Cryptocurrencies have undoubtedly taken the world by storm. Not many envisioned a world of digital money where its creation would come from a bunch of computers connected in a blockchain network.
One of the key goals of any cryptocurrency is decentralization, the opposite of how traditional fiat currencies operate. The money we are accustomed to nowadays is fully controlled by banks and governments, and other central authorities.
Although this attribute provides freedom to the masses, it’s one of the Achilles’ heels of cryptocurrencies as a whole. Criminals exploit this quality as the value of coins is quite substantial. Everything users do on the internet with their coins is largely traceable.
Once lost, coins are almost impossible to recover and track as no centralized organization is held accountable. Moreover, decentralization means regulation is inadequate or non-existent. No account recovery or insurance exists for storing crypto. Exchanges and wallets which keep these coins are increasingly becoming the target of malicious attacks from hackers.
Storing digital currencies requires taking the necessary precautions from an individual and business perspective. This article will detail all the typical ways wallets and exchanges are hacked and the presently implemented preventative measures.
Common methods of how individual wallets are hacked
Below are the typical ways hacks occur for individual wallets. In all these cases, private keys are the main pieces of information the cybercriminals seek to obtain.
- Phishing: Phishing is a prominent social engineering exercise in many criminal activities. It refers to the practice where attackers send legitimate-looking emails to unsuspecting individuals persuading them to provide personal information.
Typically, the emails link users to websites that look identical to reputable crypto-related services. Here, they will be required to enter some private data, mainly their private keys.
Accessing these keys allows scammers to steal all the cryptocurrencies linked to them in one fell swoop. Hence, phishing remains one of the prevalent ways wallets are compromised.
- SMS verification: Two-factor authentication, a security system for using two distinct identification measures, is commonly implemented in the crypto space. While this mechanism is relatively secure, it is still prone to attacks. Research has suggested how it is not too difficult for lawbreakers to intercept these messages via a known telecom network.
Here, the exploitation techniques include wiretapping, SIM card cloning, or ‘voice phishing.’ With only a name, phone number, and email address, hackers can access the private keys and ‘drain’ all coins associated with them.
- Malware: Malware has become a burgeoning problem in cryptocurrencies, specifically with ransomware, a type of extortion software hijacking a system and encrypting all files, preventing the user from operating and accessing their computer until some ransom is paid.
This falls under traditional malware from inducing individuals into downloading some program or clicking on phishing emails.
Overall, criminals employ various other deceptive techniques ranging from man-in-the-middle, hacking mobile applications to even using browser extensions and random PIN selection, all approaches that exploit some system vulnerability.
Common methods of how exchanges are hacked
Some of the most publicized exchange hacks in recent history include Bitfloor in 2012, Mt. Gox in 2014, Bitfinex in 2016, Binance in 2019, etc. KuCoin experienced a $270-million hack in September 2020, which the company reported resulted from leaked private keys.
Like individuals, exchanges are also exposed to similar vulnerabilities due to being connected to the world wide web. In theory, it seems more difficult for attackers to hack exchanges because of their large infrastructure. However, everything in the cyber world follows a trail.
Criminals can gain a list of the employees in a particular exchange, retrieve their personal information, and use techniques like phishing and cloning SIM cards. Eventually, they will access related parties like the accountants and other internal networks within an exchange.
Broadly speaking, how exchanges are compromised is the same as with individuals:
- SMS authentication
- Code vulnerabilities
- Accessing mobile, desktop, and web terminals/applications
Preventative measures for hacks
The underlying problem with wallets and exchanges is the exposure to private keys since they are the main thing required to steal cryptocurrencies. One familiar approach that has seen increasing adoption is cold wallet storage for both individuals and exchanges.
Here, holders keep their coins in an offline device such as a USB drive that is not connected to the internet. Such devices also have other features like seed phrases and two-factor authentication for a further security boost. Moreover, users should also ensure their exchanges store nearly all their cryptos in their designated cold storage.
However, research has also suggested this type of storage is still penetrable by hackers through internal malware. Nonetheless, the chances of security breaches are still minimized compared to traditional ‘hot’ storage, where keys are accessible to the web.
Users should also find out if their respective exchange has any insurance in the case of a significant theft. Generally, it’s wise to choose services that treat cybersecurity seriously in everything they do.
Here are other considerations to ensure safety in the storage of tokens:
- Investors should never reveal anything about how many coins they own or the wealth they have.
- Those using cold storage or decentralized exchanges should store their seed or mnemonic phrases in physical paper or specially-designed metal devices placed in a secret location.
- Usually, most holders should store the bulk of their tokens offline or in cold wallets, with only a tiny portion online for everyday transactions.
- Two-factor authentication should be used when dealing with any wallet provider or exchange.
- Investors must regularly monitor their computers and phones for any potential breaches and ensure they operate efficiently by noting any strange behavior like arbitrary downloads, unexpected restarts, freezing, etc.
The security risks present in cryptocurrencies have certainly deterred many from participating in the space. Fortunately, facilities like exchanges have been well aware of the challenges and continually look to tighten their cybersecurity.
Anyone involved in the space understands how the private keys are essentially everything, meaning their safekeeping should be treated with the utmost importance.