Top Cryptocurrency Security Threats All Bitcoin Investors Should Know For Own Safety

Taking A Look At The Security Threats Which Every Crypto Investor Should Be Aware Of

Security threats have been plaguing the crypto ecosystem since it started to exist, however, it has become a nuisance in the recent days. Here is a list of 6 vectors that you should not only be aware of but also calibrate your online activities defensively.

Command And Control Attacks

There are numerous advanced persistent threats (APTs) that can be and have been used to steal crypto, with command and control attacks not the least among them. C&C attacks involve hackers sneaking malicious executable files into victims’ computers in order to scrape things like passwords, logins, IP addresses, and more. Such data can then be used to compromise exchange accounts, for example. This is commonly committed amid spear phishing campaigns.

Keyloggers

Insidiously simple and effective, keylogging, also known as keystroke capturing, involves the deployment of malware or even hardware that tracks all the keystrokes entered into a given device. The idea is to collect passwords and credentials that can lead to wallet compromises, e.g. Keystore file passwords that some use to secure assets on MyEtherWallet and MyCrypto.

Screen Scrapers

Likewise but through a different means, screen scraper software can be used to extract the pixels displayed on the screens of victims’ devices. If there’s sensitive data up when a screen is scraped, that’s the attackers’ way in. The majority of APT attacks use a “malware cocktail” of coordinated screen scrapers, keyloggers, and C&C attacks.

SIM Swaps

A succession of SIM swaps have hit the space in 2018 — the attack vector involves malicious agents altering victims’ passwords to compromise phone numbers and emails that are used to access crypto exchange accounts. The threat started to seriously gain attention in the space after a flurry of high-profile SIM swaps at some of this year’s earlier cryptocurrency conferences made the topic unavoidable. Notably, in August crypto entrepreneur Michael Terpin hit AT&T with a $224 million lawsuit arguing that the telecom titan didn’t do enough to prevent his own expensive victimization at the hands of a SIM swapper.

DNS Hijacks

The most high-profile example of a DNS hijack to date in the ecosystem came in April 2018 when popular Ethereum wallet provider MyEtherWallet was the victim of a regional DNS hijack attack.

In other words, the victims thought they were using MEW when they were actually temporarily using the attacker’s fake MEW. Definitely, this threat involves hackers redirecting DNS servers to a bad domain so they can intercept as many private keys as possible. Be sure to always check an URL’s SSL certification, as MEW now reminds its users as seen below.

Bad Actors In The Company

A possible textbook example of a rogue employee wreaking havoc in crypto came back in April of this year when Indian exchange Coinsecure accused its then-chief strategist officer of stealing 438 bitcoin from users. It’s a reality that all centralized cryptocurrency exchanges face, insofar as they all simply provide highly-valuable, highly-concentrated targets. And it’s a reality that accordingly can’t be ignored by traders. Moreover, even if they don’t go rogue, employees at such exchanges have increasingly become targets of phishing attacks. Seldom these employees hold the “keys to the kingdom,” as it were, and this dynamic hasn’t been lost on hackers.