Why is cybersecurity such a huge challenge, and what can we do to help protect our data and crypto from threats?
It’s becoming more difficult for enterprises and individuals to stay safe online. The website Information is Beautiful has an impressive visualization titled the “World’s Biggest Data Breaches & Hacks,” which shows the rapidly growing extent of the problem. The number of incidents is increasing year on year, and the size of the attacks is also growing.
[Read now: Top 5 Altcoins to Buy in 2021]
Facebook and Twitter feature among the most significant breaches of recent years, along with Microsoft, Experian, and Marriott International. But even governments aren’t exempt. For example, India suffered a large leak of data from its Aadhaar database in 2018, which held citizen’s biometric and other identity data.
What do hackers do with all this stolen data? Most often, it’s sold on the dark web. Depending on the type of data, it may be used to hack individual user accounts to distribute spam or, worse, malware to a user’s devices and contacts. Data may also be used to set up fake identities so people can carry out criminal acts.
If a hacker can penetrate bank or payment accounts, then there’s a direct financial consequence for the victim, and the same is true with cryptocurrencies. Account details for banks, exchanges, or wallets are every bit as tempting to a hacker as a wallet packed full of twenties is to a city center pickpocket.
Cryptocurrencies, in particular, are an attractive asset to hackers. Blockchain security firm Slowmist estimates that nearly $15 billion worth of cryptocurrencies has been lost to blockchain hackers in over 400 events. Around one-third of this has been lost from exchanges, which are magnets for sophisticated fraudsters operating as part of criminal gangs such as the Lazarus Group, a cybercrime syndicate linked to North Korea.
The Lazarus Group is thought to be behind the biggest hack of 2020 (and the third-largest of all time). The $275 million lifted from KuCoin by the gang accounts for around half of all cryptocurrencies stolen in 2020. Moreover, the group also used DeFi platforms to launder some of its stolen funds for the first time.
Crypto exchanges aren’t even the worst hit by hackers, according to SlowMist. Over half of the total lost, $7.7 billion worth of digital assets, has gone missing from individual user wallets. A notable incident occurred in December 2020, when an attacker managed to steal NXM tokens worth nearly $8 million from the founder of DeFi insurance protocol Nexus Mutual.
Or, there have also been instances where hackers have managed to exploit a weakness in both hardware and software wallets, enabling them to access many user’s wallets simultaneously. For example, in June last year, Ledger users were targeted in a phishing attack directing them to a fake Ledger website, which told them to download a “security update” for their device. In this instance, users lost a collective total of 1.15 million XRP, worth $230,000 at the time.
But don’t panic. It’s important to remember that many hackers and online attackers are opportunists, and there are plenty of ways that you can decrease your chances of getting caught in a cyber trap.
Forewarned is forearmed, and, in the case of cybersecurity, it’s worth knowing what kind of tricks and tactics fraudsters use so you can avoid them.
Malware is a general term used to describe any program installed on your computer designed to do damage. Most often, the damage is financial. Like the 2017 Wannacry incident, ransomware attacks will lock users (and entire companies) out of their computers and servers and demand a ransom payment in cryptocurrency to unblock access.
Spyware is another form of malware designed to run invisibly on your devices and will log information such as keystrokes in an attempt to detect passwords or private keys.
Most antivirus software providers also offer malware detection and removal programs, so always go the extra mile to ensure your devices are protected. For an additional layer of protection, you could also consider configuring a private DNS and firewall or use a VPN to mask your online activities. Finally, don’t share devices, and make sure your device asks for a password when someone attempts to install or remove new programs.
Malware hackers also often exploit bugs and vulnerabilities in out-of-date versions of software. So always update to the most recent version of any program or application on your phone, tablet, laptop, or desktop.
FBI data shows that phishing was the most common type of cybercrime in 2020, with incidents almost doubled in frequency compared to 2019.
Typically, users will receive an email or phone call from someone purporting to be from a particular company—often a big brand such as Amazon or a telecommunications provider—as a way of getting them to reveal personal account details.
Phishing may also come hand-in-hand with another tactic known as typosquatting. Fraudsters will set up a domain name that looks similar to a well-known website, such as facebo0k.com. The site may also imitate the look and feel of the original site, but is designed to get you to enter account details, credit card information, or other sensitive information.
Vigilance is critical to protect against these kinds of attacks. Pay close attention to web addresses and use bookmarked sites rather than typing web addresses to ensure that you’re accessing the genuine link. Always be wary of links included in emails or social media.
Never, ever give out passwords or sensitive information to anyone. Reputable online services, including banks and payment firms, will never require your password for any purpose.
Cybersecurity is a game of cat-and-mouse, where the cybersecurity industry comes up with new ways to keep data and funds secure, and attackers inevitably find a way around the defenses. SIM swapping is a prime example of this in action.
Two-factor authentication (2FA) arose as an additional layer of security. Some 2FA use authenticator apps such as Google’s to generate a code, but other services also send an SMS code to users’ phones.
SIM swapping emerged as hackers attempted to find a way to get their hands on this coveted SMS code. The hacker calls the cellphone company pretending to be the victim and asking for their phone number to be reassigned to another SIM. In 2019, attackers launched a series of SIM swapping attacks on cryptocurrency users to access their funds.
Where possible, use apps like Google Authenticator to protect your accounts. Ideally, switch on your phone’s biometric identification feature to access the apps, and always keep your phone safe and with you at all times.
Make sure you follow good hygiene measures to keep exchange accounts secure. These include choosing unique passwords of at least ten mixed alphanumeric characters that are difficult to guess, enabling 2FA authentication, and using a secure, encrypted password manager to store your passwords safely. Password managers will also often generate passwords for you, making it easy to ensure they’re truly random and hard to guess.
Importantly, never keep your private keys anywhere online. One cryptocurrency user lost $25,000 worth of ETH when he made the mistake of storing his private key in an unsent draft of an email in his Gmail account. If it’s online or in the cloud, then you might as well consider it as public information.
Some users choose to write their private keys down on paper, while others use embossed metal. Keeping it secure against physical theft may mean using a safe or a bank safe deposit box. You could also choose to use multiple wallets as a way of distributing the risk.
While these measures can’t guarantee that you and your crypto will stay safe online, they can go a long way towards helping you avoid becoming an obvious target.
We can all do our bit to foil the hackers by staying vigilant and implementing some basic precautions.
The “double-spend” problem is one of the many pieces of jargon that often seems confusing to anyone unfamiliar with cryptocurrencies because it doesn’t exist in traditional finance. Understanding the double-spend problem and how Bitcoin solves it is key.
What is a CEX? What is a DEX? Centralized Exchanges (CEXs) and Decentralized Exchanges (DEXs) are different types of cryptocurrency exchanges. What's the difference? And which is best for you?