Last summer Bleeping Computer reported of alleged attempts of hacking of 2.3 million Bitcoin wallets. The attack was carried using malware known as “clipboard hijackers”. This malware breaks into clipboard replacing the copied wallet address with the address of hackers.

Such type of attacks was predicted by Kaspersky Lab specialists in late 2017. So it comes that in several months this type of attack went from hypothetical to the most spread one. According to the Kaspersky Lab report, over $9 million worth of Ethereum (ETH) was probably stolen by cyber criminals using social engineering schemes in 2017.

Can We Protect Ourselves?

The long-time entrepreneur and investor Ouriel Ohayon is one of many experts thinking that the users should be caring more for the protection of their data:

“Yes, you are in control of your own assets, but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed — without knowing. I am always amazed to see around me how many people, even tech-savvy ones, don’t take basic security measures.”

Each year thousands of people become victims to quite simple fraud schemes (like phishing sites mimicking some legit sites). Around $200 million worth of cryptocurrencies a year is sent to scammers globally.

The analysts from Hackernoon point at three general types of malicious activity in the cryptocurrency community:

1. Hacking of exchanges, ICOs, and blockchains.

2. Distribution of software that executes mining secretly.

3. Attacks on wallets.

The Ways Hackers Use to Steal Private Keys/Cryptocurrencies

App Store and Google Store Applications

Many victims of cybercrimes are Android users because Android doesn’t require the using of 2-step authentication (or 2FA). Hackers used to place malicious cryptocurrency-related applications in the Google Store. This software was gathering the user data needed for attacks on the users’ assets.

Once hackers created a fake app mimicking the app to get access to the famous Poloniex exchange although the Poloniex developers didn’t create an app for Android at all. Around 5,500 traders lost their assets before the app was removed from Google Play. People preferring iOS gadgets usually face another problem — the apps that secretly use devices’ resources for mining.

It’s better not to download the unnecessary apps. If you want to download it please make sure that the company’s official website confirms the existence of this exact application. 2-step verification can be an effective mean of protection.

Slack Bots

Slack is frequently used for frauds. Hackers send notifications warning users of some sort of problems with their cryptocurrencies. These messages incentivize people to click on a link and enter the private key. Sounds ridiculous, but people get scared and provide their private keys to strangers. If you face such activity it’s better to report bots. Also, it is possible to use security bots.

Add-ons For Traders

There many cryptocurrency-related extensions for different browsers. Using them is not safe for many reasons. Javascript-based extensions are very vulnerable. Some of the add-ons use CPU power for hidden mining, and all of them track your internet browsing. A good idea is to use a separate device for operations with cryptocurrencies and never use extensions on it. If you can’t afford a separate device, you can use a separate browser free of extensions.

Authentication By SMS

The cellular system is vulnerable and it’s better never use authentication by SMS because this can lead to losses which was vividly demonstrated by Positive Technologies. It’s better to use software 2FA instead.

Public Wi-Fi

Don’t even think of making any actions with cryptocurrencies using public wi-fi. This option is too risky. For more safety, it’s better to update the firmware of your router regularly.

Fake Websites and Phishing

Back in 2017, it was reported that hackers managed to steal around $225 million in cryptocurrencies using phishing and fake websites. The method doesn’t seem to get old. The website may look like the one that you use but it’s possible not to notice a little difference in the address — one letter can be different. When you enter your private data (password, keys, etc) on this website you share it with hackers. So it’s important to pay attention to the details. When you interact with cryptocurrency-related sites you should always use HTTPS protocol. ALWAYS.

Conclusion

Yes, it’s pleasant to rely on somebody else and feel guarded, but it’s much better to realize and take responsibility for the safety of your assets. You can see that it’s not a hard thing to do. Just avoid these several risky situations and most probably you’ll be OK.