Connect with us

Blockchain

Bitcoin Holders Beware: From Phishing to Fakes, Here Are the Top 5 Ways Criminals Can Steal Your Crypto

Republished by Plato

Published

on


HodlX Guest Post  Submit Your Post

 

Despite the significant growth of Bitcoin and other cryptocurrency prices in 2020, the amount of stolen cryptocurrency as a result of hacks is actually less than in 2019. According to a Ciphertrace report,​ the total amount of stolen funds equaled an estimated $468 million.

Most of the attacks in 2020 were made on DeFi projects, which speaks to the immaturity of this fast-growing segment. Nevertheless, the number of stolen cryptocurrencies from centralized services are still much higher. For example, as a result of the ​Kucoin hack,​ cryptocurrency was stolen in the equivalent of $275 million. DeFi hacks make up roughly 21% of the 2020 cryptocurrency hack and theft volume.

Nevertheless, hackers attack not just cryptocurrency platforms but also users. Every day, stories are published on the internet about how hackers stole a user’s cryptocurrency by gaining access to their wallet or exchange account. Some users have no idea how high the risk of hacking their account or wallet can be.

Described in this article are the five most popular ways users can lose their crypto.

Fake phishing websites

Phishing is a type of social engineering attack often used to steal user data, including mnemonic phrases, private keys and cryptocurrency platforms’ login credentials. Typically, phishing attacks make use of fraudulent emails that convince the user to enter sensitive information into a fraudulent website. The recipient is then tricked into clicking on a malicious link, which can lead to a phishing website or the installation of malware.

The simplest example of a successful phishing attack was t​he MyEtherWallet case​ from 2017. The cyber-criminals sent an email to the potential customer base of MyEtherWallet users and announced that they needed to synchronize their wallet to comply with the Ethereum hard fork. After clicking on the link, the user was taken to a phishing website that looked legit but contained an additional, barely noticeable character in the URL. Inattentive users entered their secret phrases, private keys and wallet passwords, thereby providing their data to attackers and losing their cryptocurrency.

The latest example of this was a successful ​attack on Ledger​ wallet users. The scam used a phishing email, directing users to a fake version of the Ledger website that substituted a homoglyph in the URL as in the previous case with MyEtherWallet. On the fake website, unsuspecting users were fooled into downloading malware posing as a security update, which then drained the balance from their Ledger wallet. From this example follows the conclusion that even hardware wallet users are not protected from phishing attacks.

Similar attacks were performed on cryptocurrency exchange users. That is, users would receive a letter with the link to a website that is identical to the original one but with a slightly modified URL. Thus, attackers steal usernames and passwords, and under certain conditions, they can steal cryptocurrency from an exchange wallet. Nevertheless, users have the opportunity to defend themselves even in a successful attack case, since exchanges offer additional protection tools.

API key theft

Some traders use trade automation tools called “trading bots.” With this type of software, a user must create API keys and allow certain permissions so that the bot can interact with their funds.

Commonly when a user creates an API key, the exchange asks for the following permissions.

  • View – allows viewing any data related to a user account, such as trading history, order history, withdrawal history, balance, certain user data, etc.
  • Trading – allows the placement and cancellation of orders.
  • Withdrawal – allows the withdrawal of funds.
  • IP whitelist – allows performance of any operations only from specified IP addresses.

For trading bot API keys, the exchange must have the view, trading and sometimes withdrawal permissions.

There are different ways for hackers to steal users’ API keys. For example, cyber-criminals often create malicious “high-profit” trading bots, available free of charge, to lure a user into entering their API keys. If the API key has the right to withdraw without IP restriction, hackers may instantly withdraw all cryptocurrency from the user’s balance.

According to the ​Binance official​ commentary, 7,000 Bitcoin hacks became possible after hackers gathered API keys, 2FA and other data.

Even without withdrawal permission, hackers may steal users’ cryptocurrency with a pump strategy, a certain low liquidity cryptocurrency trading pair. The most common examples of such attacks are t​he Viacoin pump​ and t​he Syscoin pump.​ Hackers have accumulated these cryptocurrencies and sold them at significantly overpriced rates during a pump using user funds.

Downloaded file exploits

There are a lot of zero-day and one-day exploits for Microsoft Word, Microsoft Excel and Adobe products that guarantee antivirus products will not detect malware and grant malicious actors full access to victim workstations and internal infrastructure.

Zero-day is a flaw in the software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term “zero-day” may refer to the vulnerability itself, or an attack that has zero days between the time in which the vulnerability is discovered and the first attack. Once a zero-day vulnerability has been made public, it is known as an “n-day,” or “one-day” vulnerability. After a vulnerability is detected in the software, the process of developing malicious code begins, using the detected vulnerability to infect individual computers or computer networks. The most well-known malware that exploits the zero-day vulnerability in software is the ​WannaCry ransomware​ worm, a virus that extorted bitcoins for decryption.

However, there are many other malware programs that may gain access to users’ cryptocurrency wallets, as well as cryptocurrency exchange applications using zero-day exploits. The most widely known case of such an attack in recent years was the ​WhatsApp exploit; as a result, attackers were able to collect data from users’ crypto wallets.

Malicious platforms

Due to the active growth of the market, DeFi scammers are constantly launching new projects that are almost exact clones of existing projects. After users invest in these projects, scammers simply transfer the users’ funds to their own wallets. The biggest exit scam of this kind to date is t​he YFDEX case ​in which intruders stole $20 million of users’ funds two days after the launch of the project. Such scams are common since in most cases, project team members are anonymous, and there are no legal obligations because platforms are not registered entities. Previously, such fraud was associated mainly with ICO projects.

Nevertheless, similar cases occurred with centralized platforms. For example, the QuadrigaCX case, when the founder of the centralized exchange died, leaving the platform unable to access its wallets and process withdrawal requests for over $171 million in client funds. As a result, only ​$30 million of lost funds can be repaid.​

Such cases arise all the time, so you need to carefully consider the platform before transferring your money.

Fake applications

Since the existence of cryptocurrencies, many fake applications of particular platforms or wallets have been created – a user completes a deposit to such an application and finds that the funds have disappeared. Intruders may create a copy of an existing application with malicious code or a new application for a platform that does not have an application – for example, the ​Poloniex case f​rom 2017.

Since most crypto wallets are open-source, anyone can create their own copy of the wallet and inject a malicious code there. Topics regarding such wallets often appear on cryptocurrency forums, for example, fake apps posing as Trust Wallet.

How to protect yourself from intruders

As explained above, criminals have various ways to steal user funds and data. We recommend adhering to the following in order to best protect yourself against intruders.

  1. Always check the domain from which you receive emails.
  2. Set up anti-phishing code, if platforms you use offer such features.
  3. Only deposit to exchanges with good reputations. You may check the exchange’s ratings using the following services – CoinGecko,​​ CER.live,​ ​CoinMarketCap, ​CryptoCompare,​ etc.
  4. Set up login IP whitelist, if platforms you use offer such features.
  5. Always research a crypto wallet before deciding to install it on your phone, even if it is ranked highly on your app store list.
  6. Set up IP restrictions for API keys.
  7. Do not invest in recently launched projects that don’t yet have any information about the team, investors, etc. During the DeFi hype, scammers launched dozens of scam projects in order to steal cryptocurrency from investors.
  8. Make sure you download documents and other files from a trusted source.
  9. Always perform regular security updates of your operating system.
  10. Download applications and corresponding updates only from official websites.

Conclusion

Along with the growth of the cryptocurrency market, new schemes continue to appear in hopes of stealing user funds and data. Users should be very careful about the emails and other notifications they receive.

In this article, we have described 10 points on how users can protect themselves from intruders. If you follow these measures, it will be difficult for hackers to steal your data or funds.

This article originally appeared on Hacken.


Zlata Parasochka is a tech writer and crypto believer. She also has her own blog on the Hacker Noon website. Her latest article can be found here.

 

Check Latest Headlines on HodlX

Follow Us on Twitter Facebook Telegram

Check out the Latest Industry Announcements
 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Alex Volot

Source: https://dailyhodl.com/2021/01/13/top-5-ways-criminals-steal-cryptocurrency-in-2020/

Blockchain

Southeast Asia’s first Bitcoin fund launches to meet local institutional demand

Republished by Plato

Published

on

The Malaysia-based BCMG Genesis Bitcoin Fund-I, or BGBF-I, has officially launched, claiming to have become the first insured institutional crypto product available in the Southeast Asian region.

An announcement states the fund launched in response to a growing demand for institutional crypto products in Southeast Asia. The fund leverages an Artificial Intelligence (AI) powered blockchain-based platform provided by Calfin Global Crypto Exchang, which purports to offer increased security for customer holdings.

BGBF-I is regulated in Labuan, Malaysia, where IBH Investment Bank serves as the fund’s main advisor. Professional financial services provider, Hong Kong-based Alpha Calibration, will provide regulatory compliance services, and be audited by HLB Hodgson.

The investment vehicle also offers insurance coverage and underwriting for Public Offering Security Insurance.Fund Manager, Subbu Vempati explained:

“BGBF-I is a secure, insured and regulated platform where investors can get exposure to the Digital Assets industry. Investors get to benefit from our expertise in the financial, technical, and security aspects of Bitcoin investments, as well as enter this class with a peace of mind without any challenges or risk in directly handling the Digital Asset.”

According to its official website, the BGBF-I Fund projects a minimum return of 12% per year, while noting that BTC itself has gained 266.5% over the past 12 months.

All accredited Asian investors must go through mandatory Anti-Money Laundering (AML) and Know Your Customer (KYC) screenings to access the fund.

The Bitcoin fund is one of many that have been recently launched to address growing institutional appetites BTC and other digital assets. In mid-February, the first physically settled North American Bitcoin ETF was approved in Canada. Grayscale’s Bitcoin Trust also continues to grow, with its assets under management recently tagging $39.8 billion.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Check out Nord
Make your Money Grow with Mintos
Source: https://cointelegraph.com/news/southeast-asia-s-first-bitcoin-fund-launches-to-meet-local-institutional-demand

Continue Reading

Blockchain

Former DC comic book artist fetches $1.85M auctioning Wonder Woman NFTs

Republished by Plato

Published

on

José Delbo, an artist who illustrated the comic book series Wonder Woman during the late 1970s, has made $1.85 million in an auction selling non-fungible tokens, or NFTs, depicting the popular heroine.

The 87-year-old Argentian, who also worked on Batman, Transformers, and The Beatles‘ Yellow Submarine comic book, collaborated with Milan-based crypto art duo Hackatao to produce the NFT drop, dubbed “Heroines.”

In total, 914 individual NFTs were auctioned, with the tokens each featuring one of seven illustrations or animated gifs depicting Wonder Woman in scenes invoking themes relating to the empowerment of women.

The tokens auctioned included two one-of-a-kind editions, four “open limited editions— where an unlimited amount of NFTs can be minted only while the auction is ongoing, and one edition for which no more than 10 copies could be sold.

The most expensive piece sold was “Heroines – Weight of the World,” an animated gif that illustrates Wonder Woman holding the world against a backdrop invoking themes of empowerment. The bidder “888” got their hands on the piece for a total of 88.888 Ether, worth approximately $136,000.

Screenshot of ‘Heroines – Weight of the World’

The open edition, “Heroines – Stand Out” , spanned 10 copies in total, with two being reserved for the artists, seven given away to raffle winners. The last remaining copy was auctioned for 15 Ether, or roughly $23,000. All proceeds from the sale were donated to Girls Who Code, an organization that works to closi the gender gap in the tech industry.

Heroines – Shine Bright” was the highest performing open limited edition, with a total of 151 copies selling for a combined total of $450,000.

José Delbo illustrated the Wonder Woman comics between 1976-1981 and is no stranger to the crypto world, holding a week-long exhibition of his comic book art in the Ethereum-based virtual reality world Decentraland during July 2020.

Comic book characters are increasing in popularity in the crypto art markets, with Marvel officially launching a Spiderman NFT that sold for $25,000 in February of this year.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Check out Nord
Make your Money Grow with Mintos
Source: https://cointelegraph.com/news/former-dc-comic-book-artist-fetches-1-85m-auctioning-wonder-woman-nfts

Continue Reading

Blockchain

TA: Bitcoin Rallies above $52K, Why BTC Could Soon Hit $55K

Republished by Plato

Published

on

Bitcoin price rallied over 5% and it even broke the $52,000 resistance against the US Dollar. BTC is now above $53,000 and it is likely to continue higher towards $54,500 and $55,000.

  • Bitcoin extended its rise above the $51,500 and $52,000 resistance levels.
  • The price is now trading well above $52,000 and the 100 hourly simple moving average.
  • There was a break above a key resistance trend line at $52,800 on the hourly chart of the BTC/USD pair (data feed from Kraken).
  • The pair could correct a few points, but it is likely to find support near $52,800 and $52,000.

Bitcoin Price Extends Increase

Yesterday, we saw a fresh increase in bitcoin above the $50,000 resistance zone. BTC remained in a bullish zone and it was able to extend gains above $52,000 after a short-term downside correction.

The bulls gained strength, resulting in a strong push above $52,000. There was also a break above a key resistance trend line at $52,800 on the hourly chart of the BTC/USD pair. The pair cleared the 76.4% Fib retracement level of the key decline from the $52,748 swing high to $46,350 swing low.

Bitcoin is now trading well above $52,000 and the 100 hourly simple moving average. The price is trading nicely above the $53,000 level and it is likely to continue higher.

Bitcoin

Source: BTCUSD on TradingView.com

An immediate resistance is near the $54,000 level. The first key resistance is near the $54,250 level. It is close to the 1.236 Fib extension level of the key decline from the $52,748 swing high to $46,350 swing low. The next major resistance for the bulls is near the $55,000 level. Any more gains could lead the price towards the $58,000 resistance zone and the all-time high.

Dips Supported in BTC?

If bitcoin starts a downside correction, it is likely to remain well bid above $52,000. An initial support on the downside is near the $53,000 level.

The first key support is near the $52,700 level and the broken trend line. Any more downsides might call for a test of the main $52,000 support zone in the coming sessions.

Technical indicators:

Hourly MACD – The MACD is now gaining momentum in the bullish zone.

Hourly RSI (Relative Strength Index) – The RSI for BTC/USD is now well above the 60 level.

Major Support Levels – $53,000, followed by $52,700.

Major Resistance Levels – $54,000, $54,250 and $55,000.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
The Easiest Way to Way To Trade Crypto.
Check out Nord
Make your Money Grow with Mintos
Source: https://www.newsbtc.com/analysis/btc/bitcoin-btc-could-soon-hit-55k/

Continue Reading
Blockchain4 days ago

How to Protect Yourself from the Cryptojacking Threat

Blockchain4 days ago

Bitcoin “Cheat Sheet” Calls For Next Leg Up To $77K

Blockchain4 days ago

Experts divided on BTC predictions: Bullish or super bullish?

Blockchain4 days ago

BitGo To Introduce Crypto Custodial Services To New York Clients

Blockchain4 days ago

Ethereum gas fees drop as daily DEX and DeFi volumes decline

Blockchain4 days ago

Mark Cuban’s Dallas Mavericks to Accept Dogecoin Payments

Blockchain5 days ago

XRP Price Analysis: 04 March

Blockchain4 days ago

Analyst tells Tesla to dump Bitcoin for buybacks as shares plunge alongside MSTR’s

Blockchain4 days ago

Thailand’s largest movie theater chain accepts Bitcoin

Blockchain19 hours ago

ETC Group adds Ethereum ETP on Deutsche Borse

Blockchain4 days ago

TA: Bitcoin Price Back Below 100 SMA, Why BTC Could Retest $45K

Blockchain4 days ago

Decentralized Companies Are the New Norm and It’s the DAO Revolution That’s Making It Possible

Blockchain4 days ago

Binance Coin, Neo, Enjin Price Analysis: 05 March

Blockchain5 days ago

Bitcoin HODL Waves Suggest Bull Run Has Barely Started

Blockchain19 hours ago

Norwegian Oil Mogul Sets Up $58 Million Entity to Buy Bitcoin

Blockchain13 hours ago

NYDIG raises $200 million from strategic partners to work toward Bitcoin-focused initiatives

Blockchain4 days ago

Co-founder of Floyd Mayweather-promoted ICO sentenced to 8 years

Blockchain4 days ago

Crypto fund KR1 makes investment in blockchain data protocol LazyLedger

Blockchain3 days ago

PAID Crashes 70% In Minutes as Network Purportedly Exploited

Blockchain23 hours ago

What’s in store for SushiSwap in 2021?

Trending