Do you own or are you thinking of buying bitcoin? Find out the common methods hackers use to steal cryptocurrency and the steps you can take to protect your cryptocurrency wallet.
Stories such as hackers hijacking computers to generate digital coins, a recent $530 million cyber heist, and the 1200% increase of cryptojacking incidents in the UK have become common headlines. News like this has caused some volatility in cryptocurrency and some fear that it is not secure; it is highly worthwhile to understand the common methods criminals use to steal it and what you can do to protect your investment.
How are Cryptocurrencies Secured
When you purchase a digital coin, it is secured with two keys: a public and private key. You can visualize the public key as a locked vault where your coin is stored, and the vault can only be unlocked with the private key; it is the only way to access the digital asset. Andrew McDonnell, president of AsTech says, “If that key is compromised, the attackers can send all of the victim’s bitcoin to themselves or an intermediary, or simply delete the key and digitally eliminate the bitcoin…Without the private key, as there is no central bitcoin authority by design, there is no way to claim ownership of a set of bitcoin.”
Cryptocurrencies use blockchain technology to track the order of transactions so that each bitcoin transaction is unique and coins cannot be double-spent. Because of this technology, retrieving stolen currency is not possible, highlighting the importance of exchanging and storing cryptocurrency securely.
Your Cryptocurrency Wallet
There are two options for storing your digital coins: with an online service or by installing a wallet application yourself. When buying cryptocurrency, most investors choose to store their coins with services such as Coinbase because they rely on the security features built into bitcoin
Using an online service is more convenient, although, most bitcoin are stolen from online services, targeted because of the concentration of cryptocurrency accounts all in one location. So while choosing to install your own wallet adds some inconvenience, it can be the most secure way to store your cryptocurrency.
However even with this method, your wallet application can be ‘hot’, meaning it is by default connected to the Internet at all times and less secure because a connection to the Internet provides an opportunity for hackers to access it. The most secure option is creating a ‘cold’ offline wallet to store your assets. You can store your wallet’s private key offline on paper, a hard drive, or USB stick. If you choose to store offline, be sure not to lose the private key, since losing the key means you’ve lost your bitcoin.
Obtaining the private key is a sure way to steal digital coins, and your top concern is to protect your assets from these attacks.
- Stealing an Exposed Private Key – If you choose to manage a private wallet, you are ultimately responsible for securing your key. If you store your key in your email, cloud storage, or some other online space, a hacker can gain access to that location, steal your key, and consequently steal any cryptocurrency linked to that key. To protect yourself from this attack, the most secure way to store your private key is to write it down or store it on a USB stick and store in a physically secure place offline.
- Hacking Bitcoin Mining Pools and Exchanges – If you use an online service, you don’t have to worry about remembering and securing a public and private key, just your username and password to login to your account. However, now hackers can access your keys and steal your bitcoins by obtaining your login credentials to the online exchange. You can avoid this vulnerability by securing your storage service account with two-factor authentication.
- A Hacker Impersonates a Bitcoin Recipient – Hackers can impersonate the company with a fake website and persuade investors to send funds to a different bitcoin wallet. Once the bitcoin is sent, there is no recovering it, and both the company and investor lose their bitcoin. Protect your transaction when transferring cryptocurrency funds to someone by confirming the wallet address is genuine.
- You Rely on an Insecure Third Party – When using an online service, the security of your cryptocurrency is only as good as the security they have in place to protect your assets. Research the cryptocurrency companies available and choose a reputable company that has enabled strong security practices.
- The Exit Scam – A company offers a bitcoin-related service where customers maintain an account in bitcoin. Then with no warning the company vanishes, often claiming to have been hacked. The company pulled an exit scam and has disappeared with their clients’ bitcoin. These exit scams are often associated with fly-by-night crypto investment ventures so stick with reputable companies.
These same hacking techniques are being used on businesses every day, and can be used to attack other assets, not just cryptocurrency. Organizations like Cyberint understand, track, analyze, and are constantly studying these attack methods as well as other current cyber threats. Don’t wait for a cyber event to happen to you; take the steps needed to prevent them from happening.