Techniques used by Hackers to steal Cryptocurrecny

From phishing to crypto jacking to key-logger attacks, there are a lot of ways, hackers can steal your stash of cryptocurrency. In early July 2018, Bleeping Computers identified a suspicious activity to defraud 2.3 Million Bitcoin wallets. All these wallets were under the threat of being hacked. The malware used was “clipboard hijackers.” It operated in the clipboard and could replace the copied wallet data with one of the hackers while transferring Bitcoin to other wallets. Kaspersky Lab had predicted such type of hacking attacks in November 2017, and it didn’t take long to become a reality. 
Till date, this is one of the most popular types of attack to steal user’s crypto and information. About 20 percent of the total cryptocurrency hacking attempts are made on individual’s wallets and accounts. Kaspersky Lab’s report published in Cointelegraph stated that criminals had stolen $9 million through social media engineering and other hacking techniques.

There are chances that some undetectable programs are running on your smartphone or Laptop right now, copying your every single seed, password or any button you hit on. When these programs send back or change the copied clipboard data, it becomes too easy for the attacker to gain full access to your wallets. Hackers use the vulnerability we didn’t notice. Here’s how they do it and how we can protect our wallet:

SLACK BOTS

There are many slack bots which are being used by hackers. 
Since mid-2017, there have been many cases of stolen cryptocurrency through this technique. The bot sends a notification to the user’s device about issues with their wallet. The ultimate goal is to force the user to click the notification and type private key.

Image source: Steemit @sassal

TIPS

  • Report Slack-bots immediately;
  • Ignore bots’ activity

ADD-ONS FOR CRYPTO TRADING

You get extensions to do more comfortable work with wallets. But these extensions are vulnerable to hacking attacks as they are developed on JavaScript. Might be an extension is using your computing resources for mining purposes. To avoid it: 
Use incognito mode. 
Use separate browser for cryptocurrency related work 
Install Network protection

SOCIAL ENGINEERING AND PHISHING

Cybercriminals also ramp up their focus on social engineering to steal cryptocurrency from newbie users. Fraudulent websites and paid ads are still on the rise even after the ban. Hackers mimic the authorization pages of exchanges and dupe users to enter the private key. To avoid it:

Enter the exchange address directly to the URL bar 
Never trust ads offering free cryptocurrencies

CRYPTOCURRENCY MINING BOTNETS

‘Botnets’ are networks malware-infected systems which can be controlled remotely. Generally, botnets are used to distribute malware or to perform DDoS attacks. But for quite a few time crypto-criminals are using it to mine cryptocurrency.

SMS AUTHENTICATION

Most of the users have mobile authentication as it is handy and they always have the smartphone. But using the SS7 protocol hackers can intercept an SMS with a password confirmation. Here’s the vulnerability is in the cellular network. To avoid it: 
Stop using SMS verification 
Use software base 2FA

The bad news is there is no decrease in the activity of crypto hacking. As per JAN 2019, there are more than 11000 dark web platforms selling more than 34000 offers. Here anyone can get malicious software for an average price of $240.

Report Source: CARBON BLACK

The big question is: How do these softwares get on our computer? On June 27 a program called All-Radio 4.27 was installed unknowingly on many devices. The situation got more complicated when people were not able to uninstall it. It had given a whole suitcase of unpleasant surprises. It was found that the program had hidden miner and was monitoring the clipboard. This program was installed on the systems which have cracked games or OS versions. It’s foolish to become a scapegoat of such hacking attacks. So, in conclusion, I’ll like to remind you of advice from Bryan Wallace:

“Encryption, anti-virus software, and multi-factor identification will only keep your assets safe to a point; they key is preventive measures and simple common sense.”

read original article here