Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Even though wallet operators have a large role to play in protecting funds, customers also need to educate themselves to avoid phishing scams.
As the global crypto economy continues to prosper, with Bitcoin (BTC) currently occupying the $15,500 region, questions regarding the overall safety and security of digital assets continue to persist, especially in the wake of a new scam whereby hackers made use of a phishing email to direct users to a fake Ledger website. According to various reports, victims were scammed to the tune of 1,150,000 XRP, worth approximately $290,000.
Dave Jevans, CEO of blockchain intelligence firm CipherTrace and chairman of Anti-Phishing Working Group, told Cointelegraph, âLedger should clearly have a more aggressive defensive domain acquisition strategy, as look-alike domains were used by phishers in an attempt to trick Ledger users.â He explained further that an illegal money-making scheme employed the use of a homoglyph in the companyâs official URL â in this case, a letter that looked like the letter âe.â He added:
âThe phishing scams were likely a result of emails released from an e-commerce/marketing data breach. An unauthorized third party had access to a portion of Ledgerâs e-commerce and marketing database through an API Key.â
Earlier this year in July, the Ledger team revealed that it had been on the receiving end of a data breach, as a result of which nearly a million email addresses were compromised, along with the personal details of a subset of 9,500 customers. Furthermore, back in 2018, scammers were able to devise a copy of the Binance website (complete with an SSL certificate), which remained active for some time before being taken down.
Lastly, some miscreants were able to rake in a sizable 1.4 million XRP tokens in March by making use of a scammy Google Chrome extension that replicated Ledgerâs likeness. In fact, the extension was live on the Google app store for nearly a month. Speaking on the various security protocols that the company employs, a spokesperson for Ledger told Cointelegraph:
âLedger has its own attack lab, Ledger Donjon, where the security experts try to hack and stress test our own solutions, the solutions of our partners, and our competitorsâ solutions. Furthermore, Ledger regularly conducts penetration tests.â
Customers bear responsibility as well?
It goes without saying that wallet operators need to be on top of their security game when it comes to protecting the assets of their customers. However, phishing attacks are a common occurrence, not only within the crypto space, but with any online service that involves a means of payment.
Speaking on the issue, Pavol RusnĂĄk, co-founder and chief technology officer of SatoshiLabs, the firm behind the Trezor wallet, told Cointelegraph that itâs of prime importance that crypto owners are careful and double-check every piece of information they receive in relation to their digital assets, be it from their wallet providers or the internet in general:
âIf an email claims you need to do something, you can always confirm this via vendorâs support or with other users on Reddit or Twitter. As for what vendors can (and should) do is to decrease the possibility of the leak by not sharing their customersâ data with third parties and decrease the impact of such leaks by deleting their customersâ data after a certain period of time.â
A similar outlook was shared by Jevans who believes that matters related to customer security and privacy need to be viewed with a lens of âshared responsibility,â such that hardware wallet operators as well as crypto owners work in sync with one another to ensure the optimal safety of their assets from third-party threats.
Jevans encouraged users to take reasonable safeguards to protect their value and take responsibility for their actions by using practices that are steeped in individual data safety, adding: âDeploy two-factor authentication as well as never click on a ledger link unless they specifically requested their password reset. Users should always type the URL themselves when visiting the Ledger site directly.â
Crypto education remains crucial
Despite being revolutionary in design and technological potential, crypto continues to remain a foreign concept for most. However, by providing people with monetary self-sovereignty, the technology has also burdened them with a lot of personal responsibility, especially in terms of individual financial security. As a result, it stands to reason that companies in the blockchain and crypto space need to educate their users about the security implications of their actions.
RusnĂĄk believes that the industry still has some ground to tread regarding security. He pointed out that a number of companies operating within this domain today tend to make gross oversimplifications, such as, âYour coins are safe because your wallet has a secure element,â or, âYour coins are safe because our exchange is insured.â To this, he added, âThis is not helping with the matter, making people believe something which is not true, rendering them defenseless.â
Statistically speaking, around 85% to 90% of crypto owners seem to fall prey to very common crypto theft schemes, typically fake investment scams rather than phishing traps, according to data provided to Cointelegraph by CipherTrace. As a result, Jevans believes that it would be in the best interests of major hardware wallet operators to use their platforms to educate their users about what to look for when it comes to phishing attempts, particularly when these scams invoke the wallet providerâs name:
âBased on hundreds of crypto theft and fraud cases, crypto users need to become much more sophisticated regarding their personal security operations (SecOps) when they choose to custody their private keys. Many crypto crime victims do not know what to do when they discover they have experienced theft.â
Wallet operators should become industry trendsetters
While companies like Ledger and Trezor do have dedicated information related to phishing and other similar, scammy tactics on their websites, these pages are not easily accessible and are usually buried deep within troubleshooting FAQ sections. Therefore, it seems reasonable to expect that e stablished wallet providers do more in terms of providing customers with streamlined access to high-quality education that centers around security.
On the issue, RusnĂĄk is adamant that transparency and education are the keys when it comes to maximizing the security of oneâs funds. He opined that users canât really be safe unless they actually take time to sit down and understand the nitty gritty of crypto security and personal wallet safety.
On a more technical note, he explained that the core operational design of Trezorâs various wallet options are fully open-source and that the company is completely transparent about all of its various operational agreements with its customers, to avoid all legal monetary issues encountered later down the line: âIt will take some time until every company in the cryptocurrency space understands this, but itâs also our job to demand transparency and openness from service providers we use.â
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.