The Hackers Who Wants to Steal Your Cryptocurrency
In the early July, it was reported that Bleeping Computer detected suspicious activity targeted at defrauding 2.3 million Bitcoin wallets, which they found to be under threat of being hacked. The attackers used malware — known as “clipboard hijackers” — which operates in the clipboard and can potentially replace the copied wallet address with one of the attackers.
The threat of hacking attacks of this type has been predicted by Kaspersky Lab as early as November of last year, and they did not take long to become reality. For the time being, this is one of the most widespread types of attacks that is aimed at stealing users’ information or money, with the overall estimated share of attacks to individual accounts and wallets being about 20 percent of the total number of malware attacks. And there’s more. On July 12, Cointelegraph published Kaspersky Lab’s report, which stated that criminals were able to steal more than $9 million in Ethereum (ETH) through social engineering schemes over the past year.
Briefly about the problem
The already mentioned Bleeping Computer portal, which works on improving computer literacy, writes about the importance of following at least some basic rules in order to ensure a sufficient level of protection:
“Most technical support problems lie not with the computer, but with the fact that the user does not know the ‘basic concepts’ that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, internet and applications.”
The same point of view is shared by many cryptocurrency experts. One of them, Ouriel Ohayon — an investor and entrepreneur — places the emphasis on the personal responsibility of users in a dedicated Hackernoon blog:
"Yes, you are in control of your own assets, but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed — without knowing. I am always amazed to see around me how many people, even tech savvy ones, don’t take basic security measures."
According to Lex Sokolin — the fintech strategy director at Autonomous Research — every year, thousands of people become victims of cloned sites and ordinary phishing, voluntarily sending fraudsters $200 million in cryptocurrency, which is never returned.
What could that tell us? Hackers that are attacking crypto wallets use the main vulnerability in the system — human inattention and arrogance. Let's see how they do it, and how one can protect their funds.
250 million potential victims
A study conducted by the American company Foley & Lardner showed that 71 percent of large cryptocurrency traders and investors attribute theft of cryptocurrency to the strongest risk that negatively affects the market. 31 percent of respondents rate the hackers’ activity threat to the global cryptocurrency industry as very high.
- Attacks on the blockchains, cryptocurrency exchanges and ICOs;
- Distribution of software for hidden mining;
- Attacks directed at users’ wallets.
Surprisingly, the article "Smart hacking tricks" that was published by Hackernoon didn’t appear to get wide popularity and warnings that seem to be obvious for an ordinary cryptocurrency user must be repeated again and again, as the number of cryptocurrency holders is expected to reach 200 million by 2024, according to RT.
According to research conducted by ING Bank NV and Ipsos — which did not consider East Asia in the study — about nine percent of Europeans and eight percent of U.S. residents own cryptocurrencies, with 25 percent of the population planning to buy digital assets in the near future. Thus, almost a quarter of a billion potential victims could soon fall into the field of hacking activity.
The DigitalBank Crypto Vault : The World's Most Secure Crypto Storage Solution
Impenetrable Crypto Wallet : private keys never stored , anywhere , at any given time . The Private Key (PK) is safely generated by you , known only to you , and can be accessed only by you .
The Device generating the PK, is not storing at any given time the PK generated . It is generated by you , on the spot , with a passphrase , when needed , for just a few milliseconds , just to sign in the transaction and then disappear permanently from the device .