Hacking has been around for as long as access control for computing technologies was created. Even before the mass use of the internet, computers with password protection were being exploited. In 1965, MIT researchers found an exploit in a time-sharing software, where if more than one user attempted to access an editor, the system only designed for use by a single person at a time would erroneously swap the password file, exposing the other users’ passwords and allowing for access by that party.
It’s no longer news that Crypto assets are fast gaining traction in today’s world. The amazing word “Crypto” has completely altered the way we view global financial systems and money, revealing the power of blockchain technology. However, with great power comes great responsibility and part of that responsibility is knowing how to protect your crypto assets.
In 2018, cryptocurrency crimes were about $1.7 billion in value, according to CipherTrace’s annual Crypto Anti-Money Laundering and Crime Report. This number surged by almost 165% year-over-year to $4.5 billion in 2019.
According to data released by CipherTrace Cryptocurrency Intelligence, crypto theft for last year stood at $1.9 billion in 2020, down from $4.5 billion in 2019.
How Do Theives Steal Crypto? Here Are 5 Popular ways Theives Steal Crypto
*Fake phishing websites:
Phishing is a type of social engineering attack often used to steal user data, including mnemonic phrases, private keys, and cryptocurrency platforms’ login credentials. Typically, phishing attacks make use of fraudulent emails that convince the user to enter sensitive information into a fraudulent website. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware or some phishing website.
The latest example of a successful attack on Ledger wallet users. The scam used a phishing email that directed users to a fake version of the Ledger website that substituted a homoglyph in the URL as in the previous case with MyEtherWallet. On the fake site, victims were fooled into downloading malware posing as a security update which drained the balance from their Ledger wallet. From this, follows the conclusion that even hardware wallet users are not protected from phishing attacks.
*Downloaded files exploits.
There are a lot of 0-day and 1-day exploits for MS Word, Excel, and Adobe Product that guarantee antivirus products will not detect malware and grant malicious actors full access to victim workstations and internal infrastructure.
The term 0-day may refer to the vulnerability itself, or an attack that has 0-days between the time the vulnerability is discovered and the first attack. Once a 0-day vulnerability has been made public, it is known as an n-day or one-day vulnerability.
However, there are many other malware programs that may gain access to users’ cryptocurrency wallets, as well as crypto exchange applications using 0-day exploits. The most-known case of such an attack in recent years was WhatsApp exploit, as a result, attackers could collect data from users’ crypto-wallets.
Due to the active growth of the market, DeFi scammers are constantly launching new projects which are almost exact clones of existing projects. After users invest in these projects, scammers simply withdraw their funds to their own wallets.
Some cases occurred with centralized platforms. For example, the QuadrigaCX case, when the founder of centralized exchange died leaving the platform unable to access its wallets and process withdrawal requests for over $ 171 million clients funds. As a result, only 30 mln of lost funds can be repaid.
Such cases arise all the time, so you need to carefully consider the platform before transferring your money there.
During the entire existence of cryptocurrencies, many fake applications of a particular platform or wallet have been created. Once you complete a deposit to such applications, you find the funds have just disappeared. Intruders may create a copy of an existing application with malicious code or a new application for a platform that does not have an application.
Since most crypto wallets are open source, everyone can create their own copy of the wallet and inject malicious code there. Topics about such wallets constantly appear on popular cryptocurrency forums, for example, Trust wallet fake apps.
A scammer pretends to be you and calls up your mobile phone carrier asking to transfer your phone number to their SIM card or another account. This may involve using information that was already compromised such as your name, address and date of birth. The scammer will call repeatedly, trying different account reps until they can get one sympathetic enough to transfer your number. They will then attempt to reset your account passwords where your phone number is used as a security backup.
HOW TO PROTECT YOUR CRYPTO ASSETS FROM THEIVES, HACKS and FRAUDS
Get A Save Wallet.
Many investors buy up a popular digital currency like Bitcoin or Ether on an exchange, only to keep the currency on that platform. Digital exchanges take their own safety precautions to prevent thefts, but they are not immune to hacks.
One of the best ways to protect your investment is to secure a wallet. There are two primary types of wallets, although new designs are coming into play all the time. Of these two types, hardware devices are perhaps the best option.
These physical (or “cold”) wallets look like USB drives and act as a physical store for tokens or coins. Each hardware wallet is linked with a private key: a password-like bit of code that allows you to decrypt the wallet and access the coins or tokens that it stores. While hardware wallets are tremendously effective against digital thieves, there is also a risk: Lose your password key, and you’ll never recover the contents of the wallet.
Encrypt Your Bitcoin Wallet
Encrypting your digital wallet is another line of defense against potential cyber-attacks. This allows you to set a password and lock your coins whenever someone attempts to access your account. The hacker won’t be able to steal your Bitcoin unless he knows the password you set.
Backup Your Entire Wallet Regularly
Some wallet providers allow you to backup your wallet’s data. Backing up your wallet will enable you to access your data if you encounter a computer system or software failure. You can also retrieve your funds and data easily if it gets stolen or lost. Make sure to use multiple backup devices for easy account recovery. You might want to consider various devices, such as papers or hard drives like USBs and CDs.
Monitor Your Devices For Signs Of a Breach
Nowadays, the question is not if but when your device will be breached. There are common warning signs that your device has been breached, common or distinct for computers, tablets, and phones, like random downloads, random restarts, mouse movements by itself, warnings for signs of a breach from new devices to products you use, and more. However, stealth spyware aimed at stealing your information or mirroring your activity might be invisible, so always assume your device might have been hacked.
Keep Your Mnemonic on Paper.
Assume that any digital device you use can be hacked, and probably will at some point, so never store your mnemonic digitally. Even encryption is not safe if your device is breached. Your screen and keyboard can be cloned and mirrored. When that happens, glancing once at your mnemonic gives the hacker access to your wallet.
The best practice is to make a paper copy divided into two parts and hide a few copies in various locations and with people you trust. No matter how gifted they are, hackers cannot access paper copies! It is advisable to check these locations at least twice a year to make sure your mnemonics are still readable — ink fades, and paper crumbles …
Activate The 2FA (two-factor authentication) Options Offered By Digital Services You Use.
2FA increases digital security by a factor of 1000 and keeps hackers at bay. From the 2FA services, SMS is the least efficient, as a Simcard hijacking is enough to bypass it, so always prefer Google or Microsoft Authenticator options that create a time-limited one-time code. Yes, it is annoying to add one manipulation layer to access your destination, but it greatly reduces the risk of mistakenly giving your credentials to a phishing site. 2FA should also be used to protect your non-crypto assets.
A popular hacking technique is to redirect your request to access a site or an app to a cloned site or app and use this to steal your credentials. 2FA secured options also verify that the device you use to access the app or site belongs to you or is operated by you. A popular authentication app besides Google authenticator is Authy, which allows you to create a master password enabling you to recover all your 2FA once you switch to a new phone. Keep that master password extra safe!
2key wallet will soon integrate 2FA as an added security layer and will be one of the only non-custodian, decentralized wallets in the world to support that feature.
As a cryptocurrency holder, trader or investor, you are your own bank and a target for cyber thieves. And these criminals are working overtime trying to figure out how to get their mitts on your cryptocurrency.
And that means it’s time to review some simple practices to keep your digital life and assets safer.
• Store your cryptocurrency and tokens offline in a hardware or paper wallet
• Secure your hardware or paper wallet in a locked safe when not in use
• Secure your private keys offline and away from where your wallet is stored, such as in a bank safe deposit box or other offsite secure location
• Limit cryptocurrency held at exchanges to what is needed for trading and exchange only
Source: Naira Metrics