How Crypto Can Overcome its Recent Security Threats
Cryptocurrencies are making headlines every day. With their increasing popularity and adoption by several businesses and industries, the security risks have also increased. The skyrocketing prices of cryptocurrencies have incentivized more hackers to exploit and steal cryptocurrencies, especially this year. Cryptocurrency exchanges have been a popular target of hackers and attackers. In 2018, Coincheck, one of Japan’s biggest and most popular crypto exchanges, lost $532 million worth of NEM coins. An attacker gained access to an employee’s computer, installed some malware, and managed to steal private keys from digital wallets. Later, Coincheck started reimbursing the victims who lost NEM coins. These attacks are not limited to crypto exchanges, and a hacker can directly target people who deal with cryptocurrencies through wallet thefts and phishing emails. Several cryptocurrencies, including Ethereum and ZenCash, have been breached and lost billions of dollars. The Wall Street Journal reported that $1.7 billion worth of cryptocurrency was stolen in recent years. It is not possible to completely obliterate these attacks; however, with certain security precautions, the frequency of these attacks can be reduced. This article will discuss how you can save yourself from the common security challenges concerning cryptocurrencies.
Cryptojacking refers to the unauthorized use of someone else’s computer to mine cryptocurrency. It can either be done by sending a malicious link in an email that loads a crypto mining code or infecting a website or online advertisement with a script code that executes automatically in the victim’s computer. Most hackers use both methods to maximize their profits. Some of these crypto-mining scripts have expanding capabilities, i.e., they can spread out to other devices on that network. Victims might not be able to identify this attack since there are no overt signs except the lags of their computer systems. One of the prominent examples of cryptojacking was in 2017 when the Archive Poster plug-in, a popular Google Chrome extension, was caught mining Monero coins without the consent of the users. These users learned about the attack when they complained of high CPU usage. By that time, 100,000 had already downloaded that extension. Google took down this extension after the complaint, and a safe variant is now available. Cryptojacking is popular amongst hackers because there is less risk of being caught, and they can make a lot of money.
Organizations should incorporate cryptojacking threats in security awareness training and focus on phishing-type attempts that load malicious scripts in the users’ computer systems to overcome this threat. In order to detect cryptojacking, monitor your computer performance, overheating, CPU usage, changes in websites and web servers, scan for malware and follow the news around the latest cryptojacking trends. Some tactics to prevent cryptojacking that can help in identifying and blocking malicious crypto-mining codes are:
- Using anti-crypto mining extensions (like Anti Miner, minerBlock, no Coin, etc.).
- Using ad blockers
Many crypto users get a wallet to store their cryptocurrency. There are two major types of crypto wallets available – custodial and non-custodial. Custodial wallet services are managed by a third party or crypto exchanges like Coinbase, which control your private keys. In this case, the third parties are responsible for your private keys and cryptocurrencies. On the other hand, non-custodial wallets are completely controlled by you. You are responsible for the safety of your cryptocurrencies. These come in the form of physical hardware wallets.
People using these wallets usually take additional security measures like multi-signature protection so that no one can access their wallet even if it is stolen. Two-factor authentication is a good way to avoid malicious stealing attempts for online wallets provided by third-party wallets. However, hackers have tried to find ways around that too. Sim swapping scam is a prominent example of this. Such a scam happens when someone has set an SMS text message as a method for two-factor authentication. The hacker is able to get their login information and then convince the telecom company that they have changed their sim and swap the number, and thus access the victim’s wallet. Therefore, people should use alternative methods for factor authentication like Yubikey, a USB hardware authentication key developed by a security company.
Cryptocurrency phishing can be done in a number of ways – through emails, using fake Facebook pages to send private messages. Usually, such emails and messages contain information about crypto-related services, wallets, exchanges, and so forth. If the victim clicks on the websites, they will be directed to a fake page asking for their wallet credentials. These messages mostly contain lucrative offers like gifts for users to take part in a particular survey about cryptocurrency. A recent phishing method is the use of Google Ads. The attackers display phishing sites to appear as Google ads. For example, in 2018, a cybercrime gang in Ukraine duped people of $50 million by tricking Bitcoin investors into giving their login credentials for their online wallets.
It is advisable for crypto users not to directly click on any links that they have received through messages or emails. Instead, they can type in the address in their browser. If the message is sent through an email, your email service provider can often recognize a legitimate sender. To avoid phishing messages through social media, users should configure their Facebook privacy settings and disable notifications from unknown users, pages, and communities. Crypto users should also avoid using open WiFi networks while using their wallets or making transactions. Besides this, having an antivirus with phishing protection is a good idea.
These are not all the ways your cryptocurrency can be attacked, breached, or stolen. Other popular ways include malware attacks, hacking, and exploiting the vulnerabilities of blockchain technology. Attackers are inventing new ways to steal cryptocurrencies; however, with appropriate technological awareness about such threats, these attacks can be mitigated to an extent. To know more about how you can keep your cryptocurrencies safe, visit our blog.