There are a lot of ways, hackers can steal your stash of cryptocurrency, from phishing to crypto-jacking to key-logger attacks. In July 2018, Bleeping Computers identified malicious activity to defraud 2.3 Million BTC wallets. All of the wallets were under the threat of being hacked or hijacked. The malware that was used to achieve that was “clipboard hijackers.” It functioned in the clipboard and could replace and copy wallet data with one of the hackers while sending Bitcoin to other wallets. Kaspersky Lab had predicted such type of hacker attacks in 2017, and it did not take a long time until it became a reality. 

Nowadays, this is one of the most common types of attacks to steal the user’s cryptocurrency and information. About 20% of the total cryptocurrency hacking efforts are made on individual wallets and accounts. Kaspersky Lab’s report published in Cointelegraph said that criminals had stolen around $9 million through social media engineering and other hacking techniques.

There could be a chance that some undetectable program is running on your phone or laptop right now, copying your every single text, password, or any button you press on it. When these programs send back or change the stolen data, it becomes really easy for the hacker to gain full access to your wallet. Hackers use vulnerabilities that we do not notice. Here is how they manage to do it and how should we protect our wallets:

Slack Bots

Since 2017, there have been many reports of hackers using slack bots to steal cryptocurrency. These bots will send a notification to the user’s device and notify them about issues with their wallet. The goal of this is to get the user to click the notification and enter their private keys.

What to do against slack bots:

Report the immediately

Ignore the notifications

Crypto Trading Add-ons

To ease up your life and increase the productivity of your browser, people tend to install add-ons on them. The problem with add-ons is that they can be easily targeted by hacker attacks because they run on JavaScript. The extension could also have a hidden code that makes it mine cryptocurrency by using your computational power.

To avoid your add-ons from being targeted by websites:

  • Use Incognito mode
  • Use a different browser for your crypto-related work
  • Install protection services

Phishing and Social Engineering

Cybercriminals are stepping up their game to steal cryptocurrency from new users who do not know how to protect themselves. Even after banning such practices, fraudulent websites and ads are still on the rise. The hackers mimic reputable sites to squeeze private keys out of unexpecting users.

To avoid this:

Type the correct address of the exchange service website in the search bar.

Never trust or click on any Ads that offer free cryptocurrency.

Mining Botnets

To create a botnet, the hackers inject multiple PCs with malware which makes these PCs mine cryptocurrency or conduct other malicious actions. These malicious actions commonly are DDoS attacks or spreading the malware further, but recently hackers have stepped up their game by making it also mine cryptocurrency.

The best ways of avoiding this would be:

Having a really good anti-virus or malware protection software.

Avoid clicking on phishing links or downloading unknown files.

SMS Authentication

Most people nowadays have software-based 2FA authentication, but some still use SMS verification for their protection. By using the SS7 protocol hackers can tap into the messages being sent and get the codes and passwords. This is a major vulnerability in cellular networks.

To avoid this:

Do not use SMS verification.

Set up a software 2FA authenticator.

Keyloggers

Already for a long time keyloggers have been the hacker’s tool of choice to steal passwords and data from unexpecting users. They operate silently and just forward everything you type to the hacker’s computer. This makes them hard to notice and easy to use by hackers. Some keyloggers can be used for protection and safety, for example when monitoring your kids online, but tend to use more advanced types of keyloggers that will even manage to steal your private keys.

To avoid keylogger attacks:

Use a good antivirus software or malware protection.

Do not visit malicious websites and do not download suspicious files.

The worst news about this is that there is no noticeable decrease in hacker attacks, and if any change exists, it is only an increase in hacker attacks over time. There are websites that offer users and hackers to buy software to conduct such criminal activities for a mere price as low as $240.

The main question is: How does this malicious software get on our personal or work computers? On June 27th a program called All-Radio 4.27 was installed on many devices without getting noticed. The situation got more sticky when people were not able to remove it from their computers. It had given me a whole bucket of problems. It was later found out that the program was a hidden miner and was monitoring the clipboard for any valuable information. This malware was installed on the systems which had cracked games or OS versions. It is foolish to become a victim of such hacking attacks. According to www.kikero.ca there exist strict laws against crypto theft, but because of the base principles of blockchain, no hacker has ever been tracked down. In conclusion, remember that you should always know how to protect yourself online and how to prevent such things from happening and ruining your day.

Leave a Reply