Crypto Threats: How Crypto Gets Stolen
KEY TAKEAWAYS: |
— Crypto is vulnerable to specific hacks, threats, and scams due to existing digitally. — With no central authority, there is no customer support to fall back on, and no way to get your crypto back if you make a mistake. — Protecting your crypto is 100% your responsibility. This means understanding the specific threats you face and making sure you have the right tools and knowledge to keep them out. |
So far, you’ve learned about blockchain security essentials: crypto wallets, private and public keys and the all-important recovery phrase. But one thing remains in the shadows – what exactly are you securing your crypto from?
Here, we take a deep dive into crypto security threats, so you know exactly what you’re dealing with.
How Does Crypto Get Stolen?
“With Great Power Comes Great Responsibility”. That might sound familiar to you but it’s not advice purely for Spiderman; Crypto comes with similar obligations. Cryptocurrencies provide us huge freedom compared to fiat money. But, this new and unfamiliar environment is also much more vulnerable to threats, and there are a couple of reasons for that.
Firstly, an unfamiliar ecosystem means new threats you may not have seen before. And secondly, since cryptocurrencies don’t use a central authority or bank, there’s no customer support if you make a mistake.
Self-custody means taking total responsibility for your funds. You are the gatekeeper. So, understanding how crypto scams work is essential.
Digital Threats To Your Crypto
As you already know, most crypto-threats target you via your internet connection. There are a couple of different approaches they might take. Let’s discuss them.
Hacks to Your Connected Device:
Hackers from anywhere on the planet can target you silently, via your internet connection.
That can be a problem if you are using a software wallet to manage your private keys.
When you use a wallet that exists as an interface on your computer or phone, your private keys are always connected to the internet. The security barriers of a software wallet may not be enough to prevent clever hackers from accessing your private keys. With the right technological know-how, a good hacker might be able to penetrate the wallet and reach your keys.
Phishing:
Malicious links are another very common way for hackers to penetrate your crypto security. They are effective because they don’t look like a threat – how many links have you clicked this week yourself? Maybe dozens or more.
A malicious link can look as innocent as this:
When you click on the wrong link, hackers will be able to remotely access your computer or device. Doing so enables a few different possibilities: they can extract your private keys from your software wallet, tamper with the interface of your device to manipulate your transactions, or even search the saved files of your device for sensitive data such as your recovery phrase.
In short, whether it’s hacking or spyware, your internet connection is a vector for bad guys to access your sensitive data. This is why it’s extremely important to ensure that both your private keys and recovery phrase are stored completely offline.
And these are not the only scams your crypto is vulnerable to.
Social Engineering Scams
While some scams target weaknesses in your security set-up, others target weaknesses in your judgment. Social engineering scams create a fake situation where you feel “safe” to confirm a transaction. Doing so means you can be manipulated into giving a bad actor access to your wallet.
For instance, scammers might pose as “customer service agents”, offering you help on a trading platform or similar. In order to assist you, they might say they need you to share your recovery phrase, or ask you to confirm a “message” (which is really a malicious transaction) on your wallet to prove you’re the owner.
Either way, it’s a scam – and the reason scams like this are so effective is that you, the victim, have built some sort of rapport with the other person over the course of the interaction.
It takes surprisingly little to create a feeling of trust – but trust is not enough when it comes to your hard-earned value.
Blind Signing (A Combination Threat To Your Crypto)
Speaking of trust, let’s talk about another big crypto scam vector, blind signing.
Web3 is based on smart contracts. When you sign a smart contract using your crypto wallet, you’re agreeing to its specific terms.
The terms of whatever smart contract you’re interacting with will be displayed on your crypto wallet this is how you know what you’re agreeing to. But unfortunately, not all wallets can display these details in full – the raw transaction data can’t be translated by the wallet into readable information.
This means users often find themselves “blind signing” – agreeing to a transaction even when they have no way of seeing the details.
This is a huge opportunity for scammers.
Remember those social engineering scams we spoke about? You’ll find plenty of these that rely on blind signing. Knowing that you cannot read all the conditions of the smart contract, but that you trust the situation, a clever scammer will deploy a smart contract that gives them access to the contents of your wallet. And since you can’t see this detail, and the situation seems genuine, you agree.
Crypto Threats Are Still Evolving
Lack of transparency along with the unfamiliar UX of crypto applications will leave you vulnerable to attacks that you cannot detect. So, choosing a wallet that can display transaction details, and learning how to read them, is the only way of protecting your assets against blind signing.
Three key factors that will define your crypto security are:
- Always use a wallet that stores your private keys separately from your internet connected device
- Make sure you can see full transaction details every time you make a transaction.
- Constantly educate yourself about how crypto works, and the most recent scam tactics.
Even though owning and interacting with cryptocurrency gives freedom, it comes with risks that don’t exist in the fiat system. But you can be aware of these threats and be proactive in keeping your funds secure.