On July 12, Kaspersky Lab, a Russian cybersecurity company, published a report in Cointelegraph that said that more than $9 million in Ethereum was stolen through social engineering schemes in the past year. And it’s by no means the only attack.
Hackers seem to always be a step ahead, and the threat of cyberattacks on cryptocurrency wallets is very real. Every year, thousands of people fall victim to various types of cyberattacks including cloned sites, phishing, or fraudulent ICOs, attacks on blockchains, distribution of software for hidden mining — and many more scams. Most large cryptocurrency traders point to cyberattack as the biggest risk involved with cybercurrency, and it’s the biggest reason many people are holding back from getting involved.
If you own cryptocurrency, what can you do? Investor and entrepreneur Ouriel Ohayon says that the responsibility to protect yourself is yours: “Yes, you are in control of your own assets, but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed — without knowing. I am always amazed to see around me how many people, even tech savvy ones, don’t take basic security measures.”
Hackers attacking crypto wallets take advantage of the main weakness in the system: human inattention and false beliefs in the security of the system. Since, according to a study by ING Bank NV and Ipsos, about 25% of the world’s population is planning on buying digital assets in the near future: this translates into a very lucrative pool of 250 billion potential victims for scammers.
Here are some problematic areas:
- Apps: Google Play and App Store apps are a big source of malware. Victims are most often Android users with the Android OS which does NOT use two-factor authentication (2FA); iPhone users are less prone to attacks but nothing is foolproof, and iOS users tend to download apps with hidden miners. To protect yourself:
- Don’t install mobile apps unless you really need them
- Checks the links to apps on their official sites (if anything smells fishy, it is)
- Make sure you add 2FA to all of your smartphone apps
- Use a separate browser for all of your cryptocurrency transactions and operations or better yet, get a separate PC or smartphone dedicated to crypto trading
- Do not download any crypto add-ons
- Download antivirus software and install network protection
- Slack Bots: Hackers create a bot on Slack that notifies users about problems; the victim is urged to click the link and enter a private key, at which point their information is stolen. Users usually spot bots quickly and block them, but the scam does work on the unsuspecting user. To protect yourself:
- Report and block Slack bots
- Use antivirus software
- Ignore the bots’ activity
- Public Wi-Fi: hackers are good at accessing information downloaded or sent through a public network, such as those found at airports and hotels. To protect yourself:
- Never, ever perform crypto transactions through public Wi-Fi; better yet, don’t use public Wi-Fi unless absolutely necessary
- Regularly update the firmware on your own router
- SMS Authentication: Many users use mobile authentication because it’s easy. However, it is extremely easy for hackers to intercept an SMS with a password confirmation. To protect yourself:
- Give up 2FA via SMS if the password is sent in the text
- Use a two-factor software solution
- Turn off call forwarding
- Site clones and phishing: these are oldies but goodies – clearly they still work or hackers would not be using them. Hackers create full copies of original sites on domains that are off by just one letter – barely noticeable to the casual observer – and once the victim enters the site and enters their password and secret key, the information is stolen. In phishing, the hackers send an email that forces you to click the link and enter your personal data. According to Chainalysis, phishers have already stolen $225 million in cryptocurrency. To protect yourself:
- Never, ever interact with any crypto-related sites that do not have an HTTPS protocol
- When receiving messages from crypto-related sources, copy the link to your browser and carefully compare it to the original site
- If anything at all seems suspicious, do not open the email, report it as spam, and delete it from your inbox
The good news is that cryptocurrency users are, thankfully, becoming more savvy about security; the bad news is that hackers are always innovating. Your best defense is careful attention to the crypto-related sites and entities you interact with, and making sure that you never divulge your personal information.
Bryan Wallace, Google Small Business Advisor says, “Encryption, anti-virus software, and multi-factor identification will only keep your assets safe to a point; they key is preventive measures and simple common sense.”