Bitcoin and other cryptocurrencies attract a lot of attention from bad actors and people looking to cheat others out of monet. They steal not only from the big cryptocurrency exchanges but average users as well. In this article, we will discuss the main methods and tricks hackers use to access your accounts and steal private keys. Learn how to protect your blockchain wallet from people trying to steal your money.
Phishing and social engineering
Social engineering uses manipulation methods to trick users into making security mistakes and giving away sensitive information. One of the most popular methods is called a phishing attack.
Hackers create a clone website of a popular service and trick people into giving them sensitive information like account passwords, banking card data and even private keys.
The phishing websites can be distributed via email messages, advertisements on social media and direct messages. Tricky hackers disguise their fake sites as those of a well-known company and their only aim is to make you give up your personal information.
One of the most popular tactics is to create a sense of urgency by trying to make you panic. Another is by hosting fake giveaways. Don't fall for it. We have already discussed how to protect yourself from phishing on our blog. Here are the main ideas in a nutshell:
- Check if the address of the email/website is correct
- Check the spelling of the messages
- Don’t click on links in the messages
- Don’t download unexpected attachments
- Contact the support team to double-check
These viruses infiltrate computers in the guise of legal software. Unbeknownst to you, these viruses collect your credit card information, use your resources to mine crypto, etc.
Hackers often stand out with their creativity. Back in 2013, a group of hackers attacked millions of computers with Win32.Rakhni. The Trojan locked devices and demanded Bitcoin as a ransom to unlock it. In 2018, they went even further.
At first, the virus they developed scans computers for the presence of folders connected with BTC wallets and then blocks the device if it finds them. If not, it simply uses the computer’s resources to mine cryptocurrency.
According to Kaspersky Lab, Win32.Rakhni was distributed via emails with PDF files attached. The message asked users to open the attached file, and if they clicked, it installed malware.
It is important to raise your security awareness and follow the same rules described in the previous paragraph on phishing.
SMS authentication and SIM swapping
SMS authentication is one of the most popular methods of cryptocurrency verification. Back in 2017, Positive Technologies showed that it is easy to intercept texts with a password sent via the Signaling System 7 (SS7) protocol and hack an exchange account.
Positive Technologies used special software to target the vulnerability of cellular networks. They redirected messages with a password to their mobile phone, reset the password and set a new one. This way they got access to the cryptocurrency account. Luckily, it was just an experiment for research and there was no real theft but it shows that this method can be used by hackers too.
Another technique used is SIM swapping which happened in 2018. Two hackers took over the mobile phone number of a Crowd Machine exchange administrator. Two-factor authentication didn’t help much because they received all calls and messages intended for the exchange admin on their phone.
Instead of SIM verification, we recommend our Freewallet customers use only special applications for 2FA like Google Authenticator. You can simply download it from the AppStore or Google Play and set it up in the security settings of your Freewallet Crypto Wallet.
An unusual way to steal information from someone is through a WiFi network. Most internet routers use the WPA protocol which encrypts data but also give access to all information to an authorised user.
However, hackers have found a loophole here too. With a simple command hackers can make it so that a victim’s device reconnects to their own network. After that, they can monitor and control all the information which goes through the network. So all your data including your wallet information can leak through your router.
To avoid this you should update your router’s firmware regularly. Also, don’t perform transactions using public wifi. These networks are located in public places like stations, airports, hotels, etc.
Fake mobile applications
The main victims of fake apps are users of Android mobile phones. Google Play has less strict moderation rules than those of the App Store and hackers use that in their favour. They can upload a fake mobile application imitating famous services without a problem.
This happened with the Poloniex exchange when hackers created a fake mobile app for the exchange. At that time Poloniex didn't even have a mobile application. Unaware users installed the app, entered their login and password and gave all their account information to hackers.
Install apps only using links from official websites and use 2FA to prevent unauthorised access to your wallet.