Wirrten by: Dmytro Volkov, CTO of the international cryptocurrency exchange CEX.IO. He has over 15 years’ work experience in IT, including over 10 years in financial markets. Author of trainings on financial and tech topics. Speaker at industry-wide conferences.
2020 has been a year filled with threats for crypto owners, not the least of which were frauds and hacking attacks that exploited vulnerabilities of browsers.
When it comes to cryptocurrency theft attempts, criminals almost always focus on the browser most users use to access exchanges to buy or sell crypto assets.
The first and simplest method of attack is phishing. For example, at the end of last year hackers mounted a large-scale attack targeting large corporations, one that took $160 thousand to launch.
Scammers lead users to fake sites that look a lot like the original. They actively employ social engineering to convince the victim that they need to perform some action immediately.
For example, a user might receive a message supposedly from an exchange employee saying that the user’s account is about to be blocked unless the user makes some urgent money transfer.
And if the browser is not set to avoid working over unsecure protocols or checking for suspicious sites and security certificates, the risk of hacking increases several times over.
On top of that, the latest news indicates that this risk also applies to those who use the Tor browser, which is often used to achieve anonymity. An attack called “man-in-the-middle” allows criminals to intercept and read data being transferred, as well as tamper with the packets you send.
Ways to combat these attacks over the Internet have already existed a long time and have become standard. First among these is the HTTPS protocol, which encrypts data sent by users.
By connecting over HTTPS, users can be sure they have accessed the real site, not a fake. But what criminals often do is force users to connect over the unsecured HTTP protocol instead of the secure HTTPS protocol.
It is believed that users can only be forced over to the unsecured protocol when initially connecting, and only by the ISP, such as a home Internet service or public WiFi network. But with Tor, an unsecured connection can also be forced on the user by the exit node, the node where the user actually accesses the Internet.
Therefore, by controlling the exit node, a hacker has the same man-in-the-middle attack capabilities as the user’s Internet or VPN service provider.
The Tor network’s anonymity merely adds fuel to the fire: node owners can literally do whatever they want. While ISPs care about their reputations and work to prevent these attacks, with Tor no one is risking anything. And when a hacker joins the connection, they can not only steal data from your computer, but also switch out the wallet address where you send your money.
How Can You Protect Your Crypto Assets?
There are generally accepted security rules that can help you avoid getting hacked and losing your assets. Here’s what you need to do:
1) Maintain a healthy skepticism toward all sites and verify the validity of their certificate and the security of the connection
Since phishing is hackers’ primary tool in their attempts to steal crypto assets, you have to be suspicious of every site. Hackers love making fake sites that look a lot like the original, so don’t be fooled by seeing the usual forms and graphics and double-check everything. If you’re pressured to switch to an unsecure HTTP connection, don’t do it.
2) Don’t click on links in emails and messages
A search engine or your Favorites list won’t take you to a phishing site. But links in emails and messages could take you anywhere. So don’t rush to click the button right in the email, even if it looks like it’s customer support writing to you. Enter the URL you need manually or access the site by googling it.
3) Regularly update your browser and your computer’s security systems
When it comes to the security of your valuable data, you should always operate on the assumption that the system you are using to access the Internet is vulnerable. Before performing any transaction with your coin, update your antivirus and make sure your computer has all the latest patches and updated malware databases.
4) Work with platforms that adhere to all security standards and operate under the oversight of a recognized regulator
Exchanges and crypto wallets themselves can also be broken into, so you need to choose secure platforms to store your assets. Exchanges that adhere to regulatory standards are by definition more secure. Users on these platforms can use two-factor authentication and aggregate signatures.
5) Maintain several backups of all important data, including data pertaining to crypto wallets
Your data may be corrupted in a hacking attack, and even if the hacker doesn’t gain access to your wallet or online account, you can end up without access to your assets. In the crypto world, that is no different from losing your funds, so be sure to save encrypted keys and login information in several places.
Featured image via Unsplash.