How to save a Bitcoin purse from hackers? Hacking techniques and technologies and protection against them

By roland4 | bitcointime.eu | 21 Jun 2019

Bitcoin and other cryptocurrencies have traditionally attracted the attention of fraudsters of various calibres, who not only use them in their illegal activities, but also actively steal them not only from stock exchanges, but also from ordinary users.

While hackers use advanced technology to find new ways to withdraw funds, the basic and time-tested methods remain the same, as new people enter the cryptocurrency space every day, often without adequate knowledge and awareness to counter such attacks.

Below are some of the major tricks and tricks hackers can use to at least secure their coins.


Social engineering and phishing

Social engineering is understood as a set of exchange techniques that cause users to perform actions on websites or applications that may cause them harm. One such popular method is phishing, a clone of known resources that forces users to disclose their personal data, including passwords, phone numbers, bank card details and, in recent years, private keys to cryptocurrency wallets.

Links to phishing sites can be distributed in a variety of ways, from advertisements on social networks to e-mails copying the look and feel of official mailing lists. All this is done for the sole purpose - to force inattentive user to go to the fake site and enter personal data there.

According to Chainalysis, phishing remained the most profitable fraudulent method in the cryptocurrency space during 2017 and 2018. However, if in 2017 it accounted for more than 88% of all fraudulent schemes, in 2018 this method became less effective and its success rate decreased to 38.7%.

However, the risk of becoming a victim of a phishing attack remains. Recent incidents include attacks on the popular Electrum wallet in December 2018 and April 2019. Attacks were often carried out on altoin wallets as well.

In addition, recent phishing attacks have included Bitfinex and Binance exchanges, the Trezor hardware wallet, the LocalBitcoins Bitcoins purchase and sale platform, as well as users of social networks such as Facebook. In the latter case, cybercriminals copy the pages of popular cryptocurrency communities, and then use photos of members of real communities to mark them as winners of the loyalty program to the platform in their posts.

The importance that the industry's leading representatives attach to the fight against phishing is also reflected in the fact that in April this year Binance Labs, the venture capital arm of the Binance Cryptocurrency Exchange, invested in PhishFort. The company specializes in phishing protection solutions and focuses on high-risk businesses such as Bitcoin exchanges, ICO projects and token platforms.

Recommendations on protection against phishing attacks are rather simple: increase of the general computer literacy, own attentiveness (manual input of URL and check of use of protocol https), and also used by default mistrust to the announcements offering free distribution of cryptocurrencies.

 

Trojan viruses

 

These multiple viruses are a type of malware that infiltrates a computer under the guise of legal software. This category includes programs that perform various unconfirmed actions: collection of information about bank cards, computer malfunctioning, use of computer resources for mining purposes, use of IP for illegal trade, etc.

But the ingenuity of hackers does not stand still. In 2018, a new version of the infamous Win32.Rakhni Trojan was discovered. This virus has been known since 2013, but if at first it focused solely on encrypting devices and demanding a ransom for unlocking, the new version went much further. First, it checks for folders associated with bitcoin wallets, and if any are found, encrypts the computer and requires a ransom. However, if no such folders were found, Win32.Rakhni installs a malware that steals the computer's computing power to secretly mine the cryptocurrencies, and tries to spread to other devices on the network.

351665157-aeb98891b1913c11101a36a3cf0bda5b5982ef6a815860281dab6ee4c3c97ac3.png

At the same time, as seen in the image above, more than 95% of all cases of computer infection with this Trojan were in Russia, the second and third places went to Kazakhstan and Ukraine.

According to Kaspersky Labs, Win32.Rakhni is most often distributed via emails where users are offered to open an attached pdf file, but instead of the expected content, a malware program is launched.

351665157-09a68e18232608069fe14a50c3ee28765a2089f5861a7975c74db090d6db7f24.png

As in the case of phishing attacks, basic computer hygiene must be observed to prevent infestation of the devices and to be extremely attentive to the investments being made.

keyloggers

 

Malicious applications often consist of several components, each of which performs its own task. In fact, they can be compared to Swiss army knives - with their help hackers can perform many different actions on the attacked system.

One of the most popular components in attacks are so-called keyboard spies (keyloggers). They are a highly specialized tool that records all keystrokes on devices. It allows intruders to stealthily capture all of the user's confidential information, including passwords and cryptocurrency wallets.

Keyloggers most often penetrate systems with complex malicious software, but sometimes they can be built into legitimate software.

Manufacturers of antivirus solutions usually add well-known keyloggers to their databases, and the method of protection against them is not much different from the method of protection against any other malicious software. The problem is that there are a huge number of keyloggers, and it is physically very difficult to keep track of them all. For this reason, keyloggers are often not detected by antivirus on the first attempt.

However, normal computer hygiene and the use of special software can be a good help in combating this type of attack.

 

Public Wi-Fi networks

Theft through public Wi-Fi networks has always been and remains one of the most popular tools for cybercriminals. Most Wi-Fi routers use the WPA (Wi-Fi Protected Access) protocol, which not only encrypts all information in the wireless network, but also provides access to it only to authorized users.

However, hackers have also found a loophole here: by running the simple KRACK command, they force the victim's device to reconnect to their own Wi-Fi network and then be able to monitor and control all the information passing through it, including the keys to their cryptocurrency wallets.

Regular router firmware upgrades, as well as your own attention, help protect against such an attack: you should never make transactions in public places, such as train stations, airports, hotels, or - as is often the case with the Bitcoin community - in blockchain conferences.

 

Slack-bots

 

There are quite a number of bots for Slack that hackers successfully take on. As a rule, such bots send a notification to the user about problems with his wallet. The ultimate goal is to force the user to click on the notification and enter the private key.

351665157-095f112992bc78bf3ee0d3b8ef3a2f3d31992937594eef5613b033d81a6e0c28.png

The biggest successful hacker attack, which involved bots for Slack, was the incident with the Enigma project in August 2017. The project was then forced to suspend the ECAT token presale after unknown attackers hacked into the project's website and, indicating a false ETH address, deprived it of more than $400,000.

In addition, Enigma representatives confirmed that the Slack chat of the project was also compromised:

351665157-7a98194415b22ad64f613510a6d21675b429b20adcb51a58b045b0c36d11c889.jpeg

Tips: ignore such messages, send complaints about bots spreading them, install protection on Slack-channel (for example, security-bots Metacert or Webroot).

 

SMS and SIM Swapping authentication

 

SMS authentication is still a very common method of verifying various transactions, including cryptocurrency transactions. However, as early as September 2017, Positive Technologies, a cybersecurity company, demonstrated how easy it is to intercept password-based SMS sent via Signaling System 7 (SS7).

The demonstration was based on an example of a Coinbase account that was linked to Gmail mail. At first glance it might seem that we are talking about a vulnerability on the side of Coinbase, but in fact the tool of Positive Technologies' own development used weaknesses in the cellular network itself. By redirecting text messages to their own number, the researchers were able to reset and set a new password on the mail and then gain full access to the wallet.

In this case, the experiment was conducted for research purposes and the actual theft of the coins did not take place, but the results showed that such a method could easily be used by real criminals.

In a special material for the bitcointime.eu , Hacken specialists also listed the main options for intercepting SMS:

 

A wiretap. Interception of SMS by law enforcement officers due to abuse of authority or misuse of covert investigative materials.
Duplication (cloning) of the SIM card through the cellular operator with the use of personal data of the client and further use of the cloned SIM card in illegal activities.
False base station for interception and decryption of all incoming messages of a subscriber and further use of intercepted data in illegal activities.
Hacking the subscriber's "Personal profile" on the mobile operator's website or application and redirecting all messages to the address of the intruder, as well as further use of the received data in illegal activities.

In this list the second item is also interesting - cloning (substitution) of the SIM-card. This method is known as SIM Swapping, and the first loud case when it was used to steal cryptocurrency for $14 million is already known.

It is a case that occurred in 2018, when in the U.S. were arrested two hackers who were able to convince the mobile operator to transfer control over the number, where there was a two-factor authentication to the account of the administrator of the project Crowd Machine.

Recommendation: Refuse to verify via SMS in favor of special software for two-factor authentication (2FA), such as Google Authenticator.

 

Mobile applications

 

Victims of hackers most often become owners of devices on Android, instead of 2FA, using only login and password. This is also because the process of adding applications to the Google Play Store is less strict than that of the App Store. Attackers take advantage of this by placing their own apps that mimic well-known wallets and stock exchanges, and luring inattentive users into the process of adding apps to the Google Play Store.

One of the big stories about fake applications was related to the Poloniex exchange. In November 2017, ESET experts discovered a program in Google Play that pretended to be the official mobile application of the U.S. exchange. The essence of the fraud was that users who downloaded the program entered their login and password there. This allowed the creators of the virus to change their own settings, perform transactions, and access users' mail.

Despite the fact that Poloniex did not have any official mobile apps at the time (they were released only in July 2018), two versions of fake apps were installed by more than 5,000 people. After the ESET warning, they were removed from Google Play.

Also on Google Play there were fake applications MetaMask and Trezor Mobile Wallet.

iOS device users are more likely to fall victim to malicious users distributing apps with a built-in hidden mining feature. After discovering this problem, Apple was forced to tighten the rules for accepting apps on the App Store. However, the damage caused by such applications is rather small - they only reduce the performance of the computer without diverting funds.

Tips: Do not install applications that are not absolutely necessary. Don't forget two-factor authentication, and also check the links to applications on official project and platform sites to make sure they are authentic.

 

Extensions, plug-ins and addons for browsers

 

There are many browser extensions and plug-ins designed to make interaction with cryptocurrency wallets easier and more comfortable. However, they are usually written in JavaScript, which makes them vulnerable to hacker attacks. It can be about intercepting user data and further access to wallets, as well as installing programs for hidden mining.

At the same time, as noted in Check Point Software Technologies Ltd, hidden cryptomayners remain the dominant threat to organizations around the world. For example, in 2018, cryptomayners consistently ranked top four most active threats and attacked 37% of organizations around the world. In 2019, despite the decline in the cost of all cryptocurrencies, 20% of companies continue to be attacked by cryptomayners every week.

There are several ways to counter this threat: install a separate browser or even a separate trading computer, use incognito mode, update antivirus databases on a regular basis and not download any dubious extensions or plug-ins.

 

*************

 

Although most of the hacker attacks come from stock exchanges and companies, individual users are also being targeted. According to the results of last year's study by Foley & Lardner, 71% of large traders and investors named the theft of cryptocurrencies as the highest risk, while 31% called the activities of hackers a threat to the entire cryptocurrency industry.

Hackers tend to be one step ahead of the industry, so in addition to special security software, it is also important to fight cybercriminals with their own computer skills and to keep track of the latest trends and events in the field of cybersecurity.

 

Subscribe to the channel bitcointime.eu

Blockchain Crypto News safety Bitcoin Wallet hackers

How do you rate this article?

0
roland4
roland4

bitcointime.eu
bitcointime.eu

On my channel you will learn a lot of useful and important information about business on the Internet

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Beautiful Saturday, warm and no rain - My Actifit Report Card: June 14 2025 Beautiful Saturday, warm and no rain - My Actifit Report Card: June 14 2025
marianomariano68

marianomariano68

7 hours ago
1 minute read

Crypto is boring Crypto is boring
crypto newbie mom

crypto newbie mom

4 hours ago
4 minute read

Mekka of surfers - Lombok, the city of Kuta - my trip around Indonesia Mekka of surfers - Lombok, the city of Kuta - my trip around Indonesia
madventure

madventure

7 hours ago
1 minute read