Seven most common hacks to steal your cryptocurrencies

Cryptocurrency hacks have increased alongside adoption. Here’s a list of seven hacks that can be targeted on a regular crypto user.

Cryptocurrency has brought many changes to the online world including a need for improved and enhanced cybersecurity. Read about the threat it poses and how to prevent this now!

Every year, thousands of people become victims of clone sites and phishing, voluntarily sending scammers about $200 million in cryptocurrencies and irrevocably losing those funds. What does that fact tell us? Hackers accessing cryptocurrency wallets exploit a major vulnerability in the system — human inattention and presumptuousness. Let’s analyze how they do it and how we can protect your own means.

250 million potential victims

The research conducted by the American company Foley & Lardner showed that 71% of large crypto traders and investors consider the theft of cryptos as the most significant risk factor, negatively affecting the market. 31% of respondents rated the threat level of the global crypto industry in the form of hacker activity as very high.

Hackernoon experts have analyzed the data on hacker attacks, which can be roughly divided into three large categories:

• attacks on blockchains, cryptocurrency exchanges and ICOs;
• software distribution for cryptojacking;
• attacks aimed at users’ wallets.

According to a study conducted by Bank ING and Ipsos, approximately 9% of Europeans and 8% of U.S. citizens own cryptocurrencies, and 25% of the population plan to acquire digital assets in the near future. Thus, almost a quarter of a billion potential victims could soon be in the hands of hackers. So, let’s list six tools that cybercriminals use most often, and see how we can prevent this from happening.

Apps from Google Play and App Store

The most common victims of hackers are owners of Android smartphones, especially if two-factor authentication is not used. The fact that the open code of the Android operating system makes it more vulnerable to viruses and therefore less secure than iOS. Hackers add applications to the Google Play Store and disguise them as cryptocurrency related resources. When such an app launches, users enter sensitive information to gain access to their accounts, thus opening up access for hackers.

In the past traders operating on the American crypto exchange Poloniex were targeted. They downloaded applications for mobile devices placed by hackers on Google Play on behalf of the site. The Poloniex team did not develop applications for Android, and its website does not contain links to any mobile applications. According to Lukasz Stefanco, a malware analyst at ESET, 5500 traders fell victim to this software while it was removed from Google Play.

In turn, users of iOS devices are more likely to download applications with hidden miners from the App Store. Apple was even forced to tighten the rules of placing content in its store to prevent the distribution of such software. But that’s a completely different story: the damage from such software is incomparable to the damage from hacking into wallets, because the miner simply slows down the device.

Tips:

• Don’t get carried away with installing mobile applications without special needs;
• Use two-factor authentication for all apps on your smartphone;
• Try to check the application links on official project sites.

Bots in Slack

Beginning in mid-2017, the Slack bots that steal cryptocurrencies have become the true scourge of this dynamic messenger. Most often, hackers create a bot to notify users of problems with their coins. The bot’s purpose is to force the user to click on a link and enter their private key. At the same speed as such bots appear, they are blocked by users. Despite this, hackers manage to get their money.

The biggest and most successful hacking operation via Slack is the collective attack on Enigma. The attackers used the name Enigma while the project was pre selling tokens, and stole $500 000 from trustworthy users of Ethereum platform.

Tips:

• Report Slack bots in order to block them;
• Ignore bot activity;
• Protect your Slack channel with Metacert or Webroot bots, Avira software or Google Safe Browsing.

Extensions for cryptocurrency trading

Internet browsers allow you to install extensions that adapt the interface to work more comfortably with exchanges and wallets. And the problem is not only that such additions “read” everything you type, but also that extensions are developed in JavaScript. This makes them highly vulnerable to hacker attacks.

With the increasing popularity of Web 2.0, Ajax, and complex Internet applications, JavaScript and related vulnerabilities have become widespread. By the way, many extensions are involved in hidden mining using users’ computing resources.

Tips:

• Use a separate browser for crypto operations;
• Choose the incognito mode;
• Do not download suspicious cryptocurrency add-ons;
• Use a separate computer or smartphone for crypto trading;
• Download the antivirus and set up network protection.

SMS authentication

Cybersecurity company Positive Technologies has demonstrated how easy it is to capture SMS with a password sent using Signaling System 7 (SS7) protocol — it is used almost all over the world. Specialists managed to crack text messages with the help of their own tool, which uses weaknesses in the cell network. Experts have demonstrated this vulnerability on the example of Coinbase accounts, which shocked the users of the exchange. The real bug is hidden in the cell network itself, according to representatives of Positive Technologies. This episode confirms that access to any system can be obtained directly via SMS (ie, such two-factor authentication is ineffective).

Tips:

• Disable call forwarding to prevent attackers from accessing your data;
• Don’t use the usual two-factor authentication via SMS (when the phone receives a password): use a special program for two-factor authentication instead.

Public Wi-Fi network

The WPA protocol, which is used by Wi-Fi routers, has an unfixable vulnerability, according to some experts. After a rudimentary KRACK attack (with reinstallation of the key), the user’s device reconnects to the hacker’s Wi-Fi network. All information downloaded or sent by the user becomes available to the attacker, including keys to crypto wallets. This problem is especially relevant for public Wi-Fi networks — at railway stations, airports, hotels, cafes and other places where large groups of people use free Internet access via Wi-Fi.

Tips:

• Never use public Wi-Fi for cryptocurrency transactions (even if you have a VPN);
• Update your router software regularly: hardware manufacturers constantly release updates to protect against key changes.

Clone and phishing websites

The good old hacking methods have been known since the dot-com revolution, and they still work. In one variant, attackers create full copies of the original sites on domains, which differ only one character. The purpose of this trick, including spoofing the browser address bar, is to encourage the user to go to the clone website and force him to enter his account password or private key.

In another scheme, people are sent emails that resemble a “real” project mailing list. They are designed to force you to click on the link and enter your personal information. According to the Chainalysis website, scammers using this method have already stolen $225 million in Bitcoin and other cryptocurrencies.

Tips:

• Never interact with crypto websites in the absence of the HTPPS protocol;
• Using Chrome, install an extension (like Cryptonite) that shows the submenu addresses;
• When receiving messages from any crypto resources, copy the link into your browser’s address field and compare it to the original website;
• If something seems suspicious, close the window and delete the message.

Cryptojacking and common sense.

It is encouraging that hackers are gradually losing interest in primitive attacks on wallets due to growing resistance from crypto services and increased user awareness. Cybercriminals are now focusing on cryptojacking. According to McAfee Labs, 2.9 million samples of malware related to cryptojacking were registered all over the world. Cryptojacking is attractive to hackers because of its simplicity, so they resort to it on a massive scale.

But how do these malicious programs get to victim’ computers? Let’s get back to the news where we started. In 2018, users began to post on the Malwarebytes forum about a program called All-Radio 4.27 Portable that hackers secretly installed on their devices. The situation was complicated by the fact that it was impossible to remove the program. Although in its original form it was a harmless and popular file viewer, hackers modified the software to create a version filled with unpleasant surprises.

Of course, this app contains a hidden miner — but it only slows down your computer. It also has a program that tracks the clipboard and spoofs the addresses when the user copies and pastes the password. It’s already collected data from 2 343 286 potential victims’ Bitcoin wallets. For the first time in history, hackers got a huge database of crypto owners: until now, such programs have collected a much more modest set of addresses for swap. Within the frames of this scheme, the user voluntarily transfers funds to the attacker’s purse address. The only way to protect the crypto software from such an attack is to carefully check the addresses you have entered. This is not very convenient, but reliable and can become a useful habit.

All-Radio 4.27 Portable’s victim survey revealed that malware had gotten to the computers as a result of users’ own unwise actions. Experts from Malwarebytes and Bleeping Computer found that the victims had hacked into licensed programs and games and used Windows activators such as KMSpico. Thus, hackers found victims among people who knowingly violated copyrights and security rules.

Patrick Wardle, a renowned expert on Mac malware, often writes on his blog that many viruses targeting ordinary users are highly primitive. It is therefore particularly offensive to fall victim to such hacker attacks. Finally, there is a great advice of Brian Wallace, a consultant at Google Small Business:

“Encryption, antivirus software and multifactor identification only protect assets to a certain extent; the key to success is preventative measures and basic common sense.”

Stay away from scammers and hackers: join our Bitcoin cloud mining platform Hashmart.io!