By: Doge Invest Group
Trading cryptocurrency is now more popular than ever, which means that crypto crime is at an all-time high.
Your cryptocurrency holdings are one of your most attractive assets to attackers because it can be stolen and transferred out to an anonymous wallet within seconds. Hackers will often attack exchanges directly, or employ any number of schemes to get their hands on your money. Ideally, you want to know how they do it and what you can do to prevent it.
[Cryptohacking], the act of using nefarious or seemingly benign efforts to compromise someone's account or computer system to take control of their cryptocurrency holdings totaled nearly 1.8 billion in losses last year alone. That's 50% more than all the previous years combined!! In order to survive in this ecosystem, understanding the hacker mentality, what they're after and how they go about it will be critical.
Doge Invest Group worked hard to write this guide to not only protect your money from attackers now, but in the future when passing your crypto down to a family member, say, your children will be just as common as routine doctor visits.
See: Cryptocurrency thefts, scams hit $1.7 billion in 2018 [Reuters]
Who do the attackers target first?
Human error is often one of the first attack vectors for a crypto hacker. Crypto thieves often target common security mistakes such as weak passwords, user ignorance, ignoring software updates, users who commonly do not backup their wallets, and install rogue software from malicious popups. Cryptohackers will often check for weak passwords used on exchanges, often when the same password is used for different servers. Attackers often sniff for weak passwords sent over plaintext which is a no-no and compromise email accounts where people often use the same passwords they use on exchanges.
See: Red Hat Linux Security Guide [MIT ]
Why are people so vulnerable to common attacks?
Social Engineering is a form of cyber attack where an attacker will attempt to gain unauthorized access into a computer system or network by non-technical means such as impersonating an officer on duty or contract worker. Social engineering attacks are so common and so prevalent because they exploit everyday, normal human emotions. Similar attacks often work in the Blockchain world because the methods are so universally ingrained in human consciousness that only by explicitly looking for and being able to identify these types of attacks can one hope to keep their finances safe on the Blockchain and out of the hands of hackers.
Common cryptohacking methods are:
1. Impersonation - A hacker will attempt to impersonate a system administrator or trusted entity, often claiming to be from an exchange.
the hacker may request or demand login details claiming your account could be suspended or is in some type of danger and needs you to relogin.
2. Likeability - A hacker will go out of her way to befriend you, establish rapport with you and appear to have as many things in common with you as possible. After establishing trust, the hacker may either have you install some rogue software on your computer or simply ask for your password flat-out. One of the cybersecurity basics is to never share your password with anyone and someone requesting your wallet password should be an immediate red flag.
3. Acceptance - A hacker knows that people who participate in a community generally want to be accepted by that community, so if the hacker can convince you to do something because other prominent community members have done so as well then they know you've just taken the bait. Hackers may setup fake sweepstakes, events or giveaways and demand crypto be sent to a wallet address, usually one of their very own. They will promise the sun and moon for sending the money, however once sent, those funds are usually never seen again.
How you can protect your assets?
Well firstly, never hold your entire cryptocurrency portfolio on exchanges. That is like the cardinal rule of Blockchain. The cryptohacker's prime target for intrusion is the crypto exchange. Binance doesn't even go excluded from the list -- there have been attacks there as well. We recommend storing your cryptocurrency holdings on a desktop wallet, running Linux offline if possible. Even better, a dedicated hardware wallet such as a [Ledger- link] or [Trezor - link]. This wont completely thwart attackers but it would require them to have physical access to your device and they'd need your password. It is true, some very advanced researchers simulated techniques to break into hardware wallets but they are still the securest way by far to store cryptocurrency and are constantly updated with security patches. Storing your coins in your own wallets, offline will make it that much harder for hackers to reach you. Hardware and Desktop wallets offer a crucial layer of security that just may save your portfolio.
- https://electrum.org/#download
- https://www.exodus.io/releases/
- https://trezor.io/
- https://www.ledger.com/
- Bitcoin Core -https://bitcoin.org/en/bitcoin-core/
Note: Bitcoin Core and other Core type wallets will run as nodes on your computer, highly secure and made for the fastest transaction times they will download the entire blockchain to your computer in order to fully verify each and every transaction. This type of wallet is recommended for experts and hobbyists alike, and anyone who wants to make the blockchain more secure by installing it. I've personally used Bitcoin core, and others but my favorite goto wallets are Exodus and my Ledger.
Use 2FA. An extra layer of protection is not redundant nor is it useless when your money is involved. 2FA (Two Factor Authentication) is the idea of verifying login credentials via a secondary means not available to an attacker. For example, with 2FA enabled -- each time you login to the crypto exchange, you'll then be prompted to enter a 2FA code that will only display on your personal cellphone to confirm your identity.
Use complex passwords, different for each exchange and stored in password managers. In the early days of the internet, there was no such thing as a password manager. Today there are multitudes of them. I use [Universal Password Manager - https://launchpad.net/~adriansmith/+archive/ubuntu/upm] on Ubuntu Linux but there are so many password managers. UPM is good because it protects your passwords and offers a ton of encryption so no hacker will be stealing your passwords any time soon, small file, easy to install.
Apart from taking protective measures against hackers using common exploits and taking advantage of commonplace errors some attacks are increasingly advanced. We have to always educate ourselves continually on security and blockchain, and be very cautious of people looking to send you on a first class trip to the poor house. No one should need your wallet passphrase or key, and a system administrator will never ask for your password. Make a habit of using better judgment here, and never send money to random addresses on Twitter.
I know this guide is nowhere near in depth as to cover the full scope of cryptocurrency and cyber attacks but I hope it will serve as a primer on what to do and what not to do, especially for new users. I definitely in no for nor fashion plan to label myself an expert here. I'm an end-user just like you, but I've been studying up on security and watching various attacks pan out over the years so hopefully readers will walk away with something useful!
Until next time, adios!