Login
In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk. Huge cryptohacking events dominate the headlines, leaving us to wonder: Is cryptocurrency losing its credibility?
In this article, you’ll learn about recent unfortunate crypto hacks and a few cryptocurrency security tips to help you avoid a similar misfortune.
A crypto wallet is the software or the physical device that stores the public and private keys to your cryptocurrency. A public key is the string of letters and numbers that people swap with each other in crypto transactions. It’s ok to share a public key with someone you trust. Your private key, however, must remain private — think of it like the password that secures your online bank account. Just like your actual wallet, if it falls into the wrong hands, you can lose a lot of money.
A malware called Mars Stealer infiltrated several crypto wallet browser extensions, including the popular MetaMask. The malware stole private keys and then erased its tracks to mask that it had ever gained entry to the wallet.1
One way to completely avoid a breach to your software crypto wallet is to opt for a hardware wallet. A hardware wallet is a physical device that can only be opened with a PIN. But there is some risk involved with a hardware wallet: if you drop it down the drain, all your crypto is gone. If you forget your wallet PIN, there is no customer service chatbot that can help you remember it. You are solely responsible for keeping track of it. For those who are confident in their hardware’s hiding spot and their personal organizational skills, they can benefit from its added security.
For anyone less sure of their ability to keep track of a hardware wallet, a software wallet is a fine alternative, though always been on alert of software wallet hacks. Keep an eye on crypto news and be ready to secure your software at a moment’s notice. Measures include un-downloading browser extensions, changing passwords, or transferring your crypto assets to another software wallet.
In the case of the Mars Stealer malware that affected MetaMask, being careful about visiting secure sites and only clicking on trustworthy links could’ve helped prevent it. Mars Stealer made its way onto people’s devices after they clicked on an infected link or visited a risky website. Stick to websites you know you can trust and consider springing for well-known streaming services and paying for software instead of torrenting from free sources.
Cryptocurrency enthusiasts often spread their crypto investments across various currency types and blockchain environments. Software known as a bridge can link numerous accounts and types, making it easier to send currency.
The cross-chain bridge Horizon experienced was on its Harmony blockchain, where a hacker stole about $100 million in Ethereum and tokens. The hacker stole two private keys, with which they could then validate this huge transaction into their own wallet. To hopefully prevent this from happening in the future, Horizon now requires more than just two validators.2
According to one report, in 2022, 69% of all cryptocurrency losses have occurred in bridge attacks.3 If you exchange cryptocurrencies with other users and have various accounts, it’s almost inevitable that you’ll use bridge software. To keep your assets safe, make sure to extensively research any bridge before trusting it. Take a look at their security protocols and how they’ve responded to past breaches, if applicable.
In the case of Horizon, the stolen private keys were encrypted with a passphrase and with a key management service, which follows best practices. Make sure that you always defend your private keys and all your cryptocurrency-related accounts with multi-factor authentication. Even though it may not 100% protect your assets, it’ll foil a less persistent cybercriminal.
Phishing attacks on bridge companies in conjunction with software hacks are also common. In this scenario, there’s unfortunately not much you can control. What you can control is how quickly and completely you respond to the cybercrime event. Remove the bridge software from your devices, transfer all your assets to a hardware wallet, and await further instructions from the bridge company on how to proceed.
Decentralized finance, or DeFi, is now one of the riskiest aspects of cryptocurrency. DeFi is a system without governing bodies. Some crypto traders like the anonymity and autonomy of being able to make transactions without a bank or institution tracking their assets. The drawback is that the code used in smart contracts isn’t bulletproof and has been at the center of several costly cybercrimes. Smart contracts are agreed upon by crypto buyers and sellers, and they contain code that programs crypto to perform certain financial transactions.
Three multi-million-dollar heists – Wormhole, Beanstalk Farms and Ronin bridge – occurred in quick succession, and smart contracts were at the center of each.4 In the case of Wormhole, a cybercriminal minted 120,000 in one currency and then traded them for Ethereum without putting up the necessary collateral. In the end, the hacker cashed out with $320 million. Beanstalk Farms lost $182 million when a hacker discovered a loophole in the stablecoin’s flash loan smart contract. Axie Infinity’s Ronin bridge was hit for $625 million when a hacker took control over and signed five of the nine validator nodes through a smart contract hole.4
To be safe, conduct all crypto transactions on well-known and trustworthy software, applications, bridges, and wallets that are backed by a governing body. What you lose in anonymity you gain in security by way of regulated protocols. Hackers are targeting smart contracts because they do not have to depend on large-scale phishing schemes to get the information they need. Instead, they can infiltrate the code themselves and steal assets from the smartest and most careful crypto users. Because there’s almost no way you can predict the next smart contract hack, the best path forward is to always remain on your toes and be ready to react should one occur.
Don’t let these costly hacks be what stops you from exploring crypto! Crypto is great as a side hustle if you’re committed to security and are strategic in your investments. Make sure you follow the best practices outlined and arm all your devices (mobile included!) with top-notch security, such as antivirus software, a VPN, and a password manager, all of which are included in McAfee +.
Privacy, excellent security habits, and an eagle eye can help you enjoy the most out of cryptocurrency and sidestep its costly pitfalls. Now, go forth confidently and prosper in the crypto realm!
1Cointelegraph, “Hodlers, beware! New malware targets MetaMask and 40 other crypto wallets”
2Halborn, “Explained: The Harmony Horizon Bridge Hack”
3Chainalysis, “Vulnerabilities in Cross-chain Bridge Protocols Emerge as Top Security Risk”
4Protocol, “Crypto is crumbling, and DeFi hacks are getting worse”
5Cointelegraph, “Beanstalk Farms loses $182M in DeFi governance exploit”
The post Cryptohacking: Is Cryptocurrency Losing Its Credibility? appeared first on McAfee Blog.
Imagine – your favorite brand on Instagram just announced a giveaway. You’ll receive a free gift! All you have to do is provide your credit card information. Sounds easy, right? This is a brand you’ve followed and trusted for a while now. You’ve engaged with them and even purchased some of their items. The link comes directly from their official page, so you don’t think to question it. Don’t fall prey to crypto scams, download reputable mobile security protection.
This is the same mindset that led to several Bored Ape Yacht Club (BAYC) NFTs being stolen by a cybercriminal who had hacked into the company’s official Instagram account. Let’s dive into the details of this scam.
Bored Ape Yacht Club, the NFT collection, disclosed through Twitter that their Instagram account had been hacked, and advised users not to click on any links or link their crypto wallets to anything. The hacker managed to log into the account and post a phishing link promoting an “airdrop,” or a free token giveaway, to users who connected their MetaMask wallets. Those who linked their wallets before BAYC’s warning lost a combined amount of over $1 million in NFTs.
Despite the large price tag attached to NFTs, they are often held in smartphone wallets rather than more secure alternatives. MetaMask, the crypto wallet application, only allows NFT display through mobile devices and encourages users to use the smartphone app to manage them. While it may be a good method for display purposes, this limitation provides hackers with a new and effective way to easily steal from users’ mobile wallets.
BAYC does not yet know how the hacker was able to gain access to their Instagram account, but they are following security best practices and actively working to contact the users affected.
This scam was conducted through the official BAYC account, making it appear legitimate to BAYC’s followers. It is incredibly important to stay vigilant and know how to protect yourself and your assets from scams like these. Follow the tips below to steer clear of phishing scams and keep your digital assets safe:
A seed phrase is the “open sesame” to your cryptocurrency wallet. The string of words is what grants you access to all your wallet’s assets. Ensuring that your seed phrase is stored away safely and not easily accessible by anyone but yourself is the first step to making sure your wallet is secure.
With all transactional and wallet data publicly available, scammers can pick and choose their targets based on who appears to own valuable assets. To protect your privacy and avoid being targeted, refrain from sharing your personal information on social media sites or using your NFT as a social media avatar.
Phishing scams targeting NFT collectors are becoming increasingly common. Be wary of any airdrops offering free tokens in exchange for your information or other “collectors” doing the same.
Phishing scams tend to get more sophisticated over time, especially in cases like the Bored Ape Yacht Club where the malicious links are coming straight from the official account. It is always best to remain skeptical and cautious, but when in doubt, here are some extra tips to spot phishing scams:
As crypto and NFTs continue to take the world by storm, hackers and scammers are constantly on the prowl for ways to steal and deceive. No matter the source or how trustworthy it may seem at first glance, always exercise caution to keep yourself and your assets safe!
The post Instagram Hack Results in $1 Million Loss in NFTs appeared first on McAfee Blog.
If you’re thinking about crypto, one of the first things you’ll want to do is get yourself a good wallet.
Topping the several important things a new cryptocurrency investor needs to think about is security. Rightfully so. Cryptocurrency is indeed subject to all kinds of fraud, theft, and phishing attacks, just like the credentials and accounts we keep online.
But here’s the catch. Lost or stolen cryptocurrency is terrifically difficult to recover. By and large, it doesn’t enjoy the same protections and regulations as traditional currency and financial transactions. For example, you can always call your bank or credit card company to report theft or contest a fraudulent charge. Not the case with crypto. With that, you’ll absolutely need a safe place to secure it. Likewise, in the U.S. many banks are FDIC insured, which protects depositors if the bank fails. Again, not so with crypto.
So, when it comes to cryptocurrency, security is everything.
Cryptocurrency theft offers hackers an immediate payoff. It’s altogether different from, say, hacking the database of a Fortune 500 company. With a data breach, a hacker may round up armloads of personal data and information, yet it takes additional steps for them to translate those stolen records into money. With cryptocurrency theft, the dollars shift from the victim to the crook in milliseconds. It’s like digital pickpocketing. As you can guess, that makes cryptocurrency a big target.
And that’s where your wallet will come in, a place where you store the digital credentials associated with the cryptocurrency you own. The issue is doing it securely. Let’s take a look at the different wallets out there and then talk about how you can secure them.
Broadly, there are two general categories of wallets. First, let’s look at what these wallets store.
A wallet contains public and private “keys” that are used to conduct transactions. The public key often takes the form of an address, one that anyone can see and then use to send cryptocurrency. The private key is exactly that. Highly complex and taking many forms that range from multi-word phrases to strings of code, it’s your unique key that proves your ownership of your cryptocurrency and that allows you to spend and send crypto. Needless to say, never share your private key.
With that, there are two ways to store your keys—in a hot wallet or a cold wallet.
Hot Wallets:
|
Cold Wallets:
|
As you can see, the benefit of a hot wallet is that you can load it up with cryptocurrency, ready for spending. However, it’s the riskiest place to store cryptocurrency because it’s connected to the internet, making it a target for hacks and attacks.
In addition to that, a hot wallet is connected to a cryptocurrency exchange, which makes the transfer of cryptocurrencies possible. The issue with that is all cryptocurrency exchanges are not created equal, particularly when it comes to security. Some of the lesser-established exchanges may not utilize strong protocols, likely making a target for attack. Even the more established and trusted exchanges have fallen victim to attacks—where crooks have walked away with millions or even hundreds of millions of dollars.
While the funds in cold wallets are far less liquid, they’re far more secure because they’re not connected to the internet. In this way, cold wallets are more vault-like and suitable for long-term storage of larger sums of funds. But cold wallets place a great deal of responsibility on the holder. They must be stored in a physically secure place, and be backed up, because if you lose that one device or printout that contains your cryptocurrency info, you lose the cryptocurrency altogether. Within the cold wallet category, there are a few different types:
Several manufacturers make storage devices specifically designed to store cryptocurrency, complete with specific features for security, durability, and compatibility with many (yet not always all) of the different cryptocurrencies on the market. An online search will turn up several options, so doing your homework here will be very important—such as which devices have the best track record for security, which devices are the most reliable overall, and which ones are compatible with the crypto you wish to keep.
Storing cryptocurrency information on a computer or laptop that’s disconnected from the internet (also known as “air-gapped”) is a storage method that’s been in place for some time. However, because computers and laptops are complex devices, they may be less secure than a simpler, purpose-built cryptocurrency device. In short, there are more ways to compromise a computer or laptop with malware that a determined hacker can use to steal information in some rather surprising ways. (Like noise from a compromised computer fan passing information in a sort of Morse Code or generating electromagnetic signals on a compromised computer that nearby devices can use to skim information.)
Ah, good old paper. Write down a code and keep it secure. Simple, right? In truth, creating a paper wallet can be one of the most involved methods of all the cold storage options out there. Bitcoin offers a step-by-step walkthrough of the process that you can see for yourself. Once done, though, you’ll have a piece of paper with a public address for loading cryptocurrency into your paper cold wallet, along with a private key. One note: Bitcoin and others recommend never reusing a paper cold wallet once it’s connected to a hot wallet. You should go through the process of creating a new cold paper wallet each time.
Physical coins are a special case and are relatively new on the scene. They’re a physical coin minted with a tamper-resistant sticker that indicates the actual value of the coin. Like other methods of cold wallet storage, this calls for keeping it in a safe place, because it’s pretty much like a wad of cash. And like cash, if it’s stolen, it’s gone for good. Also note that a cryptocurrency holder must work with a third party to mint and deliver the coin, which has its own costs and risks involved.
With that look at wallets, let’s see what it takes to secure them. It may seem like there’s plenty to do here. That’s because there is, which goes to show just how much responsibility falls on the shoulders of the cryptocurrency holder. Of course, this is your money we’re talking about, so let’s dive into the details.
Whatever form your storage takes, back it up. And back it up again. Cryptocurrency holders should make multiple copies just in case one is lost, destroyed, or otherwise inaccessible. For example, one story that’s made the rounds is of a IT engineer in the UK who accidentally threw away an old hard drive with his cryptocurrency key on it, one that held 7,500 bitcoins, worth millions of dollars. Redundancy is key. Back up the entire wallet right away and then often after that.
With redundant backups in place, store them in places that are physically secure. It’s not uncommon for crypto holders to use fireproof safes and safe deposit boxes at banks for this purpose, which only highlights the earlier point that a wallet is as good as cash in many ways.
This will help prevent malware from stealing crypto, whether or not your device is connected to the internet. Comprehensive online protection software will give you plenty of other benefits as well, including identity theft monitoring and strong password management, two things that can help you protect your investments, and yourself, even further.
Updates often address security issues, ones that hackers will of course try to exploit. Keep everything current and set automatic updates wherever they are available so that you have the latest and greatest.
Just as your bank and other financial accounts offer MFA, do the same here with your crypto. Some extra security-conscious crypto investors will purchase a device for this specific purpose for yet greater protection, such as a separate phone with texting capability. This keeps their crypto transactions separate from the multitude of other things they do on their everyday smartphone, effectively putting up a wall between these two different digital worlds.
Two things fall under this category. One, the less you say about the crypto investments you make, the less word gets around, which can help keep hackers out of the loop. Particularly on social media! Two, consider setting up a unique email account that you only use for crypto. The less you associate your crypto accounts with other financial accounts like your banking and online payment apps, the more difficult it is to compromise several accounts in one fell swoop.
Just like hackers send phishing emails with an eye on accessing your bank accounts, credit cards, and so on, they’ll do much the same to get at your crypto accounts. The target may be different, that being your crypto, but the attack is very much the same. An email will direct you to a hacker’s website, using some sort of phony pretense, get-rich-quick-scheme, or scare tactic. Once there, they’ll ask for private key information and then simply steal the funds. And it’s not just email. Hackers have used online ads to phish for victims as well.
As you can see, these security measures rely almost exclusively on you. If something happens to you, that could make recovering your funds a real problem. Consider reaching out to someone you trust and let them know where you’re storing your wallets and information. That way, you’ll have some assistance ready in the event of an emergency or issue.
The very things that define cryptocurrency—the anonymity of ownership, the lack of banking institutions, the light or non-existent regulation—all have major security implications. Add in the fact that you’re your own safety net here and it’s easy to see that crypto is something that requires plenty of planning and careful through before diving into. Getting knowledgeable about security, how you’ll protect your crypto, should absolutely top your list before investing.
The post Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely appeared first on McAfee Blog.
A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and for some, it’s a viable way to make ends meet and set up long-term investments. The cryptocurrency realm has also proven to be vulnerable to cybercriminals. For example, the Wormhole hack leaked $320 million, and cybercriminals have targeted crypto platforms with ransomware and mining app scams.
Whether you’re already in the cryptocurrency game or are thinking about taking the plunge, here’s what you need to know about crypto wallets and tips on how to keep yours safe from cybercriminals.
A cryptocurrency wallet, or crypto wallet, is a software product or a physical device that stores the public and private keys to your cryptocurrency accounts. Keys are strings of numbers and letters that encrypt and decrypt crypto transactions and secure crypto accounts. You can think of public keys as the routing and account numbers that appear at the bottom of paper checks. There’s not much a nefarious character can do with that information, and it’s totally normal to give that information to an acquaintance with whom you’re doing business. Private keys are like your online banking password or debit PIN. Those you must guard very closely because in the wrong hands, your hard-earned bank balance could disappear. A crypto wallet also allows you to transfer funds between crypto types and make transactions.
Here are a few basic types of crypto wallets to help you decide which type is right for you.
A non-custodial wallet means that you are the sole keeper of the keys to your crypto assets. If you forget your password, there’s no “forgot your password?” prompt to let you back in. While not having this safety net is a little nerve wracking, noncustodial wallets are considered the more secure option. You don’t have to worry about a security breach of a major corporation leaking your private key. If you’re responsible and confident that you’re prepared to look after your assets by yourself, this may be the best option for you.
A custodial wallet is a little less secure, but you have a third party helping you log in and manage your crypto accounts. Custodial wallets are often web-based, and the biggest tick in their pro column is that they’re generally very easy to use. While reputable custodial wallets take security very seriously, the threat of a breach is always a possibility, especially as crypto accounts are appealing targets to cybercriminals.
Hardware wallets, also known as cold wallets, are devices you can fit in the palm of your hand. Most models are Bluetooth-enabled devices that look like small remote controls or are flash drives. The device is secured by a PIN that you should never write down or share with anyone else. Also, you should designate a safe and private spot to store your hardware wallet. Similar to a noncustodial wallet, you are solely responsible for keeping track of the device and remembering the PIN. If you lose it, your crypto accounts are locked, and there’s no locksmith to open them for you. As long as you keep track of it, hardware wallets are very secure. Most models are equipped with malware- and virus-proofing security features.
Software wallets are downloaded and internet-connected mobile or desktop apps. They allow you to make transactions on the run, as you can access your crypto accounts from your phone. In that sense, they’re more convenient than hardware wallets. Additionally, software wallets have the same safety net as custodial wallets: if you lose your phone, forget your password, or require login assistance, the maker of the software can help you access your accounts. Software wallets are very secure when you enable their two-factor authentication login settings; however, since they connect to the internet, there’s always a chance a cybercriminal could break-in. Thus, hardware wallets are considered more secure than the software variety.
Check out these tips to ensure your assets are safe and secure in your crypto wallet:
Cryptocurrency value is reaching galactic heights like the spaceships depicted in prime-time ads. Don’t feel pressured to hop aboard the crypto rocket, but if you do decide to jump on, make sure you do your research carefully and make the best decisions for your crypto goals.
The post What Is a Crypto Wallet and How to Keep Your Wallet Secure? appeared first on McAfee Blog.
The convenience of tapping your phone at the cash register instead of fumbling for loose change in your physical wallet is undeniable. Nearly 40% of Canadians used their mobile wallets more often in 2020 because of the perceived safety of contactless payment, according to one report.1 While digital wallets and tap to pay is becoming more widespread, you may wonder: what exactly is a digital wallet? Are they safe?
A digital wallet, also known as a mobile wallet, is a smartphone app that stores your payment information and enables tap to pay at most point-of-sale terminals. A digital wallet is perfectly safe, as long as you guard your smartphone just as closely as you would your physical wallet.
Here’s why you should secure your digital wallet and three tips to help you do so.
Think about what you store in your physical wallet: credit cards, debit cards, driver’s license, library cards, gift cards, cash. Now, imagine (or if you’ve been unlucky enough to lose your wallet in the past, think back to) the hassle that would ensue if someone stole your wallet or you misplaced it. Not only do you have to cancel your cards, notify your various banks, and wait for replacements, but the niggling worry that a stranger has access to your personally identifiable information (PII) will likely keep you up at night.
Just like you store your wallet in your front pocket when about town and check your seat before leaving a taxi or a plane, look after your smartphone just as closely. Unlike a physical wallet, whose absence is noticed quickly, a digital wallet may be compromised by a cyber pickpocket without you knowing for a while. For example, the BBC reported that researchers found a potential shortcoming in Apple Pay’s Express Transit mode where cyber pickpockets could remotely access mobile wallets.2 Luckily, the researchers’ experiment is unlikely to occur in the real world, but it’s a reminder to everyone to check their monthly bank statements for suspicious transactions. Cybercriminals get smarter and bolder by the day, so it’s not unlikely that they’ll find and exploit a digital wallet shortcoming in the future.
Follow these tips to help you use your digital wallet more confidently.
Always protect your digital wallet with a passcode! This is the best and easiest way to deter cybercriminals. It’s best if this combination of numbers is different than the passcode to your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.
Better yet, if your mobile wallet app allows you to protect your account with facial recognition or a fingerprint scan, set it up! If your digital wallet proves difficult or impossible to enter, a cybercriminal may leave it for an easier target, keeping your PII safe.
Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.
Before you swap your plastic cards for digital payment methods, make sure you research the digital banking app before downloading. Make sure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has to make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always best practice to check for typos, blurry logos, and unprofessional app descriptions to make sure.
The digital era is an exciting time to make the most of the conveniences technology affords; however, constant vigilance is key to keeping your finances and PII private. Whether you’re looking for additional peace of mind or have lost your wallet, consider signing up for an identity monitoring service like McAfee identity protection. McAfee will monitor your email addresses and bank accounts and alert you to suspicious activities up to 10 months sooner than similar services. Are you curious about how secure your current online habits are? Check your Security Protection Score today and see what steps you can take to live more confidently online.
1Canadian Payment Methods and Trends Report 2021
The post How to Secure Your Digital Wallet appeared first on McAfee Blog.
FreshRSS 