The devil is in the detail: the importance of crypto security

The devil is in the detail: the importance of crypto security

As the old saying goes, every answer yields more questions. You solve one problem only to realize you now have ten more. This is true of technological developments. GPS helps you navigate the world, but it is also a great way to track your movements. Electronic mail gave the world instant, long-range communication, but it also gave criminals a new way to access your personal data.  

So, you might expect blockchains to have created new vulnerabilities. But this is where things get interesting. Despite being one of the most innovative industries, the most common blockchain threats are familiar foes.  

But are crypto warriors better equipped to fight off these well-known threats? To be completely sure, you need to get to know your enemies.  

Tried and tested  

Hackers operate according to the following ethos: if it ain’t broke, don’t try to fix it. The truth is that many of their strategies have existed for a long time. Before being used to steal crypto funds, they were and still are used to steal fiat currencies. 

The most common attacks 

Articles discussing cryptography usually contain a lot of complex terms and mechanisms. But much of what follows will probably be familiar language. If you have a bank account, you may have experienced one or two of these attacks.  

  • Phishing scams  

A successful attack requires a convincing disguise. Phishing scams are a perfect example of this. Attackers posing as trusted entities contact users both directly and indirectly. The direct method can be via email, text message, and instant messaging app. Simply opening the message can leave users compromised. The indirect method is through advertisements. Users click links and are taken to websites that are either cloned or created to deceive. Often, careful examination of the URL reveals the deception.  

  • Giveaway & doubling scams  

The use of celebrities or renowned entities to trick people is another way such attacks are disguised. The scam is simple but surprisingly effective. The hacker creates a giveaway post from a seemingly reputable figure. But this is actually a fake account. The devil is in the detail. For example, @VitalikButerin is a well-known Twitter handle. But @ViltalikButerin is not. The scammer offers a certain amount of funds to users who can answer a simple question. But they must also enter their personal details to receive payment. 

  • Deposit scams  

Much like fake giveaways, deposit scams begin with free funds. The scammer contacts users with news of a deposit put into their accounts. Next, the scammer asks for a small withdrawal fee. The deposit is never made, and the scammer runs away with the fee.  

  • Airdrop scams  

Airdrop scams begin with attractive offers. New users create an account without being aware of acceptable practices. The scammer asks users for personal details. This data is then sold to third parties. In the worst cases, criminals will use your identity during illegal enterprises.  

  • Fraudulent paper wallet generators  

Scammers create their own versions of this software. They have access to every wallet the software prints. If you print a paper wallet to store your funds, the scammer has the same access as you. It isn’t long before these scammers have access to a lot of funds. 

  • Hardware wallet scams  

You can now start to see a pattern of behavior. Believing the hardware wallet is genuine, users quickly register an account. Next, they enter their personal details. In this case, scammers often request the mnemonic phrase used to access the wallet. They might also ask users to choose from a list of “randomly generated” phrases. In reality, these phrases are linked to the scammer’s wallets.  

  • QR code generator scam  

Users open the fraudulent converter. They then enter their wallet address. But the QR code that is generated is not linked to their wallet. It is actually linked to a wallet owned by the scammer. When users try to send funds to their wallet, they end up sending them to the scammer.  

  • Ransomware attacks  

This type of attack is gaining notoriety. Organizations like REvil use this method to attack governments and national services. The hackers infect infrastructure with software that cripples their systems. It then asks the administrator for large sums of cryptocurrency in return for the removal of the software. But at the individual level, users can often simply reinstall their operating system. However, personal files will be lost. So, remember to always make a backup.  

  • Clipboard hijacking 

Malicious software plays a long game. Clipboard hijacking software is equipped to recognize crypto addresses. It waits until the user copies the address to the clipboard and then replaces it with one that belongs to a hacker. Users paste the address with confidence but, in the end, send funds to the hacker.  

Choose your weapon! 

So, what can you do to protect yourself? A healthy dollop of paranoia is a good start. Treat everyone and everything as suspicious until proven otherwise. But this will only get you so far. Next, you’ll need to arm yourself to the teeth. So, let’s take a look at what’s in the arsenal.  

  • Scanning tools for downloadable content 

Malicious software can hide in innocent-looking content. Always check downloadable content with scanner software like PaperScan

  • Ad blockers 

Many phishing scams hide in advertisements. Software such as AdblockPlus can filter these potential traps out of your search results. And if you never see them, you’ll never be tempted to click on them.  

  • QR checkers 

It can be helpful to convert a crypto address into a QR Code. But hackers use fake converters to steal your data. Use only reputable generators like Beaconstac. And always check QR Codes with software such as Kaspersky’s QR Code Reader and Scanner

  • Second sight 

Double-check everything. Carefully examine every crypto address, URL, and attractive advertisement. Proofreading can reveal previously unseen details.  

The big guns 

Every little helps when you are battling determined hackers who know the technology inside out. But if you want to win, you will need more than ad blockers and careful fingers. What you need is a solid plan of action for the two most important factors in crypto security. And here it is, BTCV’s code of conduct for wallets and exchanges.  

Wallets 

Do  

  • Keep the majority of your crypto in a secure wallet like Trezor. Divide your funds for active use. Store only the amount that is absolutely necessary online.  
  • Select the most respected wallet software on the market. Open-source software like Electrum is known for its reliability.  
  • Store your seed phrase in physical form. Carve it into stone. Etch it into gold. Or simply use a piece of paper.  

Don’t 

  • Store your seed phrase in a digital document, email folder, or notes app. Digital locations can be easily compromised.  
  • Use services that ask for your seed phrase. Many airdrop scams will ask you to share this sensitive information. 
  • Create or use paper wallets on an unsecured or public network. Printing a QR code for your seed phrase is risky. Printers often have internal storage and retain the data that was printed.  

Exchanges 

Do 

  • Choose complex passwords for your account. The longer, the better. Your passwords should consist of a minimum of 36 characters. They should include upper and lower-case letters, numbers, and special characters. Password manager software like Bitwarden can help.  
  • Use Two-Factor Authentication. It is much harder to hack an account that is secured with 2FA. 
  • Monitor your browser’s address bar. Trusted website software can check your URLs and help identify possible phishing scams.  

Don’t 

  • Re-use your passwords. This is solid advice for general practice, but especially for crypto exchanges. If you used a password in the past on a site that has since been hacked, you are exposed on the exchange.  
  • Click on crypto ads. Some of these ads could be phishing scams. If you see an interesting exchange ad, manually type the URL into your browser. You should also bookmark your most popular sites. 
  • Leave no funds behind. If you’re not regularly trading on an exchange, remove your funds and store them in a renowned hardware wallet.  

Key takeaways  

When thinking about crypto security, many experts remember a modern phrase. Been there, done that, and bought the t-shirt. This is because many of the threats facing today’s crypto enthusiasts are as old as traditional banking. The oldest tricks are still the most effective.  

But this gives blockchain users the advantage. By knowing their enemies, they can predict the most probable attack strategies. It’s true that hackers will continue to develop new scams, but the industry is always improving its defenses. Certainly, the battle will not end anytime soon. As always, remain vigilant and make use of all the available tools.  

For more information about Bitcoin Vault BTCV subscribe for Bitcoin Vault BTCV newsletter

and follow Bitcoin Vault BTCV official channels:

Telegram, Twitter, Facebook, Instagram, Youtube

Recent articles