For cryptocurrency holders, 2020 has been a rich year in threats, not least of which were scams and hacker attacks using browser vulnerabilities.
When it comes to trying to steal cryptocurrency, criminals almost always focus on the browser through which most users enter exchanges to buy or sell cryptoassets.
The first and easiest way to attack is phishing. For example, at the end of last year, hackers launched a massive attack on large corporations that cost $160,000 to launch.
Fraudsters lead users to fake sites that are very similar to the original. They actively use the technique of so-called "social engineering" to convince the victim that she needs to take some action immediately.
For example, a user may receive a message allegedly from an exchange employee that his account will be blocked if the user does not urgently transfer money to the site.
And if the browser is not configured to prevent working with insecure protocols or check suspicious sites and security certificates, the risk of hacking increases several times.
In addition, recent events indicate that this risk also extends to users of the Tor browser, a program often used to achieve anonymity on the Internet. A rogue middleman attack allows attackers to intercept and read data being transmitted, as well as interfere with packets of information you send.
Methods to combat these attacks over the Internet have been around for a long time, and they have already become standard. The first among them is the HTTPS protocol, which encrypts data sent by users.
By connecting via HTTPS, users can be sure that they have access to the real site, and not to a fake one. And criminals, in turn, often force users to connect using the insecure HTTP protocol instead of the secure HTTPS protocol.
It is believed that forcing a user to go through an unsecured protocol can only be done upon initial connection and only at the initiative of a provider, for example, a home Internet service or a public Wi-Fi network. But when working with Tor, a user can also be forced to use an unsecured connection, and all because of the exit node from which the user goes online.
Thus, by controlling the exit node, the hacker gains the same capabilities as in a rogue middleman attack as the ISP or VPN service provider.
Tor's anonymity just adds fuel to the fire: node owners can literally do whatever they want. While ISPs care about their reputation and work to prevent these attacks, Tor cannot do that. And when a hacker connects, he can not only steal data from your computer, but also disable the wallet address to which you are sending your money.
Ways to protect crypto assets
There are generally accepted security rules to help you avoid hacking and losing assets.
1. Maintain a healthy skepticism towards all sites and check the validity of their certificates and the security of the connection.
Since phishing is the primary tool for hackers when trying to steal crypto assets, you should be suspicious of any site. Hackers love to create fake sites that look a lot like the original web pages, so don't be fooled by the familiar look and feel of the site. Be sure to double-check everything. If you are forced to switch to an unsecured HTTP connection, do not do it.
2. Don't click on links in emails and messages.
The search engine or selected links will not direct you to a phishing site. However, links in emails and messages can take you anywhere. So do not rush to follow the link directly in the letter, even if it looks like the support service is writing to you. Enter the desired URL manually or enter the site after searching for it through Google or another search engine.
3. Update your browser and security systems on your computer regularly.
When it comes to securing valuable user data, you should always assume that the system you are using to access the Internet is vulnerable. Before performing any transaction with your money, update your antivirus and make sure that all the latest patches are installed on your computer and that the malware databases are fully updated.
4. Work with platforms that meet all safety standards and are controlled by an authorized regulator.
Hackers can even break into exchanges and crypto wallets, so you need to choose secure platforms to store your assets. Regulatory exchanges are by definition more secure. Users of these platforms can use two-factor authentication and aggregated signatures.
5. Keep multiple backups of all important data, including information related to cryptocurrency wallets.
Remember that as a result of a hacker attack, your data can be damaged, and even if the hacker does not gain access to your wallet or online account, you may be left without access to your assets. In the crypto world, this is tantamount to losing personal funds, so be sure to store encrypted keys and wallet login information in multiple locations.
I hope you enjoyed my article. And most importantly, store your cryptocurrency securely!