7 Ways that can be stolen from your criptomonedas
7 Ways that can be stolen from your criptomonedas
The possibilities of theft are regrettably numerous. And in this case, since the criptomonedas are digital assets and more difficult to track than the typical payment systems, they constitute an excellent bait for hackers from all over the world, who undoubtedly have found several methods to be able to steal a few criptomonedas without having That leave the house. Here are seven of these methods and how to defend yourself.
RANSOMWARE
This is perhaps the most popular because it is easy and cost effective. Once the victim is affected, this virus encrypts all the files on the computer and, in order to return them, requests a rescue in Bitcoin, Litecoin or Monero that varies according to the hacker's desire.
Many typical ransomwares, even, are on sale in the Deep Web, so in fact anyone can buy their own platform to spread it. Up to $ 500,000 in crypto-coins have been requested for ransom, so this virus is no joke.
To avoid this, you have to know how you can get to your computer or smart device: most of them come by email, hidden in attachments and unknown links that should not be opened. However there are other variants, such as the ImageGate, which is attached to images of social networks allegedly sent by a friend, and targeted attacks, where hackers focus on a specific target. To access the systems chosen in the latter case, they may spend weeks trying to find a weak server or sending false mail until their victim falls.
In conclusion, in order to protect against ransomware, attachments, images or links should not be opened in untrusted emails or suspicious messages on social networks. You must keep backups of all data, updated servers and change all the default credentials of any device.
PHISHING
It is, basically, cheeky cheating. It consists of the creation of web pages and emails with format, logos and images identical to those of real organizations and companies in order to request (and steal) the credentials of users, which in many cases also involves stealing their funds. This method is widely used to access third-party bank accounts, but it has also been widely seen in the world of cryptones. A good example of this was given earlier this year, when it was circulating - not for the first time - a false mail that allegedly came from the Coinbase exchange house.
On the other hand, according to Cisco, the increase in phishing aimed at stealing online wallet credentials tends to come from Bitcoin's price increase. Fortunately, to avoid it, just pay attention: the imitations are never completely accurate, there is always something out of place, especially as far as the URL is concerned. When it comes to granting sensitive data, you have to make sure that it is the official URL, without more or less characters.
KEYLOGGERS
They are programs that, once installed in the computer, detect the keystrokes and the mouse at the right time to find out the passwords, although sometimes they are also able to search the information stored on the disk and the browser - such as cache and The portfolios - to achieve this. They are usually acquired through phishing, as we saw in February of this year, when a spam mail began circulating where a false bank notification is made to the victim with the intention that, when clicking the link, the keylogger is downloaded in Your computer and find out your credentials.
To combat them, you also have to pay close attention to emails, where they usually arrive. In addition, it is worth changing passwords and credentials frequently, even if the change is only one character.
RATS (REMOTE ACESS TROJANS)
Remote access Trojans, better known as "rats" can be a real nightmare for the victim and a masterpiece for the hacker. If they get installed on a computer, it literally will be as if it had been stolen, because (depending on the type of "rat") the hacker will be able to control any remote function, such as if he had the PC in his hands. This way, you can from a simple joke like open and close the CD port, activate sounds and change wallpapers, delete files, send messages, use private accounts, install applications and, of course, steal passwords and Use unprotected cold wallets. Creepy, right?
Again, the most popular distribution method is junk e-mail, so no attachments or links from unknown e-mails should ever be opened. But in addition rats are also hidden in files shared by P2P programs and downloads of non-certified programs. For example, a Windows application called Bitcoin Alarm was circulating in 2013, which allegedly warned of changes in the price of cryptones, but was actually intended to steal the BTCs from the unfortunates who installed it, A RAT.
Now, it should be mentioned that all listed so far can be avoided, mostly, keeping a good antivirus and Firewall active.
HOUSES OF EXCHANGE AND MARKETS
Exchange houses are exchange houses and not wallets for some reason. At least they should not be taken as wallets, since everything on the line is susceptible to being hacked, and worse, when you entrust your criptomonedas to a house of exchange, these criptomonedas, technically, are no longer yours. You lose control over them, from being decentralized to being centralized on the platform of that company, whose obligation to you is often limited to ethics and mutual benefit. But that is another story that will be discussed later.
As for hacks, it must be said that the platforms of the bureaux de change and different online markets have been shown to have many weaknesses at the computer level, so that, for hackers, they are a very easy target to steal. The great example of this is Bitfinex, one of the most popular indeed, from which 120,000 BTCs were extracted last year; Amount that just finished reimbursing its customers recently. But, of course, it is not the only one. ShapeShift, Gatecoin and Bitstamp were also stolen in the same way.
In addition, online markets that accept deposits in criptomonedas are also susceptible to hacking. A recent example of this is AlphaBay, which a white hat hacker warned about the presence of a bug in their systems that allowed him to access more than 200,000 private messages. Fortunately, there are still these types of hackers, who are dedicated to finding weaknesses to warn administrators.
Concluding: it is not advisable to leave funds stored in exchange offices and online markets. Always keep them on your personal device.
TELEPHONE AUTHENTICATION
Two-factor authentication was designed to add security to online accounts. In this way, the user must not only enter his password, but a code that is sent to his mobile phone via SMS. And in this way, forgotten passwords can also be recovered, simply enter the phone number and wait for the server to respond. Who would have thought this would become a weapon to hackers?
But they did, when they discovered that some telephone companies have such weak security that they can supplant the identity of their customers without too much difficulty. So the shift hacker only has to call the company, request that they transfer their number to another company and use two-factor authentication to reset all passwords, including emails that are used for financial services such as the trading of cryptones . In August of last year Jered Kenna, a Colombian citizen, lost millions of dollars in bitcoins because of this trick.
From this perspective, it does not seem advisable to use two-factor authentication. However, it can still serve as an extra layer of security if the telephone company has appropriate identification measures.
BUGS IN INTELLIGENT CONTRACTS
Smart contracts have become a second revolution after Bitcoin, as shown by Ethereum, the main platform that facilitates this type of contract, to continue in second place in the market for cryptones. They are useful for, virtually, anything. But it must be admitted that they are still in development, so their security is not inviolable. A minimal error in their programming is an open door wide for hackers, who can enter and steal all the cryptones that are stored there.
The DAO event last year, which actually led to Ethereum's split into two, is the biggest proof that smart contracts are still halfway: $ 60 million stolen thanks to a weakness in the contract is not something easy To ignore, especially when catching the culprit (s) is virtually impossible.
In this case, it is best to adhere to a reliable platform to use smart contracts. Some applications, in fact, specify in their White Papers what their security enhancements will be in this respect and how they would prevent funds from being stolen or retrieved should they be. Ethereum, after all, made his fork to recover the millions of dollars stolen.
EXTRA FOR NO-HACKERS: STEALING THE PRIVATE KEY AND STATING
In addition to the many possible hacks to steal the criptomonedas, other criminals prefer to use much less technical but equally effective methods. The simplest of them is, perhaps, to steal the private key of the wallet that surely you wrote / saved somewhere next to the 12 words of recovery, if your wallet offers that alternative. Remember that this is the key to your own vault, and whoever has it will control the funds in it, so it is highly recommended that you keep it in a safe place that you remember too, because you should not lose it either.
Another method to steal cryptomonedas in a big way are the various types of scams. We mentioned earlier that in exchange houses and markets the funds are no longer controlled by you and their obligation is often limited to ethics. So in fact there is the possibility that managers will run away with funds, as happened with Mt. Gox, Cryptsy and, more recently, Bitcurex. Unfortunately it is a common practice, and the only possible defense is to ensure that the exchange house is reliable and responds to its users. Some of them, such as Coinbase and Bitstamp, are officially regulated, so funds should be safe in that respect.
Kryptonite sources
Follow me