Cryptocurrency – The Good, The Bad, & The Ugly – The Bad

Cryptocurrency is not hack proof as your money is stored in digital wallets that are a much easier target than blockchain technology.

The Bitcoin goldrush has meant that many new to the cryptocurrency scene are investing without fully understanding how the currencies work-and many in the industry do not care. This has left the door open for cybercriminals to scam, steal, and exploit this lack of knowledge. Many have lost large amounts and there is no bank insurance to cover the loss.

If you are not and have no plan to invest in Cryptocurrency, then this article may not be for you. But if you know someone who is heavily invested - consider sharing this with them. We believe knowing the most common attack vectors and how to safeguard your crypto wallet can help protect from devastating losses.

Some of the below touch on elements described in previous articles on Hacking.

MOST COMMON ATTACKS

Phishing – The most effective way to steal cryptocurrency is making people give out their access themselves. It's possible through faking legitimate websites to make them look authentic and genuine to people who just want to exchange cryptocurrency. Be attentive and carefully check the domain spelling (e.g., http://binnance.net/ instead of https://binance.com/), SSL certificate (padlock in the address bar) before entering any sensitive details.

This Phishing site tricked users into downloading keylogging software (Source – Binance.com)

Compromised SMS – This type of attack is usually specifically targeted at people who are involved in cryptocurrency exchanging. 2FA is still a very common method with cryptocurrency exchanges - the main aim here is to intercept SMS verification messages. They can be stolen via different methods such as SIM Swapping or vhishing (voice phishing) to either confirm malicious transactions or to 'recover' access to the crypto wallet.

Malware – malware infections are still one of the primary hacking methods when it comes to crypto hacks. Infecting a device with keyloggers to steal passwords and PINs you are entering and cross-scripting injections into webpages, so a legitimate user is tricked.

Fake Hardware Wallets – Hacker's target individuals who already have a hardware wallet (such as the Ledger Nano) and then trick them into using a modified replacement designed to steal crypto keys. This ruse involves a target receiving a package with the modified hardware wallet. The bundle usually includes a note warning that their current device is vulnerable and needs to be replaced with the delivered wallet. Once the new device is plugged in and keys are entered, they are recorded and transmitted to the hackers, who are then able to unlock the wallet on the blockchain. Known wealthy Bitcoin owners have fallen prey to this method in the past.

MITIGATION

Avoid Unregulated Exchanges – It is extremely dangerous to keep cryptocurrency on an unregulated exchange. This is because their security measures are often not up to the same standards as regulated ones such as Coinbase. In many cases the site owners are faceless and sometimes criminal. If funds are lost or hacked, there are few repercussions. Most regulated exchanges are based in the US and care about their customers. It is good practice to never leave currency on any exchange.

Use App 2FA – If you keep your crypto on a regulated exchange, it is best to use app-based two-factor authentication to protect your account in addition to SMS verification. This is because SMS-based 2FA can be undermined more easily. Another great 2FA option is YubiKey https://www.yubico.com . The USB hardware authentication device uses a cryptographically hashed key to verify synced online accounts once plugged into a computer – a very solid solution.

Use a Password Manager - Reusing passwords across several platforms increases the risk of hackers using the same passwords to compromise connected accounts. Any Cryptocurrency accounts need to be long and unique and stored in a solid password manager such as Bit warden.