A McAfee report, "The Hidden Costs of Cybercrime," states that over $4 billion in cryptocurrencywas stolen and nearly $1.4 billion was stolen in the first five months of 2020. While cryptocurrency is growing in popularity among today's investors, it has also become a lucrative resource for threat actors. Keep reading to discover common ways hackers steal crypto, some tips to protect crypto, and a recent example to shed some light on the importance of following security best practices when buying and selling via blockchain exchange networks.
How Hackers Steal Crypto
Hackers use two main methods to steal crypto – stealing it directly or tricking users into giving the digital money to them. When individuals or businesses want to invest in cryptocurrency, they typically do this through a blockchain exchange. This process involves creating an account and depositing currency into the account, converted into a desired digital currency. Cryptocurrency is usually held in a custodial wallet, in which the exchange is the only one with access to the private keys that control and store the crypto.
Like traditional banks only holding a limited amount of cash deposits, blockchain exchange networks will only hold enough crypto in "hot" wallets to assist with customer transactions. Hot wallets are designed to store crypto online, while cold wallets store private keys offline, which are necessary to access cryptocurrency.
Unlike centralized banks, current governments lack the financial protocols to guarantee crypto deposits if an exchange is shut down. When cyberattacks strike an exchange, crypto users are generally out of luck if their digital investments are lost or stolen. The nature of blockchain networks makes it nearly impossible to trace the individual or group of hackers responsible for stealing the funds.
Common Types of Crypto Scams
While there are several types of crypto scams, the following are most commonly observed according to the Australian Competition and Consumer Commission's (ACCC) 2022 edition of the Little Black Book of Scams.
1. Email Phishing
This is when a scammer sends unsolicited emails requesting a user's login credentials to a crypto account. The hacker may offer rewards in exchange for a deposit to gain unauthorized access to a person's digital investments.
2. Investment Scams
Investment scams involve a hacker creating a fake version of a real crypto trading platform. To convince users that the platform is legit, they may post fake ads on social media that make it seem like a credible opportunity. There may be numerous scammers tasked with contacting individuals about the crypto investments for larger-scale hacking attempts. Once they receive crypto deposits, the hackers may allow victims to trade crypto. However, they will likely not be able to withdraw their investment earnings due to additional fees, taxes, or waiting periods designed to prevent users from realizing they have been scammed.
3. Romance Scams
Romance scams involve hackers creating fake profiles and matches with targeted users on dating apps or websites. Once they start communicating with the victims, they may request crypto funds needed due to emergencies, such as medical expenses. Or the scammers may take a different approach by trying to convince the victims to join them in trading cryptocurrency. If the victims do not have a cryptocurrency account, the hackers may offer advice on how to do this. The hackers may also recommend the individuals to download and install remote access software on their devices, giving scammers access to victims' digital investment accounts.
How to Protect Crypto from Hackers
Let's look at a few security best practices for investing in and managing cryptocurrency.
1. Use Cold Wallets
Cold wallets securely store crypto coins offline via a physical hardware device similar to a USB drive. These wallets are linked to a private, encrypted key, which consists of a piece of code that allows the user to decrypt the wallet and access their stored digital assets. These physical wallets are a safer alternative to hot wallets and less prone to cyberattacks. Of course, cold wallets have a drawback too. If a user loses their password to the wallet, they can lose access to their crypto.
Hot wallets allow users to access and use their funds via the internet quickly. However, these online wallets have a significant downside: they are prone to cyberattacks. For example, if a hacker gains access to a user's investment account, they can then steal all of a person's funds with this online storage method. One of many examples is a largescale attack on the Japanese exchange called BITpoint in 2019. This exchange reported that $32 million in various hot wallets were illegally withdrawn, a hack affecting over 50,000 users. BITpoint noted that users with cold wallets and cash holdings were not impacted.
2. VPNs Are Your Friend
When handling crypto investments, it's a good idea to use a secure private internet connection rather than a public Wi-Fi network. A virtual private network (VPN) is a technology that encrypts a user's online traffic, thus changing their IP address and location. Indeed, VPNs are an easy solution to help shield users' online data and browsing activity from third parties, including hackers.
3. Secure Your Devices
It's considered a security best practice for users to secure their personal devices. This practice involves various steps, including implementing system updates and installing strong anti-virus and firewall protections. While these steps aren't enough on their own, they are an essential layer of defense for digital investors.
4. Update Your Passwords Regularly
Did you know 51 percent of people use the same password for personal and professional accounts? While this may initially seem convenient, it quickly becomes inconvenient when a threat actor cracks a user's password and compromises their data. Indeed, it's crucial to use strong, complex passwords unique for each account. This may be a hassle, so it's helpful to use password managers or single sign-on (SSO) to manage dozens to hundreds of login credentials. Additionally, it's recommended to enable two-factor authentication (2FA) or multi-factor authentication (MFA) for additional layers of security, making it more difficult for hackers to gain unauthorized access to crypto exchange accounts.
5. Be Aware of Phishing Scams
As mentioned above, phishing scams are a common method to steal users' cryptocurrency. It's recommended that users use caution when opening unfamiliar emails and ads that are suspicious or unexpected. Today's hackers are becoming more sophisticated as they research and plan out their attacks. For example, they may research a blockchain exchange's employees and executives, finding their email addresses and job titles. With this information, they can execute bogus emails to convince customers to click malicious links, enter their login information or keys, and thus, hand over all of their digital assets in just a few clicks.
On January 17 of this year, Crypto.com revealed that a recent hack led to over $15 million worth of ETH, $19 million of BTC, and $66,200 in other cryptocurrencies. This cyberattack impacted only 483 of their users but resulted in more than $34 million in total losses. The company discovered that the hacker could bypass the required 2FA tokens and approve crypto transactions via users' accounts. While 2FA is a helpful resource, multi-factor authentication offers additional security for protecting users' digital assets and personal information.
As one of the world's largest crypto exchanges, this platform is a lucrative target among threat actors. While it would be nice if data breaches didn't exist, the reality is that they will continue as long as there is sensitive data and assets worth stealing or exposing. We hope you found this week's article helpful that discussed some common ways hackers steal crypto, tips to keep your digital assets safe, and an example to help illustrate the importance of implementing holistic security. It's not enough to use one security solution – your customers deserve 24/7 data protection and security. In addition to using cold wallets, maintaining secure devices, and creating strong passwords, it's also essential to protect your customers' data from theft. One solution is tokenization, which replaces original data, from credit card numbers to bank account numbers, with randomly generated numbers called tokens. This tokenized data can then be used to store, manage, and handle crypto via blockchain platforms like Coinbase. Unlike encryption, these tokens are irreversible and indecipherable, making it an effective approach to protecting cryptocurrencies. If you are interested in learning more about tokenization, contact TokenEx today to find out how we can help meet your business needs, maintain critical business operations, and help keep your digital assets safe.