Bitcoin Holders Beware: From Phishing to Fakes, Here Are th... - Jonathan Cartu Internet, Mobile & Application Software Corporation
post-template-default,single,single-post,postid-1561,single-format-standard,qode-quick-links-1.0,ajax_fade,page_not_loaded,,qode_grid_1300,qode-theme-ver-11.2,qode-theme-bridge,wpb-js-composer js-comp-ver-5.2.1,vc_responsive

Bitcoin Holders Beware: From Phishing to Fakes, Here Are th…

Bitcoin Holders Beware: From Phishing to Fakes, Here Are th…

HodlX Guest Post  Submit Your Post


Despite the significant growth of Bitcoin and other cryptocurrency prices in 2020, the amount of stolen cryptocurrency as a result of hacks is actually less than in 2019. According to a Ciphertrace report,​ the total amount of stolen funds equaled an estimated $468 million.

Most of the attacks in 2020 were made on DeFi projects, which speaks to the immaturity of this fast-growing segment. Nevertheless, the number of stolen cryptocurrencies from centralized services are still much higher. For example, as a result of the ​Kucoin hack,​ cryptocurrency was stolen in the equivalent of $275 million. DeFi hacks make up roughly 21% of the 2020 cryptocurrency hack and theft volume.

Nevertheless, hackers attack not just cryptocurrency platforms but also users. Every day, stories are published on the internet about how hackers stole a user’s cryptocurrency by gaining access to their wallet or exchange account. Some users have no idea how high the risk of hacking their account or wallet can be.

Described in this article are the five most popular ways users can lose their crypto.

Fake phishing websites

Phishing is a type of social engineering attack often used to steal user data, including mnemonic phrases, private keys and cryptocurrency platforms’ login credentials. Typically, phishing attacks make use of fraudulent emails that convince the user to enter sensitive information into a fraudulent website. The recipient is then tricked into clicking on a malicious link, which can lead to a phishing website or the installation of malware.

The simplest example of a successful phishing attack was t​he MyEtherWallet case​ from 2017. The cyber-criminals sent an email to the potential customer base of MyEtherWallet users and announced that they needed to synchronize their wallet to comply with the Ethereum hard fork. After clicking on the link, the user was taken to a phishing website that looked legit but contained an additional, barely noticeable character in the URL. Inattentive users entered their secret phrases, private keys and wallet passwords, thereby providing their data to attackers and losing their cryptocurrency.

The latest example of this was a successful ​attack on Ledger​ wallet users. The scam used a phishing email, directing users to a fake version of the Ledger website that substituted a homoglyph in the URL as in the previous case with MyEtherWallet. On the fake website, unsuspecting users were fooled into downloading malware posing as a security update, which then drained the balance from their Ledger wallet. From this example follows the conclusion that even hardware wallet users are not protected from phishing attacks.

Similar attacks were performed on cryptocurrency exchange users. That is, users would receive a letter with the link to a website that is identical to the original one but with a slightly modified URL. Thus, attackers steal usernames and passwords, and under certain conditions, they can steal cryptocurrency from an exchange wallet. Nevertheless, users have the opportunity to defend themselves even in a successful attack case, since exchanges offer additional protection tools.

API key theft

Some traders use trade automation tools called “trading bots.” With this type of software, a user must create API keys and allow certain permissions so that the bot can interact with their funds.

Commonly when a user creates an API key, the exchange asks for the following permissions.

  • View – allows viewing any data related to a user account, such as trading history, order history, withdrawal history, balance, certain user data, etc.
  • Trading – allows the placement and cancellation of orders.
  • Withdrawal – allows the withdrawal of funds.
  • IP whitelist – allows performance of any operations only from specified IP addresses.

For trading bot API keys, the exchange must have the view, trading and sometimes withdrawal permissions.

There are different ways for hackers to steal users’ API keys. For example, cyber-criminals often create malicious “high-profit” trading bots, available free of charge, to lure a user into entering their API keys. If the API key has the right to withdraw without IP restriction, hackers may instantly withdraw all cryptocurrency from the user’s balance.

According to the ​Binance official​ commentary, 7,000 Bitcoin hacks became possible after hackers gathered API keys, 2FA and other data.

Even without withdrawal permission, hackers may steal users’ cryptocurrency with a pump strategy, a certain low liquidity cryptocurrency trading pair. The most common examples of such attacks are t​he Viacoin pump​ and t​he Syscoin pump.​ Hackers have accumulated these cryptocurrencies and sold them at significantly overpriced rates during a pump using user funds.

Downloaded file exploits

There are a lot of zero-day and one-day exploits for Microsoft Word, Microsoft Excel and Adobe products that guarantee antivirus products will not detect malware and grant malicious actors full access to victim workstations and internal infrastructure.

Zero-day is a flaw in the software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term “zero-day” may refer to the vulnerability itself, or an attack that has zero days between the time in which the vulnerability is discovered and the first attack. Once a zero-day vulnerability has been made public, it is known as an “n-day,” or “one-day” vulnerability. After a vulnerability is detected in the software, the process of developing malicious code begins, using the detected vulnerability to infect individual computers or computer networks. The most well-known malware that exploits the zero-day vulnerability in software is the ​WannaCry ransomware​ worm, a virus that extorted bitcoins for decryption.

However, there are many other malware programs that may gain access to users’ cryptocurrency wallets, as well as cryptocurrency exchange applications using zero-day exploits. The most widely known case of such an attack in recent years was the ​WhatsApp exploit; as a result, attackers were able to collect data from users’ crypto wallets.

Malicious platforms

Due to the active growth of the market, DeFi scammers are constantly launching new projects that are almost exact…


Software Development CEO Jonathan Cartu

Source link

No Comments

Post A Comment