No one can argue that bitcoin has become a phenomenon that can’t ever be overlooked; the number of mainstream businesses adopting it, as a payment method, is increasing steadily and more and more venture capitalists are chipping in into various bitcoin startups. However, as the world’s first cryptocurrency is becoming more and more popular, this comes with a serious premonitory, especially that the anonymity offered by the blockchain technology is so tempting to hackers and fraudsters.

Whenever you become a victim of identity theft leading to loss of funds off your credit card or bank account, your losses would be covered by your bank or insurance company, but what if your bitcoins were stolen? Who would cover for your losses then? Accordingly, securing your PC and bitcoin wallets is crucial to turn down most hackers who might try to steal your coins.

How Hackers Can Target Your Bitcoin Wallets and Trading Accounts:

To maximize the security of your bitcoin wallets, you first need to understand how hackers can target your PC, mobile or server to steal your coins. Here are the most common types of attacks, hackers can use to exploit the vulnerabilities on your OS and steal your bitcoins:

1- Phishing:

Phishing IP addresses has always been one of the most commonly used types of hack attacks. Occasionally, the “IP phishing” is just the first step in more complicated types of attacks. In my opinion, nowadays if the IP of the “target” is recorded, 50% of the hacking process is already completed.

In most instances, a hacker creates a malicious link and sends it to the target machine, and once the user clicks on it, the IP address of his/her machine is recorded.

If you are using an online BTC wallet, you might receive a “fake” email that includes a link that directs you to a “fake” page of your online wallet login page and when you enter your login details, they are directly sent to the hacker who would definitely use them to drain all the BTC in your wallet; however, as all top online wallet providers have SSL protection, if you are attentive enough, you can bust such “fake” login pages easily.

2- Keyloggers:

In my opinion, keylogging is the easiest way to capture a password. A keylogger can be so deceiving that even a tech-savvy victim can fall for it. Simply speaking, a keylogger is a script code, which once installed on the OS of a target machine, records all the strokes on the keyboard and sends them back to the hacker, mostly via FTP.

The success of the process of injecting a keylogger is dependent on numerous factors including OS, the keylogger’s lifespan, the level of footprint infection on the target machine. Keyloggers are usually injected using a web browser exploit. Security vulnerabilities of the target machine vary according to the type of browser being used; whether or not the copy of the OS installed on the target machine is genuine or not; whether or not the OS is up-to-date regarding security vulnerabilities and bug fixes (2).

3- Stealers:

Stealers are pieces of software that retrieve the passwords and login credentials stored on your browser. Once FUD, some Stealers can be very powerful. In most instances, a stealer is a .bat file that can be injected into the target machine online or via a USB drive through “social engineering” (1).

4- Cookie Hijacking:

Cookie hijacking, or session hijacking, is the process of exploiting a valid computer session maliciously to gain unauthorized access to information or service on the target machine.

As http communication utilizes many TCP connections, a web server has to have a method to identify every user’s connections. Session tokens and cookies are the most commonly used client authentication methods nowadays. Cookie hijacking has many forms including session sniffing, cross-site script attack, side-jacking, man-in-the -middle attack and man-in-the-browser attack (3).

How Can You Secure Your Bitcoin Wallets and Trading Accounts?



1- Operating Systems and Bug Fixes:

Using a genuine OS that is regularly updated for security vulnerabilities and bug fixes is the first step in securing your bitcoin wallets. I would never recommend using android devices to access your bitcoin wallets, because, in my opinion, the android OS is full of security vulnerabilities that would act like a magnet attracting hackers.

2- Desktop Bitcoin-qt wallets Vs Online Wallets:

The security of most online bitcoin wallets is questionable. A large number of online wallet providers and bitcoin exchanges have suffered from a wide variety of security breaches and to our present day, such services still don’t offer adequate insurance and security to its users. If you have to use an online bitcoin wallet service, use “two factor authentication” to boost your security.

Bitcoin-qt wallets are the best option to maximize your security which will render you the only one having the private keys of your bitcoins. Don’t put all your eggs in one basket i.e. keep small amounts of money on your computer, server or smartphone for everyday expenses and use “cold storage” to store the majority of your coins. You should use strong passwords for both types of wallets. Multi-signatures is also another feature that can maximize your security.

3- Using Proxies and VPNs:

Proxy servers and VPNs can increase the security of your bitcoin wallets. Although most people wrongly think that a VPN grants them anonymity online, the truth is it doesn’t, yet it boosts privacy. Think of VPN as “window curtains’; the curtains promote privacy of the activities taking place inside your house, yet the address of your house can still be identified.

VPN minimizes hackers’ access to the open ports on your router so reduces the possibility of successful hack attacks (4).

4- Anti-Phishing Browsing Behavior:

Always, be cautious before clicking on any link. As mentioned earlier, your IP addressea would be recorded the second you click on a malicious link. Whenever you are suspicious about a link, use a “Website Phishing Check” service before clicking it.

5- Encrypt and Backup Your Wallet(s):

A wallet backup is indispensable to protect against PC failures and human errors. An encrypted wallet backup can help you retrieve your coins after your computer or mobile phone is stolen. You should always encrypt your online backups; even a PC connected to the internet is rather vulnerable to malicious attacks. Accordingly, any backup that can be accessed via the internet should be encrypted (5).

6- Cold Storage:

An offline wallet is also sometimes referred to as “cold storage” of bitcoin. Cold storage is the best way to store bitcoin in a secure place that has no network access. Cold storage should be used to store bitcoin savings.

Conclusion:

Although bitcoin represents the mostly targeted digital currency by hackers today, following strict security measures can turn down most attacks. Dealing with bitcoin should be approached on a secure machine while also adopting secure web browsing behavior.

References:

1- Ethical Hacking and Penetration Testing Guide 1st Edition

by Rafay Baloch. http://www.amazon.com/Ethical-Hacking-Penetration-Testing-Guide/dp/1482231611

2- Keyloggers ETHICAL HACKING EEL-4789 http://web.eng.fiu.edu/~aperezpo/DHS/Std_Research/Keylogging%20final%20edited%202.0%20.pdf

3- OWASP. Session Hijacking Attack https://www.owasp.org/index.php/Session_hijacking_attack

4- I Am Anonymous When I Use a VPN 2015 Edition: With 3 New Myths https://www.goldenfrog.com/take-back-your-internet/articles/myths-about-vpn-logging-and-anonymity

5- Bitcoin.org. Securing Your Wallet. https://bitcoin.org/en/secure-your-wallet