According to an article published in the Financial Times on July 11, a large number of hackers are purportedly shifting their aims as they move away from targeting exchanges and instead are moving onto phishing attacks and other confidence scams against new cryptocurrency users. New cryptocurrency users often do not have a strong understanding of how to secure their coins and tokens, and thus are much more vulnerable to attack.
Most Exchanges Tightening Up Security
These days it seems like we don’t go for a single month in the crypto new cycle without hearing of an exchange getting hacked and losing tens or even hundreds of millions of dollars in one single heist. But exchanges are not stupid, and they are taking this threat seriously for the first time.
For example, most of the major exchanges today like Binance and Coinbase have been comparatively hack-free and their users have not suffered losses as a result. The majority of exchanges that are being hacked successfully tend to be smaller ones that serve niche markets such as the South Korean exchanges that are a popular target, and the Italian exchange BitGrail which lost between $170 million and $190 million.
With the big players finally doing things right and keeping assets comparatively more secure, what are hackers to do? Will they just give up and move on? Apparently not, as a new and still highly lucrative target has appeared.
Crypto Newbies Make Ideal Targets
One major point about cryptocurrencies is that are very different from interacting with banks. With a bank, if your credit card is stolen, in most cases you are usually not liable for any fraudulent charges. Likewise if someone robs a bank directly, money will practically never be taken out of your own account to make up for the loss.
Things are very different in the cryptocurrency world, however. For the most part, when it comes to crypto, you are on your own. That means if you fall for a phishing scam, get your private keys stolen, or incur any loss, there is no one who can help you. Your money is gone.
What’s unfortunate is that many people new to cryptocurrency don’t seem to realize that this is how it works. And not only that, but it works that way on purpose.
Because of this, a number of new cryptocurrency investors have fallen victim to various types of thefts and fraud, costing them a fortune collectively.
Types of Attacks
Before we get into how the hackers are robbing the newbies, the good news is that as long as you follow standard security procedures with your crypto, you are still safe from these forms of attack. No hacker has discovered how to compute private keys from a public address, and no major wallet programs or hardware wallets have been hacked.
Instead, what’s happening here is attacks based on tricking people. So without further ado, let’s begin.
Phishing attacks have been around for decades, or maybe even longer. The basic idea of a phishing attack is to convince someone that you are an authority or an official figure when you’re really not. Once the victim is sufficiently fooled, they will then give you their login credentials, private keys, and so on.
In this recent wave of attacks against individuals, phishing has been by far the most common.
The phishing attacks have appeared in a few different forms. One of the most dangerous ones has been where thieves will make great efforts to have their false duplicate page that looks like a cryptocurrency exchange appear high on search engine results.
In the past, this was done by taking out advertisements on search engines like Google, but since Google has mostly put an end to that, the thieves are trying other methods to get you to enter your credentials into their fake sites so that they can empty your accounts.
One inventive attacker made a fake version of Binance with a look-alike web address which appeared to spell out the correct URL. But on closer inspection, one can see small dots appearing below a few of the letters, indicating that they are in fact pointing to a different IP address entirely.
Another even more sophisticated attack targeted MyEtherWallet in April of this year by changing a Google DNS server to point to a false attackers site instead of the real site.
The second major attack vector we’re going to discuss in this article are simply classic con games. That is, convincing someone to send you cryptocurrency under false pretenses and then disappearing with the money.
One example is the Telegram ICO scam. In this scam, attackers will create look-alike accounts that appear to be chat admins. These look-alike accounts will message everyone who joins the chat and try to convince them to “invest” in the ICO by sending funds to an address controlled by the thief.
Another incredibly virulent attack is the infamous Ether giveaway scam on Twitter. For information about how that attack works, read our article on the subject here.
How Can You Protect Yourself From Attack?
It’s fairly easy to protect yourself from these kind of attacks, and all it usually requires is a little bit of precaution and a degree of heightened awareness when interacting with services like exchanges and wallets.
To avoid phishing, it is recommended that you do two things.
First, that you only access exchanges or online wallet services by typing in the URL manually yourself, or by visiting the correct address once and then bookmarking it and only using that bookmark.
Secondly, it’s important to make sure that you check the website’s registration details which will appear in most modern browsers like chrome and Firefox to the left of the URL. This information is not correct look suspicious, then you are on a phishing site. There are also some add-ons that can be helpful, but the above two methods should be enough for most people.
MyEtherWallet.com showing correct registration details, indicating its the real site
Luckily, confidence scams are the easiest to avoid.
Simply put, don’t send cryptocurrency of any kind to anyone for any reason unless you know exactly who you’re sending it to and why. No one in their right mind, and no company with any business sense is going to be giving away cryptocurrency that has any value for free.
Some Examples of the Ethereum Twitter Scam, Images from Twitter
That means no one is doing free Ether or bitcoin giveaways. Some projects do airdrops, however, but they never require you to send cryptocurrency somewhere in order to register. Real airdrops always happen automatically and require no upfront payment or deposits of any kind.
Wrapping Things Up
The key lesson to remember here is that when you’re using cryptocurrency, it’s up to you and you alone to ensure that your assets are safe. There is no bank, government, or authority figure that can step in and save you from your own ignorance. That’s why it’s important to stay smart, stay cautious, and use readily available security tools to keep yourself safe.