Blockchain is not secure. Cryptocurrency under threat

29 Jan 2022 Author: Sofia Mashchenko

How to protect against cryptocurrency theft or loss

In its early days, blockchain appeared to be a safe and secure technology that could not be hacked. However, the realities of practical use revealed serious blockchain-related vulnerabilities that caused cryptocurrency owners to lose significant funds.

According to the data from MIT Technology Review, $2 billion in cryptocurrency was stolen from 2017 to 2019. By 2021, the figure had grown significantly.

Today, we can no longer say with certainty that blockchain is completely secure. The sources of security problems in blockchain are various. They include attacks on exchanges, software bugs, unreliable storage of the cryptocurrency wallet’s private key, the “51% attack,” errors in smart contracts, and other technical and organisational flaws.

The majority  of these problems are solved by implementing comprehensive security measures: secure system design and hardening, audits, pentests, managed threat detection and response, etc. At the same time, many security issues can be avoided by understanding hacking mechanisms and following simple security rules.

Let’s look at the main risks associated with cryptocurrencies and how to avoid losing money by applying simple rules.

  1. Fake cryptocurrencies.
  2. Malicious or “black” mining.
  3. Ransomware.
  4. Phishing sites.
  5. Spamming.

Fake cryptocurrencies 

crypto wallet

What are they?

Bogus virtual wallets are malicious websites or mobile applications designed to steal private keys and passwords.

How does it work?

The purpose of a fake wallet is to illegally obtain money by tricking the user. So, instead of creating a new private key and transfer address, the app shows a ready-made fraudster’s address to transfer the crypto-assets. After depositing money to such an account, users cannot use it, because the private key is owned by the thief.

How to fight it?

To protect your funds and keep them secure, you should only use trusted, official wallets. If you are new to the business, it is advisable to visit forums on this subject and study quality content so as not to fall into the wrongdoers’ hands.

If you’re not new to IT, you’re probably used to keeping your complex passwords secure, are accustomed to a two-factor authentication culture, and have a culture of creating, securing and storing backup codes. By having these habits, not only do you significantly improve your overall IT security, but you can also take advantage of more secure crypto-purses.

For example, instead of custodial wallets (online services that have access to your private key), you can use more secure non-custodial wallets. Here they are (in descending order of security): hardware, mobile, paper, desktop and web wallets.

Malicious or “black” mining

What is it?

Malicious mining is the illegal mining of cryptocurrency by using computers that belong to other people.

How does it work?

There are currently two most popular ways of mining illegally. They are mining through a virus program and through a browser. Both methods put a lot of strain on the user’s computer.

Mining through a virus program. The malware code is downloaded onto the user’s computer and begins working continuously to mine the cryptocurrency. The user may have no idea that their computer is operating at a full 80-100% instead of the usual 20-30%, as the mining process can remain almost invisible against the background of other processes.

Browser mining. Some special code is embedded in web pages. This code  mines the cryptocurrency using  the resources of the user who is visiting the website. The logic here is simple – the more time the user spends on the site, the greater the profit. The number of visitors on the site plays an important role in this scheme.

Initially, when mining technology was just developing, the owners of large websites resorted to some kind of exchange with users. The former openly offered free content in exchange for the use of the latter’s computers for mining.

How to fight it?

To protect yourself against the above-mentioned mining methods, we recommend the following guidelines:

1. Pay attention to CPU load using standard tools: Task Manager (Windows), System Monitor (Ubuntu Linux), Activity Monitor (Mac).

2. Use special software that block mining (No Coin, Anti-WebMiner, MinerBlock).

3. Install AdBlock.

4. Use a reliable antivirus.

5. Avoid installing software from unreliable sources.

6. Do not click on any suspicious links.

7. Disable JavaScript in your browser if possible.

8. Seek professional help.

Ransomware

virus

What is a ransomware?

A ransomware is a form of malware that blocks access to files on a user’s device, requiring the victim to pay an anonymous payment to restore the original state. Often fraudsters demand a ransom specifically in cryptocurrency for speed of transaction and anonymity.

How does it work?

A ransomware is an attack that is carried out in several stages. Cybercriminals infiltrate your system to steal or encrypt your files, while blocking recovery. The victim then receives a ransom demand. Quite often, even after paying the claimed amount of money, the attackers do not provide the decryption keys.

How to fight it?

Rule number one is not to pay the ransom.

Rule number two is to try to use a decryptor. Be prepared that this is not always a working method if you do it yourself. To avoid making things worse, and to avoid hurting yourself even more, it is better to trust a professional. You can seek help from a cybersecurity specialist.

Rule number three – the best protection is to prevent ransomware attacks. Installing a reliable antivirus program, timely system updates, and regular backups will keep your systems and data secure.

Phishing sites

hook

What is it?

Phishing is an Internet attack aimed at gaining access to sensitive data.

How does it work?

Cybercriminals set up pages or entire websites, which visually resemble a crypto marketplace. The goal is to obtain your account’s username and password, which can result in all of your cryptocurrency savings being irretrievably lost.

For example, in January, 2022, fraudsters used the WhatsApp messenger under the guise of the Adidas brand to obtain users’ personal data.

How to fight it?

It is important to check the authenticity of the resource, pay attention to the address bar, bookmark frequently visited sites and, trivially, do not click on suspicious links. Instead, use you bookmarks or search engine to navigate to the website

Spamming

letters

What is it?

Spam mailing is a mass mailing of advertising letters to the users who have not agreed to it. At the same time, spam is one of the most common distribution channels for phishing.

How does it work?

Often, a plausible email is received on behalf of cryptocurrency exchanges or websites asking you to perform certain actions. For example, you might be asked to take a survey, ostensibly to improve an exchange’s performance. To make it convincing, a reward is offered at the end.

You may also receive letters disguised as security notifications. You will be asked to enter a security question or to change your password to a new one that more secure.

Also,  an email may come as if from the support team notifying you about some technical problems with your account and asking you to send your confidential information to fix the problem.

Serious scammers write spam emails intelligently, with no mistakes. Sometimes they even add links to official web pages.

How do I fight it?

First, let’s find out how your email addresses could end up on the spam list.

1.     Hacking. Your mailbox or website may have been hacked, giving access to your contacts as a result. Hence, malicious emails pretending to be support or security alerts.

2.     Selling address database. This is simple, unfortunately your contact details may have been sold by the owners of the sites you previously registered at .

3.     Consent to receive emails. On many sites, when users register, they put a check mark – consent to receive promotional materials. If you have done so through negligence, the situation can often be rectified by  following the “Unsubscribe” link at the end of the email. However, this will not help against phishing, and the malicious spammer will just learn that your email is “live”.

4.     Phishing. Entering personal details on fake sites. In other words, if you enter  your email address on one phishing site, you can receive spam and phishing emails from quite different phishers.

Some tips

To reduce the likelihood of receiving phishing emails, it is recommended that you have separate mailboxes for business, personal and confidential emails. We recommend you to use mail services with good spam filtering, such as Gmail.

You can also set up your own inbox filters as an extra measure. If a suspicious email arrives anyway, it should be marked as spam. In no case should you reply to it, otherwise the amount of spam will only increase. For the same reason, it is not a good idea to publish the address of an additional private mailbox in publicly accessible places.

Finally, it is worth considering additional anti-spam services (e.g. services which provide a temporary e-mail address).


As cryptocurrencies, smart contracts, NFT and other innovative blockchain technologies have evolved, so have hackers. Crypto-assets have been and continue to be a tidbit for their hunting. According to most experts, the number and variety of blockchain attacks will increase. By applying the rules we have listed, you will protect your assets, if they are measured in thousands. At the same time, only professional, robust blockchain security will keep you safe from losing millions.

Subscribe to our Telegram channel so you do not miss new articles on our blog.

Other posts

10/11/2024
How to protect and teach how to protect logins to systems
10/10/2024
Overview of modern programming languages and blockchains for smart contracts