Digital currencies are becoming a common payment method among consumers worldwide. Bitcoin and other cryptocurrencies are quickly expanding its reach as people are increasingly trusting them to make payments, transfer money and even save it.
Yet, volatility and security remain two important aspects that people cannot ignore when considering cryptocurrencies. The introduction of so-called stablecoins has mitigated the risks for volatility, offering digital currencies pegged to stable fiat money, like the dollar, euro or pound.
As for security measures, there are plenty of things to consider. For example, the wallet service provider you’ve chosen to store your cryptocurrencies. Take a minute to ask yourself: does it provide protection for your funds? Are the accounts insured? What about 2FA verification?
While it’s only natural to blame others, it’s also important to keep an eye on our own behavior… Am I storing my private keys safely? Have I share private information with anyone? Who has access to my accounts? These are questions that cannot be ignored if you want to ensure your funds remain away from hacker’s hands in the long run.
The good news? One very useful way to enhance your account’s security is to understand how hackers can actually get access to your wallet. In the list below, we look at some of those methods:
1. Hacking your devices Physical wallets can be lost and stolen. And the same goes for digital wallets, especially those containing cryptocurrencies. Blockchain wallets consist of two keys:
Public key: similar to a bank account number you share to receive funds
Private key: sort of a security code used to withdraw funds
If your private key is stolen, it’s the equivalent of losing your credit or debit card with the PIN code written on the back of it. No need to explain what will happen to your account next. Keeping your private keys stored online, say, in a file on your computer isn’t really a wise idea. If hackers access your computer, they can easily find the file and use it. For that reason, security experts always suggest keeping a hard copy of your private keys. Since a piece of paper doesn’t seem like the most resilient way to storing your keys, it’s also a good idea to laminate it so that your morning coffee won’t ruin your financial stability. In some cases, hot wallet services like Crypterium, Wirex or Blockchain.com will store your private keys for you, saving you the trouble of handling it yourself. Obviously, you should only entrust your keys to respected providers such as the aforementioned. 2. Sending phishing emails Nowadays, we receive plenty of emails a day. Hackers know this and have the tools to leverage it against you. Email phishing consist of an email allegedly coming from a service you’re most likely familiar with, and asking you for data to complete certain operations. If you’re using a wallet service like Wirex, hackers could send an email impersonating a company representative and asking you to share some personal data, even your private keys. While some of you may realize an official representative will never ask for such information, others may fall into the trap and provide the information. Remember that private keys are like PIN codes. No official bank representative will call you or send you an email asking for such information. If you get a message of such kind, get in touch with official representatives and report the issue as soon as possible. 3. Installing keyloggers It’s all about the data. And hackers are constantly trying different ways to get hold of it. Keyloggers are malwares that record every seed, password and PIN introduced on your computer or mobile device and then transfer them to hackers. If the malware makes it to your device, then it becomes an easy gateway for hackers to access your private keys. But… how do they get into your device in the first place? Well, there are basically three ways you can get infected with a keylogger:
Email: make sure your antivirus system scans all attachments
Running an infected software from a specific website or torrent
Inserting an infected USB on your personal computer or device
4. Downloading fake wallets Hackers will go to any length to steal cryptocurrency, and fake wallets are a great example of how far they are willing to go. A recent study found several apps on Google App Store impersonating Trezor, a popular cryptocurrency wallet service. The examination concluded that the fake mobile apps masquerading the official wallet used similar names and included convincing marketing banners to not only trick users, but also receive a green light from Google’s platform and avoid getting banned.
A useful tip to avoid falling into this trap is downloading the app straight from the official website of the wallet service. The Crypterium Wallet, for instance, asks for your phone number to send you a safe link that takes you to the app store. 5. Impersonating a company or person Okay. Picture this: you are a small investor and you’ve been looking into a promising company in the cryptocurrency space. Suddenly, a representative from that company reaches out to tell you about an exclusive pre token sale offer. Sounds like a deal, right? Impersonating companies, cryptocurrency exchanges or people is one of the most common ways hackers rely on to gain access to your funds. Why? Let’s just say it’s easier to trick someone than a break into a computer system. In this particular case, impersonators aren’t interested in hacking your account, but simply stealing it. They will convince you to transfer an X number of bitcoins to specific addresses. More sophisticated hackers will create websites so that you can log in and visualize your “investment”. Then, ask you to share data to access certain perks, etc. 6. Attacking you with Trojans Similarly to keyloggers, Trojans can enter your computer and monitor your behavior, stealing anything that resembles a cryptocurrency private key. Trojans aren’t exactly a new thing, and most likely you already know how to prevent them from infecting your devices. Regular antivirus checks, downloading files from secure sources, etc. If a cryptocurrency Trojan gains access to your device and identify your keys, a hacker can easily wipe out your Bitcoin address in a matter of minutes without you even noticing. 7. Installing browser extensions From print screens to grammar checks, browser extensions make our lives easier in so many ways. But their hidden nature also makes a potential threat to our security. There’s been numerous reports of browser extensions that apart from delivering the expected service, also monitor and copy data for hackers. So the next time you give access to an extension, verify the company or developer behind it, and double check reviews online. 8. Bypassing two-factor authentication Two factor authentication, or 2FA, is an extra layer of security that trusted wallet providers like Crypterium use to ensure real users are behind certain transactions or operations. For example, if you want to withdraw funds from your account to an external wallet or bank card, you’ll be required to enter a security code sent to your specified email address or via text message. While this remains an extremely effective way to protect customers from unsolicited transactions and fraudulent activities, there’s been cases when hackers found ways to bypass 2FA. For that reason, it’s vital to always keep an eye on the notifications you receive. 9. Publishing fake advertisements Cryptocurrency companies don’t find it easy to advertise on Google, Facebook or Twitter. Only a few respected firms are allowed to do so. Yet, some fraudulent companies might find a way around and launch short-lived campaigns targeting people willing to buy or sell cryptocurrencies. A common red flag is the ridiculously competitive rates or fees offered by these services. As a general rule, always go with licensed companies instead of trying unknown providers. 10. Messing up your clipboard Retailers that accept direct cryptocurrency payments will usually share their wallet address on their website so that you can copy and paste it into your wallet to transfer money. But what if there’s a malware that messes up that simple operation and instead of pasting the retailer’s address, introduces a different one. You get the idea. That type of malware isn’t our invention. A program under the name CryptoShuffler has reportedly stolen over $150,000 by doing exactly that. The simplest way is to double check the address you are pasting, although it isn’t really an appealing task.