We’ve all read the headlines. ICO funding thefts have hardly been low profile. It’s curious, though, that what was labeled by so many as simply a vehicle for criminal misdoings should itself be the target of criminal activity. But as cryptocurrencies grow in value, it’s becoming clear that they’re not going away anytime soon. So, how can cryptocurrencies and their users ward off cybercriminals?
Hacking attacks are somewhat confusing to the public at large. On the one hand, people are used to hearing about the security of Bitcoin. About how it can’t be counterfeited like regular cash, making it much safer. On the other, it suddenly seems that digital money is deeply unsecure. If the blockchain technology it runs on is indeed as safe as they say it is, how come it’s subject to frequent hacking attacks?
While it’s impossible to counterfeit bitcoins, they can be stolen – and recovering stolen coins may never be possible. Paul Brody, global innovation blockchain leader at EY, adds, “Since digital contracts on blockchains are unbreakable and un-reversible, another clever trick is to get people to send their investment money or payments to the wrong address and then refuse to return the money.”
As long as something has value, it will always be a natural target for criminals. And while blockchain technology is inherently secure, secondary software built to service its users, such as wallets, custodial services, and exchanges, can be problematically unsecure.
Cryptocurrencies at Risk From Cybercriminals in Various Ways
Just as technology evolves, so too does the ingenuity of cybercriminals, and they’re coming up with a whole new bunch of tactics – from using fake accounts and luring victims under the guise of buying real cryptocurrencies, to ICO scam teams that disappear in the night after the crowdsale. Traditional cybercrime techniques are thrown into the mix as well, such as phishing attacks using fake websites and emails to extract sensitive information and hack online wallets.
According to a report by SecurityScorecard, a security ratings firm based in New York, a new trick is beginning to emerge. The latest weapon of choice is Man-in-the-Browser attacks (MitB) that are being used to steal cryptocurrency. The report found that Web Injects (a kind of MitB attack) have already been used to attack major websites, including blockchain.info and Coinbase.com.
What Can Cryptocurrency Users Do?
It’s hard to stay one step ahead of the cybercriminals, but there are a few things you can do to remain vigilant. According to SecurityScorecard, you should follow these basic steps to prevent becoming a victim:
- First of all, check the website’s source code. If it contains obfuscated code, it’s possible that you are infected and that you should not sign in.
- Check to see if the Enter key is disabled on the sign-in form keys. This is a quick way to check for hackers, since they often disable this key, forcing you to click the “sign-in” button, which then sets off the injected button callback.
- Check to see if the settings page is accessible, especially if you are using Coinbase. If you can’t access the settings page, there’s a possibility that you are infected.
- Always enable multi-factor authentication for every transaction. It might seem like an extra hassle, but it’s better than an empty wallet.
- If you’re using Blockchain and you get a “service unavailable” message as soon as you log in, you may have been compromised.
Cryptocurrency is still in its infancy, and there are many areas of the ecosystem that need greater development. Until then, be sensible with your online activity. You wouldn’t leave your wallet in a store while you went to run another errand, so don’t leave your virtual wallet alone and at risk either.
