7 ways in which hackers can steal your cryptocurrencys

in #crypto7 years ago

7 ways in which hackers can steal your cryptocurrencys

hacker2-resized.jpg

The blockchain is inalterable and fun is, in general, less feasible and cost-effective than even try your luck with the system SWIFT , currently used worldwide for international transactions banks - and that it has been hacked several times, allowing millionaires robberies. A platform that can overcome security to another of similar importance makes us feel confident about the protection of our criptomonedas... but do not should be so sure.

The truth is that, out of the blockchain, and as is the case in any currency - be fiat or not - the chances of theft are unfortunately numerous. And in this case, given that the criptomonedas are the digital assets and more difficult to track than the typical payment systems, an excellent bait for hackers around the world, who no doubt have found different methods to be able to steal a few criptomonedas without having to leave the House. Then seven of these methods and how to defend yourself.

RANSOMWARE

This is perhaps the most popular by how easy and profitable that it is. Once affected the victim, this virus encrypts all files on the computer and to return them, requesting a Bitcoin, Litecoin or Monero to rescue varies according to the hacker querencia.

Although there is to say that the creativity of hackers seems to have no limits, as a kind of ransomware, the PopCorn Time , also gives the option to the infected spread the virus to other two people who, if they come to pay, will give you the opportunity to get your own key for decryption without need to pay himself. And another variant, the Patcher, deceives completely to his victims, because in reality nor the same hacker who prompts the bitcoins can decrypt it. This not to mention also the Sporawhich comes with Service "customer" for greater comfort in the abduction; or the most dangerous RoT (Ransomware of Things) that does not kidnaps files but anything connected to the network, such as the electronic locks.

Many ransomwares typical, inclusive, are on sale on the Deep Web, so really anyone can buy their own platform to pour out. They have come to apply to 500 thousand dollars in criptomonedas for rescue, so this virus is no joke.

In order to avoid it, need to know how it can reach your computer or smart device: most of them come by email, hidden in attachments and unknown links that should not be opened. However there are other variants, such as ImageGate, attached to images of social networks allegedly sent by a friend, and targeted attacks, where hackers are focused on a goal in specific. To access the systems chosen in the latter case, can spend weeks trying to find a weak server or by sending e-mail falsely to entrap his victim.

In conclusion, to protect the Ransomware you must open attachments, images, or links in emails that are not trusted or suspicious messages on social networks. We must maintain backups of all data, updated servers and change all credentials by default for any device.

PHISHING

It is, basically, of blatant deception. Is the creation of web pages and emails with format, identical to the organizations logos and images and real to request (and steal) business credentials of the users, which in many cases also involves stealing its funds. This method is quite used to access to foreign bank accounts, but has also been in the world of the criptomonedas frequently. A good example of this occurred at the beginning of this year, when he was to circulate - not for the first time - a false message that allegedly came from the House of change Coinbase.

On the other hand, according to Cisco, the increase in phishing to steal the credentials of online portfolios usually come from the hand of the increase in the price of Bitcoin. Fortunately, to avoid it, just pay attention: imitations are never entirely accurate, there is always something out of place, especially where the parallel is concerned. When it comes to providing sensitive data, be sure that it's the official URL, no more or less characters.

KEYLOGGERS

They are programs that, once installed on your computer, they detect the Pulsations of the keyboard and the mouse at the time just to find out the passwords , but sometimes they are also able to search for information stored on the disk and the browser - as the cache and portfolios--to achieve it. They are often purchased through phishing, as we saw in February this year, when it began circulating an e-mail spam where becomes a false bank notification to the victim with the intention that, when you click the link, to download the keylogger on your computer and find out their credentials.

To combat them, must also pay close attention to the emails, where usually arrive. In addition, worth change passwords and credentials with some frequency, though the change is only a character.

RATS (REMOTE ACCESS TROJANS)

The Remote Access Trojans , better known as "rats" for its acronym in English, can be a real nightmare for the victim and a masterpiece for the hacker. If you are installing on a computer, it literally will be as if it had been stolen, since (depending on the type of "rat") the hacker can control any distance function, such as if you have PC on their hands. In this way, can make a simple joke as opening and closing the port of CDs, activating sounds and change the wallpaper, to delete files, send messages, use private accounts, install applications, and of course, steal passwords and use the cold portfolios without protection. Creepy, isn't it?

Of new, more popular distribution method is junk e-mail, or links that come from unknown emails should never open or attachments. But besides the rats also hide in files shared through P2P programs and downloads of non-certified programs. Thus, for example, in 2013 he was circulating an application for Windows called Bitcoin Alarm, who allegedly warned about changes in the price of the criptomonedas, but it was actually intended to steal the BTCs of the unfortunate that they installed it, because it was a RAT.

Now, it is noteworthy that all those mentioned so far can be avoided, most keeping a good antivirus and Firewall active .

MONEY EXCHANGE AND MARKETS

Exchange houses are houses of change and not purses for some reason. They should not at least take handbags, then everything that is online is likely to be hacked, and worse still, when you trust your criptomonedas to a Bureau de change, these criptomonedas, technically, are not yours. You lose control over them, they pass to be decentralized to be centralized in the platform of that company, whose obligation with you is limited, on many occasions, to ethics and mutual benefit. But that's another story which we will discuss later.

As regards hacks , must say that platforms of bureaux de change and different markets online have been shown to have many weaknesses at the computer level, which, for hackers, are very easy to Rob white. The great example of this is Bitfinex, one of the most popular ones in fact, of which were extracted 120,000 BTC last year; quantity that just ended to reimburse its customers recently. But, of course, is not the only. ShapeShift, Gatecoin and Bitstamp were also stolen in the same way.

In addition, online markets that support deposits in criptomonedas are also susceptible to hacks. Recent example of this is AlphaBay, to which a white hat hacker warned of the presence of a bug in its systems that allowed him to access more than 200 thousand private messages. Fortunately, there are also still this type of hackers, who are dedicated to find weaknesses to warn administrators.

Ending: it is not recommended to leave funds stored in houses of change and markets online . Always keep them on your personal device.

TELEPHONE AUTHENTICATION

Two-factor authentication was designed to add security to online accounts. In this way, the user must not only enter your password, but a code that is sent to your mobile phone via SMS. And in this way, also forgotten passwords can be recovered as simply enter the telephone number and wait for the response from the server. Who would this become a weapon for hackers?

But it was so, when they discovered that some telephone companies have a weak security they allow to supplant the identity of their customers without too much difficulty . So the hacker of the day only has to call the company, requesting that they transfer your number to another company and use two-factor authentication to reset all passwords, including emails which are used for services financial criptomonedas trade. In August of last year Jered Kenna, a Colombian citizen, lost millions of dollars in bitcoins due to this trick.

From this perspective, it seems not very recommendable to use two-factor authentication. However, still can serve as extra layer of security if the telephone company has appropriate identification measures.

BUGS IN SMART CONTRACTS

Smart contracts have become a second revolution after Bitcoin, as it demonstrates that Ethereum, the leading platform that facilitates this type of contracts, will continue in second position in the market of criptomonedas. They are useful for virtually anything. But you have to admit that they are still under development, so their security is not inviolable. A minimum error in their programming is an open door for hackers wide, which can enter and steal all the criptomonedas that there are stored.

The DAO event last year, which in fact caused the Ethereum division in two, is the greatest proof that smart contracts are still halfway: stolen $ 60 million due to a weakness in the contract is not easy of ignore, especially when catching the culprits is virtually impossible.

In this case, it is best to adhere to a reliable platform to use smart contracts. Some applications, in fact, specified in their white papers which will be its security enhancements in this aspect and how would funds be misappropriated or would regain them in the event that the were. Ethereum, after all, conducted its bifurcation to recover millions of dollars stolen.

EXTRA FOR NON-HACKERS: STEAL THE KEY PRIVATE AND SCAMMING

In addition to the numerous possible hacks to steal the criptomonedas, other criminals prefer to use methods much less technical but equally effective. The simplest of them is perhaps steal the private portfolio key that surely you listed / save somewhere beside the 12 words of recovery, if your wallet offers that alternative. Remember that this is the key to your own vault, and whoever has it will control the funds that are in it, so it is highly recommended that you keep it in a safe place that you also remember, as you must not lose it.

Another method to steal big criptomonedas are the different types of scams . Previously mentioned that bureaux de change and markets the funds already not are controlled by you and your obligation, many times, it is limited to ethics. So in fact there is the possibility that administrators are drained funds, just as it happened with Mt. Gox, Cryptsy and, more recently, Bitcurex . Unfortunately it is a usual practice, and the only possible defense is to ensure that the Exchange House is reliable and accountable to its users. Some of them, such as Coinbase and Bitstamp, are officially regulated so that, in that regard, the funds should be safe.

upvote.png

Sort:  

Wow, thank you for this, I think I need to research my current exchange better, as I dont see it mentioned.
New to this whole crypto thing, and learning on the fly, so again thank you for this informative post. Upvoted and resteemed...

Curious to know if Steem has a 12 - 24 word seed that's used on the backend server to generate the private keys? While I know holding in offline cold wallets like Trezor can prevent a lot of this. Investing in Steem for steem power is a vulnerability that would seem ripe for goxxing, especially if Steemit becomes the next FB.

Yesterday I opened a post about ethereum that had a link to see the news. After I selected it, I was shown the same dialog box with steemit asking me for the password to enter. I realized it was a trap to get my password. you have to be very aware.

Yes, seeing those "Glitsch on Steemit" are a dead giveaway. Lots of space below before the Cheeta bot labels it. I don't bother if you have to go through hoops.

Dear @covals it's been an honor to browse your useful content, by any chance do you have security tips as well ? I mean there are these ways to hack now how can an individual secure for not getting hacked ? I think it would be a very nice follow up! Don't you think ?

THANKS I M GOING TO SHARE THE INFORMATION THAT YOU NEED IN A FUTURE POST

Thanks for these very useful tips on security, information that always bear repeating.
A small tip: many readers can probably guess what criptomonedas means, but querencias is rather hard for anybody that doesn't know Spanish (and maybe Portuguese).

This post has been ranked within the top 80 most undervalued posts in the first half of Oct 03. We estimate that this post is undervalued by $14.53 as compared to a scenario in which every voter had an equal say.

See the full rankings and details in The Daily Tribune: Oct 03 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.

If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.

Good info.thanks

Congratulations @covals! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published 4 posts in one day

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Thank you indeed. I have to resteemit and reread this because I cannot swallow it from the first time. Ja, ja. Was the original version written in Spanish?

Its sad what it comes down to for some people to make money, obviously they are very tech savvy and know what they are doing, so instead why don't then mine crypto currencies instead and earn money properly rather then stealing from individuals like us.

Thanks for information :0 :)