Protecting your crypto from hackers

9 min readAug 7, 2021

With the advent of cryptocurrencies, we no longer need a bank or a financial institution to hold our savings. No more choosing and comparing payment systems for money transfers across the globe, no more experiencing the fear of losing funds due to your bank’s collapse or if the country plunges into the abyss of an economic crisis.

On the flipside, with great power comes great responsibility. The owner of digital assets is now responsible for their own security. Access to cryptocurrency can be lost forever, along with the wallet’s keys and a passphrase, leading to unthinkable disAster.

Unlike years past, people rarely throw away their hard drives storing large quantities of bitcoin by accident. Much more often, cryptocurrency owners suffer at the hands of hackers who stole about $13.6 billion in digital assets from companies and individuals in just 10 years.

Let’s take a look at the most popular ways hackers operate, and how to protect yourself from the risk of losses.

Social engineering and phishing are present in most cryptocurrency thefts

In most cases, hackers do not need to use sophisticated viruses to attack computers, cell phones, or other devices where owners store bitcoin or altcoins. More often than one can expect, victims themselves give up wallet seed phrases which allows hackers to quickly and easily get access to a user’s cryptocurrency stored in any type of wallet.

The most popular way to gain access to the secret phrase is through various promises of additional benefits. Hackers use the same attack pattern, sending emails or personal messages through messengers and social networks with an offer to transfer a small amount in cryptocurrency to a specified wallet. In return, they promise to multiply the received amount.

Such a scheme is still used by hackers today despite being exposed a multitude of times in the press. People “buy” the trick as the promise seems plausible due to the presence of their personal data in the letter or the announcement of airdrop from a notable celebrity.

Fraudsters often mention real events in their emails to make the message sound more probable: an upcoming blockchain update, a development milestone, etc.

For example, German citizens were sent messages, allegedly from Elon Musk, with an offer to buy Tesla for bitcoins at a considerable discount. The event was timed to coincide with the opening of the Tesla Gigafactory in Germany.

The letter contained a demand for immediate prepayment in BTC. Users should have known that Tesla had sold cars on prepayment terms before, but electric vehicles were never discounted. Hackers have also hacked celebrity social media accounts to send messages to unsuspecting victims. The largest known attack was carried out on Twitter in mid-July 2020 when even Donald Trump’s account was hacked. Users who received the malicious emails sent the hackers $118,000 having bought a promise to double their investments.

Sometimes hackers do not stop there. They contact a person who transferred cryptocurrency, asking for the seed phrase, hiding behind some plausible explanation: the need for verification, connection to a smart contract, etc.

These schemes still work because there are still many newcomers among crypto-users, and these types of requests often do not raise doubts among inexperienced investors. In the end, investors can lose all of their cryptocurrency holdings without any way to fight back.

How to avoid such attacks?

Follow two simple rules

There are no airdrops on the cryptocurrency market, requiring the participant to pay in advance.
Never share your seed phrase with anyone for any reason! Your wallet seed phrase restores access to funds.

Phishing is the most widespread and subtle method of acquiring seed phrases and passwords

In the broadest sense, phishing is any method of obtaining personal information and data. Hackers are improving their phishing methods to such an extent that it’s hard for a cryptocurrency owner not to fall for their bait.

The most common phishing attack vector is to lure the wallet owner to a fake website that fully replicates the looks and features of popular crypto projects. These fakes are sometimes indistinguishable, making it almost impossible to tell for novice crypto users. Let’s look at ways fraudsters lure users onto such websites:

Similar address

Hackers open sites with consonant names to crypto sites with which they are familiar, however, letters are mixed up, or one of them is replaced with a symbol, such as replacing a Latin letter with a Cyrillic one. For example 3commas.io and Зcommas.io look similar, but the latter URL contains a Cyrillic letter “З” instead of a number “3”.

Malicious links

Malicious links appear in emails or personal messages asking the recipient to click the link. For example, the message indicates that the wallet account of an exchange has been hacked, requiring immediate actions from the trader.

DNS address hijacking

Such an attack is the hardest to recognize by the user. Messages come directly to the wallet and therefore are harder to flag for distrust.

Google ads or app stores

Hackers use ads to promote phishing sites to the top of search queries, or place malicious wallets on Google Play. Sometimes you may even see non-existent mobile apps from real developers end up in the app store.

Phishing messages on behalf of cryptocurrency exchanges

Hackers often create look-alike email addresses to reach out to the users and trick them into giving up sensitive information.

How to protect yourself from phishing?

It is worth admitting that the sophistication of phishing attacks leaves little chance for the wallet owner to protect themself. Of course, they should carefully check the addresses of visited sites, but the most effective method of protection should be a reminder to never share your seed phrase at someone else’s request. You could also check whether any malicious activity is associated with the website you are requested to visit. VirusTotal is one of the most well known tools for this.

The biggest damage is caused by DNS-address hijacking, where attackers manage to convince the user that it is mandatory to enter the seed phrase due to the hack or a wallet update.

Regardless of how convincing and urgent the messages look, make sure you confirm the mentioned facts through the official developer’s website. Perceive all links as malicious and only download updates from official sources.

Cryptocurrency can be lost when downloading a malicious application from Google Play. Launching any new wallet and importing your keys will require the owner to provide a seed phrase. The moment it is entered, it will become available to the hacker.

To protect yourself from phishing apps, only download apps using links from official websites.

Phishing emails on behalf of exchanges are one of many complex and effective methods used by hackers. Attackers often create an email address that phonetically resembles an address belonging to the authentic service provider. The client receives an email from the existing (but hacked) Help Desk or from a similarly-looking address.

A simple attack will contain a warning about the hack and a request to send the password. A more professional attacker will try to direct the client to a phishing page where he will give up his password on his own volition when he fills in fields with account information.

Only additional protection of the trading account may help avoid such attacks. Traders must activate two-factor authentication, as well as geographical binding or binding to the device that is used for trading.

Exceptional security measures in case of hard forks and token migration

The cryptocurrency market is constantly undergoing frequent updates of blockchain code and smart contracts. This can lead to hard forks which are not backward compatible, so the owners of digital currencies have to migrate to a new chain or protocol, exchanging “old” coins for upgraded versions.

In this case, the entry of a seed phrase may be necessary. Hackers take advantage of this, flooding the web with malicious links on behalf of developers who conduct a hard fork. The complexity of the migration process sometimes pushes cryptocurrency investors into the hands of cybercriminals. In this case, the loss of the deposit is guaranteed, while the requirement to enter the seed phrase does not raise suspicions.

Protecting yourself from cryptocurrency loss during token migration and hard forks

If an altcoin owner has technical difficulties and does not understand the process of migrating to a new smart contract or chain, he can entrust this process to an exchange. Search the developers’ website for a list of cryptocurrency exchanges that support the upcoming hard fork and place your deposit on one of these exchanges.

The exchange concentrates all digital assets on a particular wallet from which it will independently conduct the upgrade process. The client will only have to download a new version of the wallet from the developers’ website (if necessary) and withdraw digital assets from the exchange account.

Cryptocurrency exchanges and custodian wallets leak databases

Many investors place their digital assets on exchanges or use custodian services — companies that take over the storage of secret keys and seed phrases. This form of deposit storage creates the risk of unambiguous loss of cryptocurrency in the event of a technical failure or hacker attack.

In this case, the owner can not defend himself, but the company often compensates and recovers these losses. Not all hacker attacks lead to loss of deposits, which exchanges and custodian wallets try to protect reliably. Sadly, users’ personal data often gets leaked.

Leaks are dangerous because users often use the same password for multiple accounts. Knowing this, hackers can use the received email address and phone number to search databases of all exchanges and withdraw funds without hacking into the account.

Protecting an account while using an exchange or custodial service

The complexity of the password is the client’s area of responsibility. A crypto service will not reimburse deposits withdrawn using the real password.

Complex, unique passwords with letters, numbers, and symbols, at least 8 characters long, will help protect the user from having their account hacked.

Two-factor authentication and any additional anti-fraud settings should be utilized. For example, geographic location or binding to certain devices will save funds from unauthorized withdrawal, even if the password is obtained by a hacker.

Computer viruses

With the advent and rise of cryptocurrencies, computer virus developers have gained a reliable and relatively safe source of enrichment. Attackers use the fact that regulation of digital currencies in many countries’ legislation is in the grey zone, and an attack on a personal wallet will not be investigated as thoroughly as a bank account hack.

As a result, most viruses are focused on infecting computers in order to find programs and exchange applications related to digital currencies. Some viruses have a complex composition in the form of hidden mining programs and various malware that an ordinary anti-virus would not notice.

The dangers of an infected computer:

CPU degradation due to stealth mining
Spoofing of recipient’s wallet address
Remote control of the computer, which can lead to a loss of password files
Scanning the clipboard to steal exchange account email and password info

Protecting oneself from a computer virus

The standard recommendations for protection against computer viruses perfectly fit the owner of cryptocurrencies: do not download pirated software, check sites for phishing, filter emails, treat links with caution, etc.

Additional protection is required against hidden mining programs. Such solutions are already offered by Microsoft and a number of IT firms widely known for their cybersecurity achievements, like Trend Micro’s XGen Security.

The ideal option to protect against any attacks today is to keep cryptocurrency in cold storage, such as a specialized hardware device. These wallets often resemble a flash drive and have their own security chip. In addition, cold wallets are not connected to the internet. All online transactions are conducted in a special application, which protects the deposit from external attacks.

SIM swapping

Leaked databases of various cryptocurrency exchanges give hackers access to customer phone numbers and balances. Attackers can attempt to use SIM swapping to gain access to the victim’s exchange accounts.

Hackers only need to convince the mobile operator to reissue a SIM card with the same number, which unfortunately is not difficult to accomplish. In this case, they will be able to receive SMS codes, reset passwords, gain access to the custodian wallets, and block the owner’s ability to withdraw the funds.

Protecting yourself from SIM swapping

The account owner should not tie additional verification steps to their cell phone number. Instead, choose the option to receive confirmation of all cryptocurrency transfers via email.

Another option is to use a pin code for financial transactions. In that case, the attacker will not be able to withdraw funds. Lastly, your mobile number is not the only option for two-factor authentication; use another solution for two-factor authentication that is safer(Google Authenticator, YubiKey).

Conclusion

As of today, hardware wallets are the most reliable devices to protect cryptocurrency from hackers. Placing cryptocurrency deposits on exchanges or with custodians carries a potential risk of losing your funds. 2FA, additional pin codes, and binding to specific devices can help reduce these risks.

The cryptocurrency owner’s negligence remains the main reason for losses. Do not trust unknown messages, messages promising to double your investments, and links received via email unless they come from trusted sources. And always remember to constantly update software and applications in a timely manner to avoid becoming a victim of “internal” attacks on wallets.