How to protect your Bitcoin from scammers?

Are you thinking about jumping onto the Bitcoin train? If so, you might be worried about security. The truth is, Bitcoin is definitely secure. But there are some pitfalls.

You need to carefully look after your Bitcoin wallet. This guide tells you all you need to know about keeping your bitcoin safe and secure.

Bitcoin and other cryptocurrencies traditionally draw increased attention of fraudsters of various types, who not only use them in their illegal activities, but also actively steal them from ordinary users.

Using advanced technologies, hackers find more and more new ways to withdraw funds, but the basic and time-tested methods remain the same, because every day new people enter the cryptocurrency space, who often do not have adequate knowledge and awareness to counter such attacks.

Below are the list of main tricks of hackers, knowing about which users can at least secure their coins.

Social engineering and phishing

Social engineering refers to a set of techniques that force users to perform actions on websites or applications that may harm them. One of such rather popular methods is phishing — creation of websites clones of known services which force users to share their personal data, including passwords, telephone numbers, bank cards numbers, and private keys from cryptocurrency wallets.

Links to phishing sites can be distributed in various ways, such as ads in social networks, and emails that copy an appearance of newsletters from official projects. All this is done with the sole purpose — to force users to go to a fake website and enter personal data there.

According to Chainalysis, phishing remained the most profitable fraudulent method in the cryptocurrency space throughout 2017 and 2018. However, while in 2017 it accounted for more than 88% of all fraudulent schemes, in 2018 this method became less effective and its success rate decreased to 38.7%.

Nevertheless, the risk of becoming a victim of a phishing attack remains. Among the latest incidents we can highlight attacks on the popular Electrum wallet in December 2018 and April 2019.

In addition, recently the victims of phishing attacks were Bitfinex and Binance exchanges, Trezor hardware wallet, exchange platform LocalBitcoins, as well as users of social networks such as Facebook. In the latter case, cybercriminals copy pages of popular crypto communities and then use photos of real community members, marking them in the post as winners of the platform loyalty program.

In April this year Binance Labs, a venture capital division of Binance cryptocurrency exchange, invested in PhishFort. The company specializes in phishing protection solutions and focuses on high-risk businesses such as Bitcoin exchanges, ICO projects and token platforms.

Recommendations for phishing protection are very simple: improve your awareness, your own attention (manual URL input and https verification), and your default mistrust of ads offering free crypto distribution.


These viruses are a kind of malicious software that penetrates your computer under the guise of legal software. This category includes programs that perform various actions unconfirmed by the user: collecting information about bank cards, computer malfunction, using computer resources for mining purposes, using IP for illegal trade, etc.

In 2018, a new version of the infamous Win32.Rakhni Trojan was discovered. This virus has been known since 2013, but if at first it focused exclusively on device encryption and ransom demand for unlocking, the new version went much further. It checks for folders associated with Bitcoin wallets, and if any are found, encrypts the computer and requires a ransom. However, if no such folders were found, Win32.Rakhni installs a malware that steals the computer’s processing power for hidden cryptocurrency mining and tries to spread to other devices on the network.

At the same time, as can be seen in the image below, more than 95% of all cases of infecting computers with this Trojan were in Russia, the second and third places went to Kazakhstan and Ukraine.

According to Kaspersky Labs, Win32.Rakhni is most often distributed through emails asking users to open an attached pdf file, but instead of displaying content, a malware program is launched.

As in the case of phishing attacks, basic computer “hygiene” must be performed: do not open any suspicious files, do not install programs from unverified sources and always update your antivirus program.


Malicious programs often consist of several components and each of them performs its own task. In fact, they can be compared to Swiss army knives — hackers can use them to perform many different actions on an attacked system.

One of the popular components in attacks is the so-called keyboard spies (keyloggers). This is a highly specialized tool that records all keystrokes on devices. With its help, cybercriminals can invisibly take possession of all user’s confidential information, including passwords and private keys to cryptocurrency wallets.

Most often keyloggers penetrate systems with complex malicious software, but sometimes they can be embedded in quite legal software.

Manufacturers of anti-virus solutions, as a rule, add known keyloggers in the bases, and the method of protection against them differs little from a method of protection against any other malicious software. The problem is that there are a huge number of keyloggers, and it is physically very difficult to keep track of them all. For this reason, keyboard spies are often not detected by antivirus on the first attempt.

Public Wi-Fi networks

Stealing funds through public Wi-Fi networks has always been and remains one of the most popular tools for criminals. Most Wi-Fi routers use the WPA (Wi-Fi Protected Access) protocol, which not only encrypts all information in a wireless network, but also provides access to it only for authorized users.

However, hackers have found a loophole here as well: by running a simple KRACK command, they force the victim’s device to reconnect to its own Wi-Fi network, after which they are able to monitor and control all the information passing through it, including the private keys.

Regular firmware upgrades to the router helps to protect against such attacks: never carry out transactions while in public places, such as stations, airports, hotels or — which happens quite often among the Bitcoin community — at blockchain conferences.

Slack bots

There are quite a few bots for Slack that hackers are successfully taking on. Typically, such bots send a notification to the user that there are problems with his wallet. The ultimate goal is to force the user to click on the notification and enter their private key.

The biggest successful hacker attack, which involved Slack bots, was the Enigma incident in August 2017. At that time the project was forced to suspend ECAT token warnings after unknown attackers hacked into the project’s website and, having entered a false ETH address, robbed it of over $400 000.

In addition, Enigma representatives confirmed that the project’s Slack chat was also compromised:

Recommendations: ignore such messages, send complaints about bots spreading them, install protection on the Slack channel (for example, security-bots Metacert or Webroot).

SMS Authentification and SIM Swapping

SMS authentication is still a very common method of verifying various transactions, including cryptocurrency transactions. However, back in September 2017, Positive Technologies, a company specializing in cybersecurity, demonstrated how easy it is to intercept SMS with a password sent via Signaling System 7 (SS7) protocol.

The demonstration was performed on the example of Coinbase account, which was linked to Gmail service. At first glance it might seem that we are talking about a vulnerability on the Coinbase side, but in reality the tool used by Positive Technologies of its own development used weaknesses in the cellular network itself. By redirecting text messages to their own number, the researchers were able to reset and set a new password in the mail, and then gained full access to the wallet.

In this case, the experiment was set up for research purposes, and the actual theft of coins did not occur, but its results showed that this method is quite possible to use by real criminals.

In another study Hacken experts also listed the main options for SMS intercepting:

  • Wiretapping. Interception of SMS by law enforcement officers as a result of abuse of authority or misuse of secret investigation materials;
  • Duplication (cloning) of a SIM card through a cellular operator using personal data of the customer and further use of the cloned SIM card in illegal activities;
  • False base station for interception and decryption all incoming messages of a subscriber and further use of intercepted data in illegal activities;
    Hacking the account of a subscriber on the site or application of a cellular operator and forwarding all messages to the address of the abuser, as well as further use of the received data in illegal activities.

The second option in this list is also interesting. This method is known as SIM Swapping, and the first high-profile case is already known, when it was used to steal $14 million worth of cryptocurrency.

It was a case in 2018, when two hackers were arrested in the U.S., who managed to convince a mobile operator to give them control over a SIM card where there was a two-factor authentication to the Crowd Machine project administrator account.

Recommendation: Opt out of SMS verification in favor of special programs for two-factor authentication (2FA), such as Google Authenticator.

Mobile application breaches

Victims of hackers are most often owners of Android devices, who instead of 2FA use only login and password. This is also because the process of adding apps to the Google Play Store is less strict than that of the App Store. Attackers take advantage of this by placing their own applications that mimic famous wallets and exchanges, and luring inattentive users with their confidential data.

One of the high-profile stories with fraudulent applications was related to the exchange Poloniex. In November 2017, ESET experts found a program in Google Play, which pretended to be the official mobile application of the American exchange. Users entered their login and password in the fake app, which allowed the creators of virus to change their own settings, make transactions, as well as access to users’ mail.

Despite the fact that at that time Poloniex didn’t have any official mobile applications (they were released only in July 2018), two versions of fake applications were installed by more than 5 thousand people. After ESET warning they were removed from Google Play.

Also in Google Play there were fake applications for MetaMask and Trezor Mobile Wallet.

Users of iOS devices are more likely to fall prey to cybercriminals who distribute applications with built-in hidden crypto mining. After discovering this problem, Apple was forced to tighten the rules for accepting applications in the App Store. At the same time, the damage from such applications is quite small — they only reduce the performance of users’ device without taking away funds.

Recommendation: Do not install applications that are not strictly necessary. Keep two-factor authentication in mind, and check the links to applications on official project and platform sites to ensure they are authentic.

Browser plugins

There are many browser extensions and plugins designed to make interaction with cryptocurrency wallets easier and more comfortable. However, they are usually written in JavaScript, which makes them vulnerable to hacker attacks. It may be a question of intercepting user data and further access to wallets, or installing programs for hidden mining.

At the same time, as noted in Check Point Software Technologies Ltd, hidden cryptominers remain the dominant threat to organizations around the world. Thus, in 2018, cryptominers consistently occupied the first four ranks of the most active threats and attacked 37% of organizations around the world. In 2019, despite the decline in the value of all cryptocurrencies, 20% of companies continue to be attacked by cryptomainers every week.

There are several ways to counter this threat: install a separate browser or even a separate computer for trading, use incognito mode, regularly update antivirus databases and do not download any questionable extensions or plugins.

it’s not that hard to earn cryptocurrency — just join our cloud mining service Here you can earn BTC while doing absolutely nothing: no need to bother about expensive equipment and electricity. It is an amazing source of passive income for everyone!



Cloud Bitcoin Mining with — it is a convenient, easy and reliable way to earn Bitcoin and multiply your investments regularly. Here you can find everything about cloud mining and cryptocurrencies. Join the Miners Club — we know how to get Bitcoin!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andrey Costello

Bitcoin-maximalist. Optimistic family man and miner with six years of age. I write about complicated things from the future for people of our days.