As cryptocurrencies gain their popularity, they drive more and more attention of miners all over the world. Sadly, hackers do neglect crypto as well. They are constantly developing new, keep means of stealing money. Even the most popular, well-developed, fancy exchanges have no 100% guarantees for safety. As an example: Youbit, NiceHash, and the most scandalous of all Coincheck.
Means of crypto criminals
Nowadays there are probably a lot of methods to steal crypto. We have come up with the list if the most popular ones.
You have seen this abbreviation in the news DDoS, which is short for Distributed Denial of Service. You could have seen this on the main pages of the exchanges and crypto platform, everyone is now familiar with this technology and tries to protect the money of the customers from being taken away this way.
Plotters channel fake traffic, that comes from several sources onto the services to overload them and make it collapse. Platforms suffer not only from direct consequences like stealing but also from indirect ones. In case service is down for a significant period clients stop using it. Bitfinex has somehow managed to survive this kind of attack in 2017.
Almost every platform is susceptible to Cross-Site Scripting. Due to finding vulnerabilities, hackers implement hostile code on the web page that channels readers on other web sites. This way plotters deploy stealer-viruses on trader’s laptops and steal the crypto-wallets keys.
- Configuration vulnerabilities
Some exchanges do not have HTTPS-headers (HyperText Transfer Protocol Secure), which increase a website's safety from attacks. When hackers find a platform without this header, they know that this might be a loop for them.
- Smart contracts vulnerabilities
Hackers seek from vulnerabilities or mistakes in the code of smart contracts and use it no crack it. This way they can perform not only targeted attacks, but also a mass one, on a lot of wallets in case they have similar mistakes in them.
This is a kind of scam that is based on the bases of social engineering. Firstly, they create almost an identical copy of the companies website.
Then, they send out spam emails that look like the one that the actual company could send out. All the logotypes, first and last names are the same. This message informs customers that either due to some technical works or hackers attack they have to confirm or change login info. After the user clicks on the hyperlink inserted in this email – all of the data channels on the fake web page and is stoled this way.
Protection against hackers and scammers
Do not start panicking! There is still something that you can do to minimize the risks of being robbed. Auditing of internal and external risks, constant monitoring of users' activity and their usage of expert recommendations can help. There are even international standards that comprise all of the recommendations. For example, CobiT (Control Objectives for Information and related Technology).
One of the basics of blockchain is the usage of Smart Contracts. It also has to be audited due to standard protocols. To protect their clients, platforms and exchanges use 2FA and so-called cold servers. Some even require copies of the IDs.
There are also AML (anti-money laundering) and KYC (know your customer) regulations that almost all the platform implement.
Even though blockchain is not perfect and it can be hacked, the risks of that happening are slimmer than of your bank being robbed. Moreover, users have a right to demand their money back in cases of proven hacker attacks.