Bleeping Computer, a computer help site founded by Lawrence Abrams, just revealed that there are unknown and unwanted activities targeting and defeating 2.3 million Bitcoin wallets online. The report was made public in the early of July, proving that many assets are under the threat of being hacked.
The attackers, according to the site, used malware known as “clipboard hijackers”. This tool operates in the clipboard and can most probably replace the copied wallet address with another. At present, this method is one of the most widespread types of attacks targeting a user’s information or money; it comprised 20% of the total number of malware attacks. Taking that on board, here is a list of tools hackers use to steal cryptocurrencies, along with tips on how to protect your wallets against such threats.
Smartphone Applications From Google and Apple
- Avoid impulsive installing of mobile apps
- Always Enable 2FA Authentication
- Check the official link of the application
Smartphone users unfamiliar with security protection are the most common victims of hacking. To avoid this, always make sure that the applications available on Google Play and Apple store are equipped with information about the official website or its creators and have a Two Factor Authentication (2FA). These hackers have ways to add hidden miners on their crypto-related applications.
Bots Apps For Slack
- Report and block Slack-Bots
- Avoid or ignore bots’ activities
- Protect the Slack-channel or install antivirus
Last 2017, hackers developed Slack bots to penetrate crypto wallets. They became the fastest-growing corporate messenger. These bots cleverly notify users about problems with their cryptocurrencies, forcing them to click a forbidden link and enter their private keys.
Crypto-trading Add-Ons
- Open an incognito browser for crypto-operations
- Don’t download crypto add-ons
- Don’t use your personal gadgets for crypto-trading
Browser extensions can make browsing sessions easier, but some JavaScript add-ons are extremely vulnerable to hacking attacks; they can be used for hidden mining and other illegal operations. Therefore, as much as possible, use familiar devices when trading cryptocurrency; or use a new incognito browser within the same device.
SMS Authentication
- Switch-off Call Forwarding
- Change or Give up 2FA via SMS once the password is sent
SMS or mobile authentication is the fastest and easiest way to verify a person’s account, but it was reported that SMS with a password confirmation can easily transmit worldwide by the Signaling System 7 (SS7) protocol. Advanced hackers are then able to hijack text messages using a research tool even if the user’s 2FA is enabled.
Private And Public Wifi
- Don’t access your wallet through public wifi
- Regularly update the firmware of your home wifi
The Wi-Fi Protected Access (WPA) protocol is vulnerable. Since you always connect and reconnect with private and public wifi routers, hackers can download or send information through your network. The most vulnerable public areas include railway stations, airports, hotels, and malls. As much as possible, make transactions on private and regularly update your router’s firmware.
Sites-clones and phishing
- Don’t access crypto-sites without HTTPS protocol
- Customize your Chrome extension
- Compare messages and addresses from the crypto-site to the original site
One of the oldest hacking methods is the “dotcom revolution”, and it remains relevant up until today. The cryptocurrency websites people access online may allow attackers to create full copies of the original sites on domains that are nearly identical. This may lure victims to clone-sites and force them to enter their account, password, and encrypted keys.
