FX.co ★ 5 ways to steal cryptocurrency (and protection against them)
5 ways to steal cryptocurrency (and protection against them)
The experts of the Hacker Noob portal identified three main categories of malicious attacks:
1. Attacks on blockchains, exchanges and ICO;
2. Distribution of spyware software for hidden mining;
3. Direct attacks on users' wallets.
At the same time, cybercriminals mainly rely on human inattention - the main vulnerability in the system, which is good news. By observing security measures, you can save your digital money.
Google Play Store and App Store
Most often, hackers attack the Android phones, because this OS does not use two-factor authentication technology (giving access to the private information only after entering password, login and additional information).
The attackers add applications to the Google Play Store under the guise of well-known cryptocurrency resources that, when launched, request personal data and send it to hackers. Once criminals placed an application on Google Play on behalf of the Poloniex cryptocurrency exchange and over 5.5 thousand users suffered from this trap before it was deleted.
The Apple Store has stricter store policies that provide iOS users with better protection.
Therefore, do not install applications on your smartphone unnecessarily; check the official website of the cryptocurrency platform for links to the application. Whenever possible, use two-factor authentication technology.
Plug-ins and add-ons
Often, attackers install spyware under the guise of "innocent" plug-ins and browser add-ons. Such additions can read all your actions during operations on cryptocurrency sites.
You should install a separate browser for trading, as a last resort, use the incognito mode. The safest thing is a separate computer (hard disk with the operating system) or a smartphone for trading.
SMS authentication
When using SMS authorization, you must disable call forwarding to protect access to your personal data.
It is better not to use two-factor authentication via SMS (when the password is sent on the phone), but to use special programs. Cybersecurity experts are sure that intercepting SMS with a password sent via SS7 is not difficult, as well as intercepting an incoming call due to the high vulnerability of cellular networks.
Public Wi-Fi
Never use Wi-Fi in public places for cryptocurrency operations. Otherwise, you can be a victim of a KRACK attack, when the device reconnects to the hacker Wi-Fi network, and attackers gain access to your personal data.
In addition, the firmware of the home router should be updated; manufacturers regularly issue security updates to their devices for better data protection.
Clone sites (phishing)
Phishing is a cloning of an existing site for some purpose, most often to steal the login and access password. Therefore, carefully check the address of the site before entering data.
When visiting cryptocurrency resources, be sure to use the HTTPS protocol. In addition, in the Chrome browser, you can install the Password Protector application, which signals when a password is entered on clone sites.