There can be no bigger cases of security being compromised in the crypto universe other than hacks. From time to time, there can be a lot of them – whether small or large. While some of the biggest cases might have made it into the news (think Coincheck with $534 million stolen), the smaller ones might go unheard of. Below we take a look at various ways that a crypto wallet can be hacked, and what you can do to help prevent money from being stolen from your account.
While usually all the hacks stealing money away from individual users’ wallets take advantage of their private key, they can come in various forms:
If you hold your private keys and recovery phrases on a piece of paper, that doesn’t mean it’s completely safe. What matters is not that you have a paper wallet – in the form of it being printed/handwritten – but how you store it safely and securely. Don’t just leave it lying around, or even have it with you wherever you go. If, by any chance, someone who comes upon it understands what it is, they could easily hack your wallet by using your private key. With just a few clicks, they would be able to instantaneously send your crypto assets to their own wallet. If you’re a paper wallet user, store the paper that contains the details of your wallet in a secure place, such as a safe.
Fishy crypto add-ons
Not all add-ons designed for cryptocurrencies are safe. Earlier in September 2018, MEGA Chrome Extension, that aims to provide faster page loading times and a secure cloud storage service, was compromised. It ended up extracting users’ private keys if they logged in to MyMonero/MyEtherWallet by using a browser with the said extension installed. This led to a harsh response from Google: they decided to remove the add-on from their store and disable it for users who have already installed it. Thus, before you install any crypto-related add ons, do your due diligence and perform research on your preferred extensions first.
Compromised public WiFi
And yes, this goes especially to you who love working in public spaces. An attack named KRACK (“Key Reinstallation Attack”) can reconnect devices of WiFi users to a network controlled by hackers. Thus, if at any point you send any personal details (which may include details of your crypto wallet), hackers can easily download and access them to steal your digital assets. While various attempts have been tried to guard against this vulnerability, the KRACK is still active, with the latest log of its infestation recorded in October 2018. Thus, what we recommend here is to avoid logging in to public WiFi networks altogether if you’re about to send and/or access any sensitive information.
Clones and phishing
Nope, we’re not talking about clones such as Dolly the Sheep. Rather, the clones here are imitating legit crypto websites, or even Twitter accounts of famous crypto figures, creating phishing attacks. They come in many varieties, and just for a quick example, you can try logging in to Twitter. Various accounts of people like Vitalik Buterin, the founder of Ethereum, have been impersonated by hackers (Elon Musk even got his hacked). While the people/websites that hackers are impersonating or imitating may vary, the usual modus operandi is that they promise crypto users some bigger amount of crypto assets, in exchange for them to send a certain amount of their own assets first to the wallet address provided by the hackers. What we can suggest here is a bit of common sense: think – who would want to suffer a loss by sending more money than they receive? If you ever see any kind of offer like this, stay away. It’s better not to gain any money than to lose all of it.
Cryptojacking through malwares
There were 2.9 million cases of cryptojacking recorded in the first quarter of 2018 alone. This is an increase of 625% compared to the last quarter of 2017. Cryptojacking itself is basically planting a malware that performs hidden mining by using users’ computational power. At times, the malware may come equipped with the ability to also read your personal information, including details of your crypto wallets that you may store in your computer. Thus, you’re at double risk: not only is your computer being used for free by the hackers, but they could – at any time – send your crypto assets over to their own wallet. To prevent this, have some legit, good, antivirus and antimalware software. Avoid installing software from unverified sources altogether whenever possible.
Other measures you can do.
There are other general things that you can do to ensure the security of your wallets.
- Avoid exchanges’ wallets. Whenever possible, try not to use exchanges as your personal stash of crypto wealth. This is because you – despite the degree of trust you might hold on them – still are not 100% in control of what’s happening in the day-to-day operations of crypto exchanges.
- Use only the most secure of wallets with up-to-date multi-security measures. When choosing your wallets, always take your time and do your own research. Opt for the one that implements only the best, most up-to-date security measures.
At the end of the day, everything comes back to you as the wallet holder. At the rate of tech development these days, we can be hopeful that new innovations that help us store our crypto assets even more securely will come along (while hackers’ technology also continues to grow). Check out our digital wallet app that’s guaranteed to be secure and advanced, BCMY. We also have multiple digital assets, such as our gold and blockchain-based DinarCoins that provide you with the stability, investing, and hedging aspects of gold, with the speed and flexibility of the blockchain.