Crypto | Cybersecurity
How to Protect Your Digital Assets
Photo by regularguy.eth on Unsplash
When investing in cryptocurrencies, the most important thing to know is how to maintain your crypto wallet safely. Once you deposit cryptocurrencies in your wallet, it is essential to remember that all types of cryptocurrency wallets, even the most secure hardware wallets (cold wallets), can be hacked and emptied.
Although blockchain technology produces a data structure with innate security qualities and the blockchain database is “virtually indestructible,” human error or physical device issues (i.e., social engineering and physical security) can still occur. The risks of crypto wallets vary from situation to situation and often change. As a 101 guide, I will explain the common reasons for the sudden disappearance of cryptocurrency inside the wallet.
Password-Stealing Malware
Password-stealing malware scans your computer or mobile device’s hard drive to steal your private key. You may allow malicious programs to invade your device when you browse suspicious websites, click on links provided by scammers, open unsafe email attachments, or download software from untrusted sources,
Suppose you do not enable two-factor authentication to protect your crypto wallet; in that case, hackers who manipulate malware can hack into your account in seconds and transfer assets instantly after they have obtained your private key. Therefore, enabling two-factor verification settings is one of the significant security measures to protect encrypted wallets.
Trojan Horse
Image by Russavia from Wikimedia
Trojans are another type of password-stealing malware, but instead of actually “stealing” our cryptocurrency, Trojans scan your hard drive for cryptocurrency holdings. The Trojan will then encrypt your hard drive and send you a ransomware email, threatening to format your hard drive if the ransom is not paid within a certain period. Unfortunately, even well-protected exchanges can still encounter these types of ransomware, and users are often only instructed to pay the ransom.
Exit Scam
Exit scams refer to exchanges, intermediaries, or investment advisor managers absconding with the money. This scam has been around for years, but now it’s also making its way into the cryptocurrency world. In the past, investment advisor managers or startup founders may have taken money from investors and absconded.
In cryptocurrency, exchanges may close after receiving users’ value-added assets. Managers or principals of cryptocurrency projects may complete projects after receiving the betting funds of an initial coin offering (ICO). However, compared with traditional fraud, it is more challenging to investigate and recover funds due to the decentralized and anonymous nature of cryptocurrency blockchain technology and the limited scope of supervision.
Exit scams frequently occur, such as the Confido incident in 2017, the LoopX incident in 2018, and the Yfdex incident in 2020. Therefore, before users start investing in cryptocurrencies, they must understand the relevant fraudulent methods to judge the authenticity of investing.
Reference:
1. In 2017, after the cryptocurrency startup Confido raised $375,000 in its initial token offering, the CEO and development team immediately lost contact and shut down all community platforms.
2. In 2018, the cryptocurrency startup LoopX Launched a series of initial token issuance activities, which raised a total of 4.5 million US dollars. After the last event, all the company’s community platform channels were closed without warning.
3. In 2020, liquidity pool Yfdex launched Defi projects and raised 2,000. After $10,000, all social platforms and project-related websites will be closed.
Phishing
Phishing attacks are usually carried out via email, messaging, or social media. For example, you may receive emails or messages asking you to perform specific actions, such as sending verification codes, passwords, credit card numbers, or other private information. However, these Emails are not sent by the official or sent messages with names similar to the official name (for example, sent in the name of “Binance” but the official name is “Binanze”).
They will use this information to steal your crypto assets. Please note that crypto exchanges will not require users to provide passwords. If someone claims that they need you to provide personal information and passwords, do not believe it and report it to us.
Device Lost
There are many reasons for lost assets, but one of the most common is losing a device such as a mobile device or laptop. A person who finds or steals the device may attempt to unlock it. If successful, they can access the crypto wallet assets stored on the device and the user’s bank account, email, password, community account, and other related assets — meaningful information about device binding.
How to Safely Protect Your Assets
- Do follow basic Internet security rules (i.e., cyber hygiene) when using the Internet, such as using strong passwords and updating them regularly, never browsing suspicious websites or clicking on suspicious links, not using free WiFi, and using Internet security tools such as antivirus software and VPNs, and Setting up two-factor authentication for all accounts, etc.
- Please remember that you are the weakest link in preserving the security of crypto assets because it is challenging to hack into the blockchain to obtain passwords or to crack the security system of a website, which is usually incomprehensible for ordinary hackers to do. Therefore, criminals contact or send fake links to you by pretending to be someone you can trust.
- Stealing identities is easier than hacking. Therefore, be sure to review and confirm every notification you receive carefully. Careful sailing and alertness can help you avoid cryptocurrency scammers, exchanges that may disappear from thin air anytime, phishing emails and messages, and more.
- In addition, it is necessary to carefully choose the download source of software and applications from official websites and stores, such as Apple’s App Store and Google Play Store. Although the Google Play Store is considered to be the primary source of Andriod malware, this official platform still has a particular Censorship mechanism, so the programs listed here are still more credible than other download sources) downloading is a safer choice.
- If a reminder window appears when you browse a website or download a program, please read the reminder carefully and consider whether to continue browsing the website or downloading the program.
- Given the risks mentioned above and scams, using a hardware cold wallet such as Ledger Nano S or Trezor to store cryptocurrency assets is still the safest option. As long as your cold wallet is not connected to the Internet, hackers cannot reach your wallet and launch an attack. Additionally, hackers cannot obtain your private key without an internet connection, even if you encounter a phishing attack or download a Trojan horse.
The only way to hack a hardware wallet is to obtain it (by stealing it) and use it with a password.
Final Words
Personal use behavior has a considerable impact on maintaining the security of your crypto assets, so continuing to learn about crypto security-related topics and paying attention to the latest information will help you reduce the chance of encountering hacker attacks and scams.
Further Reading: Protect Your Digital Identity — Level One (Mobile)
Thank you for reading. May InfoSec be with you🖖.