How to Protect Wallets from the Six Tools Used by Crypto Hackers
The cryptocurrency industry is constantly facing challenges – and one of the most troublesome is hacking. The most recent incident occurred in July, where Bleeping Computer detected suspicious activity attempting to defraud 2.3 million bitcoin wallets. To perpetrate the attack, the hackers used malware, recognized as “clipboard hijackers.” This type of attack essentially operates in the clipboard and it can replace a copied wallet addressed with one that the attackers use.
Kaspersky Lab predicted this type of hacking this past year and it did not take long for hackers to put it into practice. It is also a widespread type of attack, as of late. Further, on July 12, Cointelegraph uploaded its Kaspersky Lab report, which identified that hackers are able to steal over $9 million in Ethereum by conducting social engineering schemes.
Overview of the Problem
According to Bleeping Computer, it is necessary to follow some basic rules for one to have an adequate level of protection. As the platform stated, “Most technical support problems lie not with the computer, but with the fact that the user does not know the ‘basic concepts’ that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, internet and applications.”
Other cryptocurrency experts, such as Ouriel Ohayon, share the same sentiment. Ohayon mentioned in a Hackernoon blog, “Yes, you are in control of your own assets, but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed – without knowing. I am always amazed to see around me how many people, even tech savvy ones, don’t take basic security measures.”
Further, Lex Sokolin, fintech strategy director at Autonomous Research, clone sites and ordinary phishing cause thousands of people to become victims. This indicates that crypto wallet attacks are due to vulnerability in the system, human inattention, and arrogance. The good news is that there are ways to protect one’s funds.
High Risk of Cryptocurrency Hacks
There is a high risk involved when it comes to cryptocurrency hacking. Hackermoon analyzed data concerning hacking attacks in 2017 and found that the hacks fell mainly into one of three segments:
Attacks on blockchains, exchanges, and ICOs
Distribution software for hidden mining
Users’ wallets
Here are some tips to avoiding hacks on various mediums concerning one of the above areas.
Google Play Store and App Store Apps
Those who use these types of mediums should avoid installing applications if they do not have much of a need for them. Further, it is always beneficial to have two-factor authentication in place for all applications that offer the service. Finally, check the application links on the website to ensure that the platform is authentic.
Those who are most widely impacted by hacking tend to be smartphone owners that have an Android operating system. The trouble with this operating system is that it does not have two-factor authentication. This type of authentication requires a password and username and a bit of information that the users would only know. Further, Google’s operating system is recognized for its vulnerability to viruses, making it less safe than iPhone’s system. When it comes to the former, hackers add applications on behalf of a crypto platform and when the application launches, users add sensitive information that hackers have access to.
A famous target of the above scenario is Poloniex, which downloaded mobile applications that hackers posted on Google Play. Hackers succeeded in presenting the platform as a mobile getaway for the popular exchange, when in fact, Poloinex had nothing to do with developing the application for Android and there were no links on the platform’s website to the false Android application. Over 5,500 traders were affected by the malware before Google Play removed the software.
Apple has taken strict precautions to protect its iOS users. For example, the company tightened its rules for admission of applications to its store. This suspends the distribution of malicious software.
Bots in Slack
When it comes to bots in slack, users should report slack-bots so that they are blocked, ignore the bot’s activity, and protect the slack-channel. Most slack bots work at stealing cryptocurrencies by scouring fast-growing messenger systems. Hackers create bots that notify users about issues involving a specific crypto. The person then clicks the link offered by the bot, enters a private key, and as a result, the bot is blocked.
The most recent hack concerning bots in slack had to do with Engima – whose name was used to host a presale round and to launch a slack bot. Accordingly, bots defrauded over $500,000 in Ethereum from credulous users.
Crypto Trading Add-Ons
To protect against crypto-trading add-ons, it is best to use a separate browser for operations involving cryptocurrencies, apply incognito mode, use a separate PC for smartphone or crypto trading, download antivirus software, and to not download any crypto add-ons.
Add-ons are able to view everything that one types when they use the interest. The extension allowing for this was invested by Javascript, thereby making users very vulnerable to attacks. Applying the above principles can prevent such attacks.
SMS Authentication
For authentication by SMS, it is best to turn off call forwarding to prevent access to data and to give up 2FA via SMS when password is send by text. Finally, use a two-factor identification software solution.
According to Positive Technologies, a cybersecurity company, it is easy to intercept SMS with a password confirmation that is transmitted worldwide by 7 (SS7) protocol. Text messages can be hijacked by using research tools that exploit cellular network weaknesses.
Public Wifi
Crypto transactions should never be performed by public WiFi. It is also important to regularly update the router’s firmware because hardware manufacturers are constantly releasing updates. An elementary KRACK attack was conducted on user’s devices that reconnect to the same Wi-Fi network that the hackers used. The hackers then downloaded the information or moved it through the network by a user available to the attackers. This was done through private keys from crypto wallet. The problem is especially pertinent for public WiFi networks.
Sites Clones and Phishing
Finally, it is imperative to use an HTPPS protocol when interacting with crypto-related sites. Also, when using Chrome, customize the extension and when receiving messages from crypto sources, copy the link into the browser.
Overall, there are many different methods that one can use to deter hacking. Although hacking has not decreased, users adopting safer practices can prevent their information from being compromised.