What are Fraudsters’ tricks to gain access to your cryptocurrencies today?
A description of the latest and interesting ways of hacking both hot and cold wallets and ways of users’ protection.
Digital currencies are becoming an increasingly widely spread payment method among users worldwide. Bitcoin and other cryptocurrencies are rapidly expanding their fields of application because more and more people trust them making payments, transferring funds and using them as savings. Nevertheless, ensuring the security of digital assets remains an important aspect as fraudsters continue to find ways to hack cryptocurrency wallets.
But, as stated, forewarned is forearmed. So, let’s consider the methods which are popular among fraudsters today.
Hacking wallets.
Cryptocurrency wallets, like ordinary wallets, which are habitual to people unfamiliar with digital currencies, can be stolen or lost.
As for cryptocurrencies, unless you keep all your money in a cold wallet, fraudsters do not have to steal the physical medium with your funds. They just need to find out the private key of your wallet. That is why the Simba.Storage team recommends paying special attention to the storage of private keys or use the services of our storage, which guarantees the protection of your assets.
All cryptocurrency wallets contain two types of keys — public and private.
Public keys can be compared with a bank account, which you can provide upon request, for example, if you need to receive funds.
Private keys are a security code that only you should know. Their importance can be compared with the PIN code of your bank card which you enter in an ATM or the CVV2 code required to make payments online.
You can easily guess the consequences of losing private keys or if fraudsters gain access to them. Your funds will either be stolen or you just won’t be able to access them.
The storage of your private keys in a file on one of your Internet-connected devices is not a smart idea. If hackers gain access to your computer, they can easily find the file and use it to steal your crypto assets.
Cybersecurity experts always advise keeping a hard copy of your private keys. Lamination of a sheet of paper with your private keys may seem strange, but in fact, it is one of the most reliable ways.
One can also use services providing hot cryptocurrency wallets. For example, Blockchain.com will store your private keys for you so that you will not need to use them yourself. But, in this case, you will have to secure the ‘seed phrase’ and if hackers get to know it, they will be able to hack your wallet.
Sending ‘phishing’ emails.
Everyone uses e-mail, both for work and for personal purposes in the modern world. This is the reason why hackers use such hacking techniques as ‘phishing’ emails to gain access to confidential information and user’s devices.
Fraudsters send letters, pretending to be representatives of a cryptocurrency service, and ask for personal data or private keys to restore access, confirm an operation, etc. The gullibility of inexperienced users often results in losing their funds forever as they voluntarily give their data to hackers.
It should be remembered neither bank staff will ask you for the CVV2 code, nor a cryptocurrency service representative will ask for your private key.
Also, imagine a situation when you are an investor looking for a promising company in the cryptocurrency industry. Suddenly, a representative of the company comes out to you and talks about an exclusive offer regarding tokens. It may seem good luck to someone, but it is not true.
Some criminals are not interested in hacking your account, but in stealing it. However, more experienced fraudsters create websites where you can register and deposit funds that you will never get access to.
Study the recipient of the email carefully and if in doubt, do not even open it. Also, it will be right to notify the organization which you have received the email from about written on their behalf.
Installing keyloggers.
Hackers constantly try to get access to other people’s data in various ways and one of them is keyloggers. These are malicious software that saves every user’s action on any device. For example, it can be passwords and other data used to log into service accounts where cryptocurrencies are stored. In turn, these programmes give hackers access to the received data.
If the keylogger gets on your device, you become easy prey for hackers. You can get malware:
- By e-mail;
- Activating the software downloaded from an unreliable site;
- Inserting a USB with malware into your device.
You should always use antivirus software and fully verified devices and software to avoid such incidents.
Fake wallets.
According to a recent research, the Google App Store has several apps faking Trezor, a popular cryptocurrency wallet.
They use similar names and compelling marketing banners that allow not only to deceive users but also to obtain permissions from the Google platform and avoid blocking.
In order not to face fake applications, download software from the official websites of services. Also, some wallets ask for your phone number to send you a secure link that takes you to the app store.
Bypassing Two-Factor Authentication.
Two-Factor Authentication, or 2FA, is an additional level of security that trusted wallet providers use to ensure that certain transactions are made by real users. For example, if you want to transfer funds from your account to an external wallet or bank card, you need to enter a special code from your 2FA Google Authenticator app or a code sent to your specified email address or by SMS.
Although it is an effective way to protect users from unwanted transactions and fraudulent activities, there have been some cases when hackers have found ways to bypass 2FA. For this reason, it is always important to keep an eye on the notifications which you receive.
Social Media Campaigns.
The process of placing ads on Instagram, Facebook or Twitter is quite difficult for cryptocurrency companies. Only some of the most popular and reputable organizations have this opportunity.
However, some fraudulent companies have found a way to bypass the bans and launch short-term campaigns targeting people who are looking for buying or selling cryptocurrencies.
Contact trusted and reliable companies in order not to deal with suspicious cryptocurrency organizations.
Malicious software used to substitute for copied addresses.
Retailers who accept direct cryptocurrency payments usually place their wallet address on their website. Thus, you can copy and paste it into your wallet to transfer money.
However, users who are used to making such payments stop paying attention to details. In this case, you might be deceived, because there are malicious programmes which can substitute for copied addresses. As a result, you will transfer your funds to the hacker’s wallet. One of these programmes is CryptoShuffler. Even though this programme allowed to steal only $ 150,000, it is not known how much money has been stolen by means of similar software.
The easiest way to protect yourself is to double-check the address that you insert to transfer funds, although it takes some time.
Trust management services.
On the cryptocurrency market, the term Trust Management (TM) means a type of financial relationship when the right to manage cryptocurrency assets is transferred to a professional manager, a trader who makes transactions on your deposit to generate profit.
The reputation of this profitable and convenient activity on the cryptocurrency market has been undermined by a large number of frauds. In the result, a lot of people, who have decided to entrust the management of their capital to fraudulent traders, have suffered.
Such frauds typically occur in the Telegram messenger where the author of the channel is a fraudster having a large audience. It also happens that a lot of money is invested to create special channels which are hyped up to get more and more money before investors’ funds are withdrawn and disappear forever.
There are two of the most common options for the loss of your capital while using such services.
- You transfer your funds directly to a trader and immediately or after a while lose the opportunity to contact him forever.
2. The fraudster offers you to work with API keys from your account which protect your deposit from the possibility of withdrawing funds by a trader. When using API keys, a trader can work remotely by means of special software from your account. The criminal presents this option to you as an argument which guarantees the safety of your funds. However, at the same time, you are offered to work on a low-liquid exchange, where the volumes are very small. It allows the fraudster to take possession of your funds by trading and making deals on low-liquid assets.The hacker uses your account, spending your funds on his transactions, playing with the price of the asset as it is profitable for him. For example, he buys an asset at the bottom, places orders to sell it at the highest price and then places orders from your account at a convenient price. You buy fraudster’s assets at inflated prices and remain with assets that are unlikely to reach these price points.
Simba.Storage experts recommend users not to tell unfamiliar people your API keys, let alone transfer funds directly and it is no matter how attractive potential profit, statistics or an unfamiliar trader or Telegram channel administrator are, there is a very small number of people in the world who want to make money not only for their needs but for yours as well. The young cryptocurrency market is the vast expanse for such fraudulent schemes. There is no need to risk your capital once again because of the desire for easy money.
Safe storage of cryptocurrencies.
Making regular or daily payments for goods and services with cryptocurrencies will always be accompanied by certain risks, which are less than when using fiat currencies, though. Cryptocurrency attracts attention not only as a means of payment but also as a promising asset for long-term storage, especially when it comes to the flagship digital currency, Bitcoin.
However, first of all, you need to pay attention to specialized cryptocurrency storages, to get a guarantee of the most reliable and secure storage of your funds without thinking about the situation when you might become a victim of fraudsters who are inventing new ways to steal funds.
Let’s consider what they are like using Simba.Storage as an example. Let’s say you have a certain amount of Bitcoins that you are not ready to give into the hands of hackers under any circumstances. By contacting the vault and entrusting it with your funds, you can count on providing cold storage of your assets in hardware wallets in Liechtenstein and Switzerland. These are places where criminals who are ready to open safes and fight to enter protected areas are unlikely to live. It is also worth mentioning that cold storage is not comparable to the possibility of stealing private keys, remote hacking of devices, etc. because funds are stored onsite without access to the network.
Another important factor in cooperation with storages is guarantees of refund and password reset procedure in case of emergency, loss of passwords or other data necessary to log into your account. In Simba.Storage customers can restore access to funds using the user identification procedure (KYC).
What to do if you need to use some of the funds urgently? They are kept in storage and not intended for instant withdrawal, which is not available in cold storage. As for Simba.Storage, you will receive SIMBA stablecoins backed by Bitcoin, equivalent to the deposited funds (at the rate of 1 SIMBA = 1 satoshi). SIMBA is an ERC-20 token and it can be used for everyday payments, payments for goods and services as well as for cross-border transfers.
