Cryptocurrencies are the rave of the moment, and you need to know how to beat hackers on the prowl.
Over the last year, cryptocurrencies have taken the front when it comes to talking about the future of the economy. These currencies have grown into the mainstream, led partly by reports about them being the safest in the world.
However, ask anyone who’s been around for long and you’ll hear differing opinions. A quick search in Google will return dozens of news items speaking of cryptocurrency theft. Some of them will report millions of dollars in bitcoin vanishing into thin air.
These reports can make it difficult for people to know what to believe. If cryptocurrencies are as safe as they say, how come they keep getting stolen? How does one steal a supposedly safe crypto active in such a way that it’s impossible to get it back?
The answer to this question is simple. Blockchain, the system behind cryptocurrency trading, is about as safe as any system can be. It can’t be hacked, data can’t be edited without permission, and all changes are logged in its ledger. This is a core focus of crypto assets management.
What this means is, the safety problem isn’t in the blockchain. The safety issues around cryptocurrencies are entirely the users’ fault. In all cases of crypto being stolen, there’s been at least some degree of user input. And in the end, the best safety feature is to know what you’re doing and how it can affect you.
But, how do crypto wallets get hacked?
There are several methods that can be used to rob people of their hard-earned bitcoin and other crypto assets. As stated before, except for cases where exchange platforms have been hacked into, user input is usually part of the problem. And user input begins with the basics: passwords.
It might seem absurd to some people that in 2018 hackers are still simply guessing people’s passwords. However, this is one of the most common ways of crypto hacking or any kind of hacking. However, the rise of crypto leverage trading has brought with it a lure that criminals cannot resist.
How does social engineering work?
Simply put, social engineering passwords consist in figuring out what somebody’s using to access their accounts. It usually comes in the form of guessing usual password phrases, like birthdays or anniversaries. To avoid this, having secure passwords is extremely important.
In some other cases, thieves might coerce you or just convince you to share your access data with them. Usually, this is done with lots of finesse, to keep their target from noticing such info is being extracted. Either way, the moment you give somebody else access data to your finances or any accounts you’re at risk. So don’t.
Just as well, phishing emails and messages are a common way to obtain access data to your accounts. As a general rule, no institution will ever ask for your personal data via email. Particularly if this data includes social security numbers or usernames/passwords they should have no need for.
My access data is secure and I don’t share it. What else?
Once social engineering has been ruled out as a way to hack into an account, there are other methods. These are more invasive, but they’re straight to the point. The most common one, as it happens, is a clipboard hijacker. The best bitcoin wallets can give you a safeguard against this hack.
For cryptocurrency wallets, the addresses are usually long and almost impossible to remember. Therefore, most users keep their wallet information on a database such as KeePass or LastPass. These encrypted databases allow for quick access to data users would otherwise forget. When the user needs it, they ask the software for their wallet address, which is stored in the clipboard. Then they just have to paste it in the corresponding field and…
Then they get hacked because the clipboard hijacker detects this and replaces the user’s wallet address with the hacker’s. Since blockchain transactions are untraceable, once the user notices this it will be too late. The crypto actives will then be long gone.
To prevent these, simply refrain from installing any suspicious software on your computer. This kind of software more often than not comes bundled in completely unrelated packages, so be wary of anything. Back in the 2000s, one of the most common ways to distribute keyloggers was through fluff software such as SmileyCentral. The same can happen with clipboard hijackers.
It may sound silly that hacker would distribute software like this since most people don’t use cryptocurrencies. In truth, hackers don’t care about those. It might take thousands of installs to reach a mark, but once they do, the payout is big.
These programs eventually get reported as viruses, but it can take weeks or months for them to be detected. Over that time, no antivirus will find it, meaning the only way to be safe is by acting safely. Don’t install suspicious or unknown software, at all.
I don’t even use my PC much. What else is there?
Just as PC software can be problematic, so can smartphone apps. Specifically, smartphones can fall prey to both clipboard hijackers and fake apps.
Ever browsed the Google Play Store looking for any software? You’ll find the one you’re looking for, and dozens of copycats. Many of these do it just trying to get exposure, but some will come from disreputable sources. This happens with any software, crypto trading software included.
Specifically, copycat apps can look or act like the official ones. Only, instead of sending the cryptocurrencies where you want them, they are sent to the thief’s wallet. Just as with clipboard hijackers, these apps do get reported… but it can take days.
As with clipboard hijackers, these are simple to avoid. Always make sure your apps come from reputable sources, even if said apps are unrelated to crypto.
If no crypto apps, Now what?
Other two very common ways to hack into accounts are browser extensions and phishing websites. These are used not only for crypto hacking but for basically anything. Phishing websites are one of the most common ways of stealing from PayPal accounts. Turns out they’re just as useful for crypto.
In order to avoid phishing websites, always go directly to the website you want. Don’t follow hyperlinks or ads, just type it into your browser’s URL box. Just as well, make sure to type addresses correctly. Mistyped domain names can lead you to a fraudulent website.
As for browser extensions, once again only installing reputable ones is mandatory. On top of that, most browsers disable extensions when running in incognito/private mode. To avoid getting your crypto wallet hacked via an extension, you can try accessing it only via incognito mode.
Is that all?
There are always new methods of hacking. As long as there are valuables to be stolen there will be people looking to steal. However, the takeaway here is that even the most secure system in the world can fall prey to poor use.
The blockchain is an extremely safe technology, one that has never been hacked directly. Yet, using the methods above described, hackers managed to steal over $10M in Ethereum just last year. The fault here almost always lies with user input and poor user security.
After all, the most secure system in the world is worthless if it isn’t properly used. You could install all the best security measures at home, but that won’t keep thieves out if you leave the doors open and the systems off. The same happens with cryptocurrencies and online banking in general.
Some tools, like antiviruses, might help protect you from hackers. Yet in the end, the best security system will always be being wary of what you do on the internet.
- Suspicious wallets
- Email access fraud
Denise Quirk is a Health Advisor and fascinated by Crypto, Blockchain Revolution. She is a believer in transforming complex information into simple, actionable content. She is keenly interested in finding the value of the crypto world. She writes for Coin Review, Bitcoin Warrior, Irish Tech News, etc. You can find her on Linkedin, Twitter, and Facebook.