Originally published in the NOWPayments blog.
Today, cryptocurrencies have a great influence on financial investment and the general area of finance. Digital currencies such as Bitcoin are quickly becoming the typical go-to method when looking to invest especially due to their blockchain-enabled decentralized system.
However, despite the buzz around the security and immutability of these cryptocurrencies, malicious attackers are finding new ways to exploit crypto holders. That alluring anonymous nature makes it increasingly difficult to keep prying hands and eyes out of our investments.
As such, digital wallets are made susceptible to theft and hacks. This article will explore some common ways crypto wallets could be hacked:
How Do Cryptocurrency Wallets Work?
Like the wallets you know, the material ones, cryptocurrency wallets represent a form of digital wallets for holding virtual funds or investments. Wallets function like a digital bank account that requires special keys to access.
They involve the use of public and private keys which bear some sort of semblance to passwords and login.
For crypto wallets, the public keys function as the wallet address while the private keys represent the passwords for access to digital coins and transactions. These keys are derived from a cryptographic seed generated by the crypto system.
The seed is basically the funds stored on the system, and it represents the digital coins in the wallet. However, when the seed is stolen, the user of the wallet loses his or her investments.
Crypto wallets are categorized based on the storage form — cold, hot, or exchange storages. The cold storage type includes hardware wallets like Ledger Nano S and paper wallets. Hot storage, on the other hand, involves online storage of funds.
Hot wallets could be found on a crypto exchange such as Binance or accessed via software, websites, or mobile apps.
How Can Your Crypto Wallets be Hacked?
Today, emails are an integral part of our infotainment channel. Hackers understand these dynamics and use this to their advantage. These days, it is relatively easy to create a domain or an email address for fraud purposes.
Scammers could use this opportunity to send emails that could impersonate a wallet service’s official representative. These emails mostly make users give up their private and public keys — thus leading to the loss of their funds.
This is why it is essential to note the major domain sending emails and report any suspicious activities. Your private keys should remain private.
Technology today is so advanced that new programs and apps appear every day. These days, hackers take advantage of various weaknesses the technologies might have by creating fake wallets. This way, users fall directly into their hands, while they put little or no effort at all into their endeavours.
Most of the time, these fake wallets masquerade as real wallets in app stores thereby leaving people with no doubt about their legitimacy. An example is the recent crypto wallet service, Trezor and Google App Store fiasco.
The study found that several apps were impersonating the wallet service by using the official name and well-written market markers to convince users they are legit, but they are fake, in fact. A helpful tip to avoid falling into a scam of this level is to download the app from the official website of the wallet service.
Malware and Viruses
This is perhaps the most common form of cybersecurity attack. Due to the ease with which we navigate the internet, it is easy to have some malware or a virus entering our systems.
Malicious attackers may inject Trojans into the system through various channels, which then target anything that bears a semblance to your private keys or crypto coins. Trojans are especially dangerous because they literarily open the door for hackers to easily erase your address without even any notice.
Although hardware wallets like Ledger Nano are considered to be the safest form of storage, they are also susceptible to malware attacks. In this case, studies have shown that the firmware of the wallets can be re-wired with a compromised version of a memory address.
This memory address is then made unwritable — which though can be corrected by the microcontroller in the wallet — can change the wallet addresses/ public keys of all outgoing transactions.
It makes it look like the user is pouring water into a basket by redirecting all transactions to another location.
This is why you should make sure routine anti-virus and malware checks are done on your systems, installation of anti-viruses should be done and insecure connections or sites should be avoided.
By-passing Additional Security Measures
Though wallet owners are advised to enable additional security measures as the two-factor authentication, it is sometimes also a victim to security compromise. The 2FA basically ensures the identity and authentication of users behind wallet transactions.
In some cases, users are required to present special keys or figures sent to their emails or messaging apps for access to their wallets. However, while this has been proven to be an effective method to reduce fraudulent activities, hackers have found a way to bypass it.
Email and text hacks are common these days. These attacks come in form of push notifications and alerts. Hence, a useful tip is to note the activities and notification you’d accept.
Like physical wallets, digital wallets can be easily stolen or lost. As mentioned above, your private keys, cryptographic seed, and public keys make up your wallet. Your public keys are like your physical bank account number or details.
Private keys, on the other hand, are simply codes for access to the funds in wallet. Losing your private key, for instance, is equivalent to losing your credit cards alongside your pin codes. In the wrong hands, it is lethal.
In cases where the private keys are stored online either on a computer or a cryptocurrency exchange, hackers can easily find them once they gain access to the site of storage.
For this reason, hardware wallets were considered to be the industry’s safer choice. And while using a piece of paper to store your keys may not be the best thing, it could be a lifesaver at some moments.
A more practical method is the use of electronic-enabled wallets like Trezor and Nano Ledger wallets. However, it is important to keep them safe and keep a watchful eye on the connections made with the wallet.
False Liquidity and Advertisements
With no central authority controlling the flow of cryptocurrencies, the market prices are subjected to several forces of demand and supply. Some of these forces include false liquidity, speculations, and advertisements from exchanges and trade entities.
Scammers take advantage of this sometimes to create an illusion of a honeypot for crypto enthusiasts. They would create false advertisements and massive sell-offs to get traders and buyers interested, and then use that opportunity to steal from them.
A bright example is the leading trading platform, Mt Gox security breach that had the details of over 60,000 bitcoin wallet users stolen and over 745,000 Bitcoin missing. The hacker had initiated false liquidity from a compromised user account.
A point to note from this fiasco is to verify the legitimacy of the offers made before deciding to trade. It is also necessary to have various forms of storage.
Browser Extensions and Plug-ins
It is no news that browser extensions and plug-ins make things easier on several fronts. From your print screens, clipboards to grammar checkers, these have proven to be a lifesaver for various reasons. Plus, the fact that you barely notice their presence makes them that more helpful.
However, this same invisibility could make them a potential threat to your crypto wallets. These extensions sometimes create a pathway for malicious attackers to gain access to the keys.
They sometimes copy and monitor information for hackers to use when necessary. An additional problem with this is that they are not easily noticeable. This is why it is important to verify the developers and read all the necessary reviews before installing.
Apps on Google and Apple App Store
Most of the time, smartphones with Android OS and no 2FA enabled are victims of these attacks. Google App store has a more open OS that makes visitors and applications more susceptible to virus attacks.
In this case, applications of this sort give hackers access to sensitive information that might aid their goal. While Apple App Store and iOS seem relatively safe, attacks here take on a different form.
More often, users download apps with hidden miners — which slows down the phone’s operation.
Can Your Crypto Wallet be Hacked?
The advancements of technology have been most productive. But they also resulted in the area of cyber threats rapidly evolving. Malicious threats are multiplying and moving fast to acquire new forms, and the anonymous, virtual nature of cryptocurrencies seems to be on the line.
As a result, crypto funds face various risks, the most dangerous one being that they might end up in the wrong hands. Crypto wallets might break under the attacks we have previously described.
This is why it is vital to note the aforementioned risks and protect one’s funds. Also, it is important to remember that private keys are meant to remain private and all the necessary precautionary measures need to be taken.