The most grievous security breaches in the crypto world come from hacks and when a hack occurs and there are either, a large number of victims, large losses, or both, the media will draw attention to this straight away. Despite this, smaller successful hacks will hardly go reported. In fact, Foley and Lardner have published a report stating that that 71% of the most prominent cryptocurrency traders and investors believe that theft is the biggest risk plaguing the industry.
Be Careful Of Applications on App Stores
There is a larger proportion of Android users falling victim to hacks, due to the fact that their operating system does not use two-factor authentication. Forbes has claimed that due to the open operating system preferred by Android, it makes it less secure than iOS. Hackers have been known to create apps on behalf of cryptocurrency sites on the Google Play Store.
The most well-known case of cryptocurrency users experiencing a hack through an app on the Play Store occurred in October 2017. Poloniex is an American cryptocurrency exchanged, which suffered hackers posting a fake app onto the Google App Store, which faked the role of a mobile gateway for the exchange. Traders wrongly downloaded the app and their personal information was stolen, with malware analyst Lukas Stefanko, stating that 5,500 users had been effected before the fake app was removed from the store.
How to Avoid This Issue: If you are unsure about the legitimacy of an app, the first thing you should do is visit the website for the project. Usually, from the website, there will be a direct link to a valid app. You should also make sure that two-factor authentication is enabled on your apps, to add another layer of security and should avoid downloading apps that you do not need
During October 2017, an irreparable flaw was discovered in the WiFi-Protected-Access Protocol. It became possible for attackers to use a KRACK attack to cause the user’s mobile device to connect to the hacker’s network. From this, any information that would pass through the WiFI network would be available to the hackers. This includes private keys for cryptocurrency wallets and these risks are most prevalent in high-traffic areas such as railway stations and airports.
How to Avoid This Issue: It is never worth it to make a cryptocurrency transaction on a public WiFI network, all it takes is one KRACK attack and you will likely lose your holdings. Just make the safe choice and wait until you are on a secure network. You should also always update the firmware on your router to ensure the best possible security.
Fake websites or site cloning has been a method of attack since the beginning of the internet boom. This method of phishing has remained in popular use in the current age of the internet. One way in which an attacker can do this is by registering a domain that is one letter short of the official address. Hackers will then clone the entire website in the hope that internet users will not notice their error and will put their personal details into the site, allowing the scammers to steal their information.
Alternatively, attackers may send an email to cryptocurrency users, perfectly copying the communications sent from official cryptocurrency projects. Within these communications, they will encourage users to click on a link in the text, prompting them to put in their personal details, allowing attackers to steal them. A report by Chainalysis has estimated that $225 Million has been lost as a result of cryptocurrency phishing scams.
How to Avoid This Issue: One of the best ways to avoid this issue altogether is to bookmark the correct websites that you will be regularly visiting, this way you do not need to worry about typing the link incorrectly. You also need to remember that you should never give your personal information to anyone, no legitimate business would ask you for your account details over email.
Cryptojacking is a rapidly expanding problem within the cryptocurrency community, with 2.9 Million instances recorded in the first quarter of 2018, which was a 625% from the final quarter of the previous year according to a report by McAfee. Cryptojacking itself is a type of attack, whereby the attacker will place malware on the victim’s computer, which operates hidden crypto-mining activities on the computer itself.
There are some types of cryptojacking malware that can also read the personal information stored on your computer, and as a consequence of this the attacker may not only be able to freeload from a person’s computer, but they can also transfer the victim’s cryptocurrency holding to their own wallet.
How to Avoid This Issue: One method of preventing cryptojacking from occurring would be to invest in high-quality antivirus and anti-malware software. Such software would be able to detect any malicious programs and can remove them from your computer. Another prudent measure that you can take would be to avoid downloading software from unverified locations, as these locations carry the greatest risk.
It’s not a guarantee that an add-on designed for your browser is going to be safe. In 2018, the MEGA Google Chrome extension was replaced by hidden malicious code that was said to be able to harvest sensitive information from sites that its users visited. Tens of millions of people downloaded the addon and were put at risk, even though it was initially believed that the risk only pertained to popular sites like Google and Facebook.
The opposite was confirmed when Riccardo Spagni, a Monevo developer confirmed that both Monero and Ethereum private keys could also be harvested by the addon. ZDNet later released a report confirming the damage done by the MEGA extension, which Google pulled from the Chrome repository, stating that Google, Amazon, Github and other organizations had been affected by the breach.
How to Avoid This Issue: One of the easiest ways to ensure you are not a victim to dodgy add-ons is to not download a large number of add-ons that you don’t actually need. The less you download, the lower your risk of vulnerability. Furthermore, if you do need to download a browser add-on, you should conduct a bit of due diligence and look around the internet for further information on said add-on before downloading.
Lack of Common Sense
One of the main reasons that people fall victim to thieves, wanting to steal their information is due to carelessness. It must be realized that when handling valuable assets such as cryptocurrencies, you are always going to need to do your due diligence and maintain a high level of alertness.
In closing, there are a few other things to consider that will greatly increase the security of your cryptos. Firstly, you should never share your private keys with anyone, no matter the circumstances. Secondly, if you have your private keys in a physical format, you should always keep them in a secure location, such as a safe. You should keep your anti-virus and malware protection up to date to ensure that whilst you are online, you are at minimal risk of falling victim to a cyberattack. Going further from your private keys, you should also never share your personal details with anyone, be careful of hackers posing as cryptocurrency projects through email, as legitimate businesses will never ask for your details in this way.