extensions freely roam in your web pages, check THIS out.
Click on the puzzle icon — top right. Go to “Manage Extensions”
Then hit “Details” on each one of them
On dangerous extensions you will see something like this
Change it to “on click”
You will now see your extensions in cute white bubbles you will learn to love. These protect you. Extensions don’t start automatically. You will have to click and activate them for a certain session + domain. You get major upgrade of privacy and security for your whole crypto portfolio at the cost of one inconvenient click.
It works awesome and should be the default.
2. Your Internet Identity Backup Phrase...
Head to the Internet Identity dApp and delete your backup phrase. Are you sure no extension recorded it when you initially received it? Every extension you had with full access to your pages could have recorded it and perhaps its waiting for you to collect cool stuff. So make sure all extensions are in lovable cute white bubbles, reload the page or browser if they aren’t. Then delete your backup phrase and create another one. Now this safer backup phrase is one you can hit “protect” on, thus locking it so other devices won’t be able to delete it.
3. Remove Hackish Internet Identity Integrations.
While I admire the ingenuity of certain hacks, some ICP wallets are “Integrating” Internet Identity by asking users to manually add a “remote device”. This is a fundamentally unsafe practice. If you have allowed this without understanding the risk implications, you can find these “devices” in the list, delete them and be safe once again. Make sure you aren’t deleting your own device keys though.
By removing the “integration” not only you will raise your security, but you will also help them avoid the seppuku they will be required to commit once this gets out of hand.
Were you warned that such integration is giving the wallet:
- Full access on everything you own on all IC sites with Internet Identity, including NNS wallet
- permission to delete your other devices and lock you out of your account (It can’t delete only the protected backup phrase)
- ...Plus, your whole Internet Identity security gets reduced from being safeguarded by the IC network with billion$ cap ICP token — to — the mercy of some guys and the questionable safety of their closed source code.
Stay safe frens of Anvil.
Connect With Us:
- Disclaimer: The views and opinions expressed on this website are solely those of the original author and other contributors. These views and opinions do not necessarily represent those of the Dfinity Community staff and/or any/all contributors to this site.