Connect with us

Blockchain

Bitcoin Holders Beware: From Phishing to Fakes, Here Are the Top 5 Ways Criminals Can Steal Your Crypto

Published

on


HodlX Guest Post  Submit Your Post

 

Despite the significant growth of Bitcoin and other cryptocurrency prices in 2020, the amount of stolen cryptocurrency as a result of hacks is actually less than in 2019. According to a Ciphertrace report,​ the total amount of stolen funds equaled an estimated $468 million.

Most of the attacks in 2020 were made on DeFi projects, which speaks to the immaturity of this fast-growing segment. Nevertheless, the number of stolen cryptocurrencies from centralized services are still much higher. For example, as a result of the ​Kucoin hack,​ cryptocurrency was stolen in the equivalent of $275 million. DeFi hacks make up roughly 21% of the 2020 cryptocurrency hack and theft volume.

Nevertheless, hackers attack not just cryptocurrency platforms but also users. Every day, stories are published on the internet about how hackers stole a user’s cryptocurrency by gaining access to their wallet or exchange account. Some users have no idea how high the risk of hacking their account or wallet can be.

Described in this article are the five most popular ways users can lose their crypto.

Fake phishing websites

Phishing is a type of social engineering attack often used to steal user data, including mnemonic phrases, private keys and cryptocurrency platforms’ login credentials. Typically, phishing attacks make use of fraudulent emails that convince the user to enter sensitive information into a fraudulent website. The recipient is then tricked into clicking on a malicious link, which can lead to a phishing website or the installation of malware.

The simplest example of a successful phishing attack was t​he MyEtherWallet case​ from 2017. The cyber-criminals sent an email to the potential customer base of MyEtherWallet users and announced that they needed to synchronize their wallet to comply with the Ethereum hard fork. After clicking on the link, the user was taken to a phishing website that looked legit but contained an additional, barely noticeable character in the URL. Inattentive users entered their secret phrases, private keys and wallet passwords, thereby providing their data to attackers and losing their cryptocurrency.

The latest example of this was a successful ​attack on Ledger​ wallet users. The scam used a phishing email, directing users to a fake version of the Ledger website that substituted a homoglyph in the URL as in the previous case with MyEtherWallet. On the fake website, unsuspecting users were fooled into downloading malware posing as a security update, which then drained the balance from their Ledger wallet. From this example follows the conclusion that even hardware wallet users are not protected from phishing attacks.

Similar attacks were performed on cryptocurrency exchange users. That is, users would receive a letter with the link to a website that is identical to the original one but with a slightly modified URL. Thus, attackers steal usernames and passwords, and under certain conditions, they can steal cryptocurrency from an exchange wallet. Nevertheless, users have the opportunity to defend themselves even in a successful attack case, since exchanges offer additional protection tools.

API key theft

Some traders use trade automation tools called “trading bots.” With this type of software, a user must create API keys and allow certain permissions so that the bot can interact with their funds.

Commonly when a user creates an API key, the exchange asks for the following permissions.

  • View – allows viewing any data related to a user account, such as trading history, order history, withdrawal history, balance, certain user data, etc.
  • Trading – allows the placement and cancellation of orders.
  • Withdrawal – allows the withdrawal of funds.
  • IP whitelist – allows performance of any operations only from specified IP addresses.

For trading bot API keys, the exchange must have the view, trading and sometimes withdrawal permissions.

There are different ways for hackers to steal users’ API keys. For example, cyber-criminals often create malicious “high-profit” trading bots, available free of charge, to lure a user into entering their API keys. If the API key has the right to withdraw without IP restriction, hackers may instantly withdraw all cryptocurrency from the user’s balance.

According to the ​Binance official​ commentary, 7,000 Bitcoin hacks became possible after hackers gathered API keys, 2FA and other data.

Even without withdrawal permission, hackers may steal users’ cryptocurrency with a pump strategy, a certain low liquidity cryptocurrency trading pair. The most common examples of such attacks are t​he Viacoin pump​ and t​he Syscoin pump.​ Hackers have accumulated these cryptocurrencies and sold them at significantly overpriced rates during a pump using user funds.

Downloaded file exploits

There are a lot of zero-day and one-day exploits for Microsoft Word, Microsoft Excel and Adobe products that guarantee antivirus products will not detect malware and grant malicious actors full access to victim workstations and internal infrastructure.

Zero-day is a flaw in the software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term “zero-day” may refer to the vulnerability itself, or an attack that has zero days between the time in which the vulnerability is discovered and the first attack. Once a zero-day vulnerability has been made public, it is known as an “n-day,” or “one-day” vulnerability. After a vulnerability is detected in the software, the process of developing malicious code begins, using the detected vulnerability to infect individual computers or computer networks. The most well-known malware that exploits the zero-day vulnerability in software is the ​WannaCry ransomware​ worm, a virus that extorted bitcoins for decryption.

However, there are many other malware programs that may gain access to users’ cryptocurrency wallets, as well as cryptocurrency exchange applications using zero-day exploits. The most widely known case of such an attack in recent years was the ​WhatsApp exploit; as a result, attackers were able to collect data from users’ crypto wallets.

Malicious platforms

Due to the active growth of the market, DeFi scammers are constantly launching new projects that are almost exact clones of existing projects. After users invest in these projects, scammers simply transfer the users’ funds to their own wallets. The biggest exit scam of this kind to date is t​he YFDEX case ​in which intruders stole $20 million of users’ funds two days after the launch of the project. Such scams are common since in most cases, project team members are anonymous, and there are no legal obligations because platforms are not registered entities. Previously, such fraud was associated mainly with ICO projects.

Nevertheless, similar cases occurred with centralized platforms. For example, the QuadrigaCX case, when the founder of the centralized exchange died, leaving the platform unable to access its wallets and process withdrawal requests for over $171 million in client funds. As a result, only ​$30 million of lost funds can be repaid.​

Such cases arise all the time, so you need to carefully consider the platform before transferring your money.

Fake applications

Since the existence of cryptocurrencies, many fake applications of particular platforms or wallets have been created – a user completes a deposit to such an application and finds that the funds have disappeared. Intruders may create a copy of an existing application with malicious code or a new application for a platform that does not have an application – for example, the ​Poloniex case f​rom 2017.

Since most crypto wallets are open-source, anyone can create their own copy of the wallet and inject a malicious code there. Topics regarding such wallets often appear on cryptocurrency forums, for example, fake apps posing as Trust Wallet.

How to protect yourself from intruders

As explained above, criminals have various ways to steal user funds and data. We recommend adhering to the following in order to best protect yourself against intruders.

  1. Always check the domain from which you receive emails.
  2. Set up anti-phishing code, if platforms you use offer such features.
  3. Only deposit to exchanges with good reputations. You may check the exchange’s ratings using the following services – CoinGecko,​​ CER.live,​ ​CoinMarketCap, ​CryptoCompare,​ etc.
  4. Set up login IP whitelist, if platforms you use offer such features.
  5. Always research a crypto wallet before deciding to install it on your phone, even if it is ranked highly on your app store list.
  6. Set up IP restrictions for API keys.
  7. Do not invest in recently launched projects that don’t yet have any information about the team, investors, etc. During the DeFi hype, scammers launched dozens of scam projects in order to steal cryptocurrency from investors.
  8. Make sure you download documents and other files from a trusted source.
  9. Always perform regular security updates of your operating system.
  10. Download applications and corresponding updates only from official websites.

Conclusion

Along with the growth of the cryptocurrency market, new schemes continue to appear in hopes of stealing user funds and data. Users should be very careful about the emails and other notifications they receive.

In this article, we have described 10 points on how users can protect themselves from intruders. If you follow these measures, it will be difficult for hackers to steal your data or funds.

This article originally appeared on Hacken.


Zlata Parasochka is a tech writer and crypto believer. She also has her own blog on the Hacker Noon website. Her latest article can be found here.

 

Check Latest Headlines on HodlX

Follow Us on Twitter Facebook Telegram

Check out the Latest Industry Announcements
 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Alex Volot

Source: https://dailyhodl.com/2021/01/13/top-5-ways-criminals-steal-cryptocurrency-in-2020/

Blockchain

Circle K to Host Bitcoin ATMs Across its Convenience Stores

Published

on

Major bitcoin ATM operator Bitcoin Depot has inked a long-term partnership deal with convenience store chain Circle K to install Bitcoin kiosks in the United States and Canada.

Bitcoin Depot and Circle K Partner to Install Bitcoin ATMs

Bitcoin Depot announced the deal via a press release on Thursday (July 22, 2021). According to the company, there are more than 700 Bitcoin ATMs already installed in Circle K locations in 30 states across the U.S.

The partnership provides individuals with a more convenient way to purchase bitcoin, thereby encouraging widespread adoption of the flagship cryptocurrency. Bitcoin Depot already has over 3000 BTC ATM kiosks located in almost every state in the U.S. and also allows users to buy more than 30 cryptocurrencies, including BTC, ETH, and LTC.

Speaking on the latest development, Brandon Mintz, CEO of Bitcoin Depot, said that the partnership deal with Circle K enables the crypto ATM company to expand its services internationally. Mintz also said that the installation of the Bitcoin ATMs would grow the number of customers visiting the convenience store chain while providing financial access to “underserved communities.”

Circle K’s Senior Vice President Global Merchandise and Procurement, Denny Tewell, also made a statement, saying:


ADVERTISEMENT

“At Circle K, we are passionate about making our customers’ lives a little easier every day, and we are continually looking at ways to enhance their experience in our stores and be their favorite shop for a growing range of needs and occasions.”

Tewell  added:

“Our partnership with Bitcoin Depot further builds on this commitment, giving our brand an important, early presence in the fast-growing cryptocurrency marketplace as a convenient destination where customers can buy Bitcoin.”

Bitcoin ATMs Continue Exponential Growth

The growth of crypto ATMs globally signals an increasing demand for bitcoin and other cryptocurrency assets. According to data from Coin ATM Radar, there are currently 23,915 crypto ATMs in 75 countries, up from 11,665 ATMs recorded in November 2020. This shows that the number of machines has more than doubled in eight months.

Statistics further show that the United States continues to lead with over 21,000 Bitcoin ATM locations, controlling more than 86% of the market. Canada comes second with BTC ATMs installations in 1696 locations, amounting to 6.8% of the world total.

SPECIAL OFFER (Sponsored)

Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to get 50% free bonus on any deposit up to 1 BTC.

You Might Also Like:


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.

Click here to access.

Source: https://cryptopotato.com/circle-k-to-host-bitcoin-atms-across-its-convenience-stores/

Continue Reading

Blockchain

Jack Dorsey Sees Bitcoin as a Big Part of Twitter’s Future

Published

on

Jack Dorsey, the CEO of Twitter – one of the largest social media platforms on Earth – said that Bitcoin will be a big part of the company’s future.

  • Yesterday, July 22nd, Twitter published its Q2 2021 letter to shareholders, as well as its Q2 Earnings Conference Call.
  • During the call, Jack Dorsey discussed many things, but Bitcoin and digital currencies took somewhat of a central stage, especially in light of current events and the fact that he’s been talking about it quite a bit.

I think this [read: Bitcoin] has a big part of our future. I think there’s a lot of innovation above just currency to be had, especially as we think about decentralizing social media more and providing more economic incentive. So I think it’s hugely important to Twitter and to Twitter shareholders that we continue to look at the space and invest aggressively in it. – Said Dorsey.

  • He also stressed on the fact that if there were a global currency of the Internet, Twitter would benefit a lot because it could move quickly with some of its products such as the Tip Jar, Subscription, Commerce, Super Follows, and so forth.
  • The CEO has been quite vocal about the importance of Bitcoin and its mass adoption.
  • Earlier, as reported by CryptoPotato, the CEO revealed that his financial services company, Square, plans to build a hardware Bitcoin wallet to improve and spread its adoption.
SPECIAL OFFER (Sponsored)

Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to get 50% free bonus on any deposit up to 1 BTC.

You Might Also Like:


PlatoAi. Web3 Reimagined. Data Intelligence Amplified.

Click here to access.

Source: https://cryptopotato.com/jack-dorsey-sees-bitcoin-as-a-big-part-of-twitters-future/

Continue Reading

Blockchain

‘Wolf Of Wall Street’ Jordan Belfort: Elon Musk Is Filthy Rich To Pump And Dump Bitcoin

Published

on

Binance CEO CZ Lambasts Tesla CEO Elon Musk For 'Irresponsibly' Manipulating The Crypto Market

Advertisement &  & 

Jordan Ross Belfort, best known as the “Wolf of Wall Street” portrayed by Leonardo DiCaprio, doesn’t believe that Tesla/SpaceX CEO Elon Musk really manipulates crypto prices contrary to countless claims.  

Speaking with Fox Business on Thursday, Belfort posited that Musk is stinking rich to be pumping and dumping dogecoin, bitcoin, or other cryptocurrencies in order to make a quick buck off of it. 

“I like Elon Musk and I think he’s rich enough. He doesn’t have to make an extra few dollars pumping and dumping.”

Jordan Belfort, the former Wall Street penny-stock broker who pleaded guilty to stock market fraud in 1999, explained that while Musk himself might not be pumping and dumping, traders might be using his endorsement and they pump and dump around the hype that the billionaire tycoon creates.

Musk, famous for his odd-timed tweets, has constantly been accused of being a master manipulator. Notably, his tweets on major cryptocurrencies like DOGE and BTC, have sent their prices up and down within seconds.

Advertisement &  & 

At The B Word conference held on Wednesday, Musk shared details of the three cryptocurrencies that he personally owns as well as the cryptos held by his two companies. He also admitted that he might occasionally pump crypto prices, but he doesn’t dump. “If the price of bitcoin goes down, I lose money,” Musk explained.

The Tesla chief went on to state that he is interested in seeing bitcoin succeed — not just getting the price high and cashing out at higher prices.

Belfort, however, maintains that Musk is most likely “inadvertently being used” to pump and dump cryptocurrencies. 

Belfort Is Hoping Bitcoin Price Rips Lower

During his interview, Belfort also affirmed that he is invested in bitcoin (BTC), and ethereum (ETH) and is in it for the long haul. In fact, he hopes the price of the bellwether cryptocurrency falls again to as low as $5K per coin so that he can grab some more.

“I would love it to go lower because I’m a long-term investor so I don’t care if it goes up or down in the short term. I would love it to go back to $5000 and buy a ton of it here and that would be a great thing.”

This image has an empty alt attribute; its file name is a0l8zUyF.png
BTCUSD Chart By TradingView

At the time of publication, the bitcoin price is in the process of attempting a sustained breakout above $32,400 where the price has been hovering for 48 hours or so.

The Wall Street criminal-turned-author also noted that no one actually knows where the price of bitcoin goes next and if anyone says they do, they are definitely lying.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.

Click here to access.

Source: https://zycrypto.com/wolf-of-wall-street-jordan-belfort-elon-musk-is-filthy-rich-to-pump-and-dump-bitcoin/

Continue Reading
Uncategorized2 days ago

BNY Mellon Adds to Crypto Activity with Pure Digital Bet

Blockchain4 days ago

How to Unlock Inazuma in Genshin Impact 2.0?

Blockchain3 days ago

NexWEB Technologies Chooses Butterfly Protocol for Powering its Blockchain Domain-Based NFT Platform

Uncategorized4 days ago

BlockFI ordered to stop onboarding New Jersey-based customers

Blockchain3 days ago

Cardano: If you’re a high-risk trader, this step is for you

Blockchain3 days ago

XRP Lawsuit update: SEC Commissioners’ ‘gift’ to Ripple might have this effect

Blockchain4 days ago

Polygon Unveils New Blockchain Gaming and NFT Division

Uncategorized3 days ago

Social NFT platform DeFine raises $5M from Asian investors

Uncategorized4 days ago

Bitcoin drops below $30,000 for the first time in four weeks.

Blockchain3 days ago

Anthony Di Lorio To Leave Cryptocurrency Space For Philanthropic Initiatives

Blockchain4 days ago

Robinhood Says Low Crypto Trading Activity Could Cause Revenue Decline in Q3 2021

Uncategorized3 days ago

New EU proposal looks to tighten regulations for sending cryptocurrency

Blockchain4 days ago

Warzone Loadouts Are Changing in Season 4 Because of Dead Silence

Blockchain4 days ago

How To Watch $50K Warzone Cracked Creators Qualifier 1

Uncategorized4 days ago

TA: Ethereum Breaks Key Support, Why ETH Could Tumble To $1,500

Uncategorized2 days ago

Record network activity and a second NFT boom send WAX price higher

Blockchain3 days ago

EOS, MATIC, DASH Price Analysis: 20 July

Blockchain4 days ago

UBS Fined $8 Million over Compliance Failures in ETP Sale

Uncategorized3 days ago

Bitcoin bull outlines 7 steps to more fiscal stimulus and higher BTC prices

Blockchain4 days ago

U.S. Senators Warn Over China’s Digital Yuan Use at Beijing Olympics

Trending