News of hacks to exchanges and digital wallets is frequent. The main thing is to choose a secure exchange that stores the coins on servers outside the network so that they cannot be hacked.
There are many cryptocurrency scams that you can be a victim of. It is not enough to not deposit in trusted sites, they could impersonate you or hack your accounts.
But even in these secure exchanges, you can be a victim of impersonation, if they get your passwords through your email for example.
That is why they develop multiple security measures such as two-factor authorization (2FA), account verifications, and even the paralysis of transfers during days.
Find out how to configure your exchanges correctly and which mail and browsers are more secure.
The information security company outlines the top attacks on virtual wallets over the past year and tips for protecting them.
Electronic money is a type of alternative currency that does not depend on a central bank or regulatory entities of the national states. They are being used more and more frequently to pay for various products and services, appealing to both personal users and cybercriminals. ESET, a provider of threat security solutions, shared an analysis of the most important attacks that these cryptocurrencies suffered in 2017 and provides tips to protect them for the future.
“During 2017, cyberattacks against infrastructure providers were identified, including high-profile theft of users’ virtual assets. In addition to targeting online coin providers, trade and mining exchanges, and other related services, attackers are also targeting investors and industry employees, ”said Denise Giusto Bilic, IT Security Specialist at ESET Latin America.
The ESET Latin America Research Laboratory analyzed some of the most notable cybersecurity incidents that occurred in the cryptocurrency market, given that the enthusiasm for its success, yielded a revenue of $ 4 billion at the beginning of last year, created a scenario perfect for cybercrime:
- Targeted attacks: In February, the home computer of an employee of the South Korean exchange of bitcoin and ether, Bithumb, one of the most important in the world, was attacked. The data of more than 30,000 customers were compromised, being used for bitcoin diversion hoaxes above a million dollars.
- Hoaxes: Some $ 7.4 million ether, a currency similar to bitcoin, was stolen from investors, tricking them into sending their electronic money to a false address. The same happened with potential investors in Enigma, an Ethereum platform, where they were tricked into sending $ 500,000 in ‘cryptocurrency’ with ‘early sale’ tokens to the attackers’ account.
- Security Cracks: Another well-known attack involved a coding flaw in Parity, an Ethereum wallet, which facilitated the theft of around 150,000 cryptocurrency tokens. The value at that time was more than $ 30 million.
- Social Engineering: At the end of the year, the payment system of a Slovenian-based cryptocurrency mining market was looted, an equivalent of $ 64 million was stolen. The company described the breach as a “professional attack with sophisticated social engineering.”
“Virtual currencies seek to obtain money from increasingly broad sectors of society. The deceptions are made to catch the reckless, especially those users who do not have the most adequate security measures. It remains to be seen how, in the long run, the number of risks inherent in these new currencies, the fundamental security challenges they face, and increasingly stringent regulations turn out for virtual ‘money and its fan base. Unless the countless security concerns are addressed, more and more people will be involved with this currency who will have to face the various risks along the way, ”added Giusto Bilic.
Recommendations to avoid losing assets in cryptocurrencies
In this context, ESET developed the following tips to protect virtual wallets:
- Use a Bitcoin client. Regarding privacy, in addition to hiding the IP address, you can use a Bitcoin client that allows you to change to a new address with each operation. Also, transactions can be categorically separated into different wallets, according to their importance: a recommended practice is to keep a wallet for everyday transactions with small amounts, to recharge it when necessary.
- Protect identity. Be careful when sharing transaction data in public spaces to avoid revealing the identity together with the Bitcoin address.
- Use a “custody service.” When it is necessary to make a purchase/sale and you are not sure who is on the other side, you can use an “escrow service”. In these cases, the person who must make the payment sends their bitcoins to the custody service, while they wait to receive the item they requested. The seller knows that his money is safe in the custodian and sends the agreed item. When the buyer receives the merchandise, he notifies the situation to the custodian so that he can complete the purchase.
- Make a backup of the virtual wallet and encrypt it. When it comes to physical stores, like any critical backup policy, it is recommended to perform frequent updates, use different media and locations, and keep them encrypted.
- Avoid using wallets on mobile devices. Especially when it comes to large sums of money, using mobile devices should be avoided as these can be lost and/or compromised. Furthermore, in these cases, it is preferable to keep the wallet on computers without any type of Internet connection.
- Consider using multiple signature addresses. In the case of corporate transactions or those that require a high degree of security, it is possible to use multiple signature addresses, which involve the use of more than one key, usually stored on remote computers in the possession of authorized personnel. In this way, an attacker will need to compromise all the computers on which the keys are located, to later steal the bitcoins, which will make his task difficult.
- Delete a virtual wallet when it is no longer used. Deleting a virtual wallet when it is no longer useful requires a careful process to verify that it has indeed been destroyed. It is necessary to take the trouble to locate any possible copy that may have been created, by user or system action, and carry out this same process.