Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Taking A Look At The Security Threats Which Every Crypto Investor Should Be Aware Of
Security threats have been plaguing the crypto ecosystem since it started to exist, however, it has become a nuisance in the recent days. Here is a list of 6 vectors that you should not only be aware of but also calibrate your online activities defensively.
Command And Control Attacks
There are numerous advanced persistent threats (APTs) that can be and have been used to steal crypto, with command and control attacks not the least among them. C&C attacks involve hackers sneaking malicious executable files into victimsâ computers in order to scrape things like passwords, logins, IP addresses, and more. Such data can then be used to compromise exchange accounts, for example. This is commonly committed amid spear phishing campaigns.
Keyloggers
Insidiously simple and effective, keylogging, also known as keystroke capturing, involves the deployment of malware or even hardware that tracks all the keystrokes entered into a given device. The idea is to collect passwords and credentials that can lead to wallet compromises, e.g. Keystore file passwords that some use to secure assets on MyEtherWallet and MyCrypto.
Screen Scrapers
Likewise but through a different means, screen scraper software can be used to extract the pixels displayed on the screens of victimsâ devices. If thereâs sensitive data up when a screen is scraped, thatâs the attackersâ way in. The majority of APT attacks use a âmalware cocktailâ of coordinated screen scrapers, keyloggers, and C&C attacks.
SIM Swaps
A succession of SIM swaps have hit the space in 2018 â the attack vector involves malicious agents altering victimsâ passwords to compromise phone numbers and emails that are used to access crypto exchange accounts. The threat started to seriously gain attention in the space after a flurry of high-profile SIM swaps at some of this yearâs earlier cryptocurrency conferences made the topic unavoidable. Notably, in August crypto entrepreneur Michael Terpin hit AT&T with a $224 million lawsuit arguing that the telecom titan didnât do enough to prevent his own expensive victimization at the hands of a SIM swapper.
DNS Hijacks
The most high-profile example of a DNS hijack to date in the ecosystem came in April 2018 when popular Ethereum wallet provider MyEtherWallet was the victim of a regional DNS hijack attack.
In other words, the victims thought they were using MEW when they were actually temporarily using the attackerâs fake MEW. Definitely, this threat involves hackers redirecting DNS servers to a bad domain so they can intercept as many private keys as possible. Be sure to always check an URLâs SSL certification, as MEW now reminds its users as seen below.
Bad Actors In The Company
A possible textbook example of a rogue employee wreaking havoc in crypto came back in April of this year when Indian exchange Coinsecure accused its then-chief strategist officer of stealing 438 bitcoin from users. Itâs a reality that all centralized cryptocurrency exchanges face, insofar as they all simply provide highly-valuable, highly-concentrated targets. And itâs a reality that accordingly canât be ignored by traders. Moreover, even if they donât go rogue, employees at such exchanges have increasingly become targets of phishing attacks. Seldom these employees hold the âkeys to the kingdom,â as it were, and this dynamic hasnât been lost on hackers.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.