Thinking about keeping your company’s customer crypto assets you’ve been entrusted with firmly under your own control, away from prying eyes? While the popular adage of “not your keys, not your crypto” certainly rings true, it is also important to understand that unless you use the most secure forms of cold storage and multi-signature technology, you and your clients’ crypto portfolios are in all likelihood very vulnerable to increasingly sophisticated hacking and extortion attempts from bad actors that may even be state-sponsored.
Even if you use a quality hardware wallet, you can still be targeted through other means, as the phishing devastation caused by Ledger’s various data breaches showed.
This is one of the reasons that digital asset custodial platforms and wallet solutions like BitGo, Fireblocks and CYBAVO are thriving in 2021 and courted by some of the biggest companies in the world, as they offer more resilient forms of security such as multi-party computation (MPC) tools to secure virtual assets. For example, BitGo was recently acquired by Galaxy Digital for a staggering $1.2 billion.
Need more convincing? Well look no further than these following crypto security threats in 2021 that could drain your funds if you’re not careful. And sorry to say, but our list is not even close to being exhaustive.
Data Tampering
Tampering refers to the act of intentionally modifying a system, its components, or data without any authorization in order to taint its source of information or to exploit its processes that heavily rely on data. Many security analysts view data tampering as one of the largest cybersecurity threats that many companies continue to face.
The fallout from data tampering can be immense, causing system downtimes, data losses, and even decisional errors. With that in mind, it is important for organizations to ensure that their network security level is in tip-top shape, especially system components responsible for conducting authentication and verification. In order to help defend against data tampering, businesses need to improve their user identity monitoring, privilege and credential requirements, and advanced encryption key stores, among others.
Ransomware
Ransomware is a common example of data tampering. In such attacks, a hacker tampers the data of the victim’s devices by way of encryption, altering the property of any file or device to lock the original user out. The goal of ransomware attacks is to force its victims into paying money to be able to restore access to their files or device.
There are predominantly two types of ransomware in the crypto sphere,namely locker ransomware and crypto ransomware.
Locker ransomware may block basic computer functions such as desktop access, mouse and keyboard freezing and a locking of your harddrive files. Victims will be able to continue to access the ransomware message window in order to make a payment, usually in the form of a cryptocurrency like Bitcoin or Monero, to the hacker’s displayed address. While locker ransomware can be disruptive, it doesn’t usually aim to destroy your data but just to lock you out of your system and make it impossible to use.
Crypto ransomware on the other hand, can be far more devastating. This type of malware will encrypt your computer’s most critical data, files and more without interfering with the device’s basic functioning. Until of course that shocking ransomware screen and message pops up telling you to pay the ransom or lose access to all your files. Unfortunately, often times crypto ransomware can indeed permanently delete files that have not been backed up. In many cases, individuals and enterprises just cough up the ransom and move on with their lives.
Recent years have seen a spate of ransomware attacks, often facilitated by viruses that pose as cracked downloads of popular software and games like Minecraft and Fortnite. Luckily, in most cases these ransomware viruses were simply modified versions of previous strains of the notorious “WannaCry” malware.
Supply Chain Attack
A supply chain attack, also known as a value-chain attack, refers to an act where an unsolicited entity or individual breaches a system by targeting its least secure components. Supply chain attacks usually target software developers, suppliers, or other weak components of a database where they attempt to access source codes, built-in mechanisms, etc. by tampering or corrupting tools within a system, leading to theft, propagation of malware, or other damages.
Attackers often target compromised networks that have weak server infrastructure and are built with rather lacking security mechanisms. Due to the high level of complexity, integrity, and security that exists in decentralized ecosystems, such attacks are quite rare in the blockchain space. However, well-planned and structured supply chain attacks have managed to successfully hurt users in the past.
Blockchain’s decentralized nature makes it extremely difficult for potential attackers to gain enough ground and control to be able to alter crypto transactions and operations. However, blockchain users may still be vulnerable to supply chain attacks if hackers manage to elude sophisticated cryptographic defense mechanisms.
For instance, hackers were somehow able to steal funds from Monero users back in 2019 despite Monero being one of the most secure and private cryptosystems in the world. The Monero network was simply too difficult and costly to exploit, hence, the hackers targeted one of its weakest links: its website. The hackers infiltrated the website and replaced the official Monero wallet with a malware-infested copy. Unsuspecting users downloaded the compromised wallet, which sent their seed phrases to the attackers, allowing them to steal all their XMR funds.
The best way to avoid falling for supply chain attacks is for developers to extend their scope beyond the protocol itself and include other components of their systems, including websites, wallets, applications, oracles, etc, which may be vulnerable to attacks.
Side-Channel Attack
Side-channel attacks refer to a type of attack or procedure done by hackers that aim to extract secrets from a computer or system, through measurement and analysis of physical parameters. Various side-channel techniques can be used against unsuspecting individuals due to their low cost and simplicity.
In a side-channel attack, hackers take advantage of clues and patterns of information that are constantly given off by computers and other devices. For instance, hackers may harvest data leaked via electric emissions that radiate from computer devices. Another method is to analyze the power consumption of any device or record the sound emitted by users’ keystrokes. These patterns, especially when combined, may allow a hacker to deduce key information and enable them to steal funds.
For instance, in a power-monitoring side-channel attack, hackers study the small changes in a device’s voltage and current in order to extract little information about the data being used. A way to prevent such operations is to monitor and filter out power lines.
Side-channel attacks are often divided into two categories, invasive and non-invasive attacks. Invasive attacks typically require the device’s internal components to be accessed, such as a chip, for deeper inspection, while non-invasive attacks keep the devices intact and in perfect conditions.
Note that side-channel attacks are a serious threat to products and operations that rely heavily on decentralization and are integrated through cryptographic systems where some side-channel techniques have proven to be effective. Additionally, as DeFi ecosystems grow in complexity, so do their attack vectors.
Typosquatting
Typosquatting or URL hijacking is a specific form of cybersquatting where bad actors seat on sites under another individual’s branding or copyright to actively target any internet surfer who incorrectly types a website URL into his search browser. For instance, a user may mistype “Binace.com” instead of “Binance.com.”
Unfortunately, once users unknowingly hit “Enter” on the wrong address, they may be directed to a website whose interface looks exactly the same as the page they are attempting to reach, but is actually a completely different page owned by a hacker with malicious intentions. Various forms of typosquatting generally take advantage of user errors such as typos, misspellings, wrong domain extensions, and alternative spellings.
Typosquatting cybercriminals buy and register domain names that are commonly misspelled. For example, if they want to target “Bitcoin.com”, they will likely purchase domains like “Bittcoin.com” or “Bitcoins.com.” It is a highly effective strategy, especially given the level of circulation within the internet and the high probability of typos.
Typosquatting attacks have become such a large issue that large companies such as Binance, Apple, Google, and Microsoft have either registered typographical error variations of their domain and/or solicit the aid of The Internet Corporation for Assigned Names and Numbers (ICANN) service to prevent future potential typosquatting domains from existing on the internet.
In regards to digital wallets and cryptocurrencies, typosquatting can be quite worrisome for wallet holders.
Crypto users are at high risk for typosquatting given the irreversible nature of blockchain-based fund transfers, which entice a lot of cyber thieves. The interfaces of online wallets and exchanges, for instance, can be easily duplicated by malicious actors. Once users log in to an erroneous URL, hackers would gain direct access to their personal information, such as usernames and passwords, which would allow them to steal cryptocurrencies from their accounts.
Sybil attack
A Sybil attack refers to a security threat where an individual or party attempts to take over a network by creating multiple accounts or nodes. A Sybil attacker usually pretends to be multiple individuals at the same time with the goal of owning a disproportionate share of the system and ultimately gain full control.
Sybil attacks have grown to become a prominent issue within peer-to-peer networks. In the crypto ecosystem, they usually come in the form of 51% attacks, a specific type of Sybil attack where malicious actors manage to control the majority of a blockchain network’s computing power (hash rate).
In a 51% attack, hackers will have the power to influence a blockchain system, which would give them the full privilege to change the ordering of transactions, prevent transactions from being confirmed, or even reverse transactions as they see fit.
Large proof-of-work (PoW) blockchains such as Bitcoin and Monero have proven to be resistant to such attacks due to the vast resources required and risks involved. The same can’t be said for smaller PoW networks like Ethereum Classic, Bitcoin Gold, Verge, etc. Proof-of-stake (PoS) chains, by design, disincentivize 51% attacks since no attacker would want to harm a network they have a 51% stake in.
Man in the middle attack (MITM)
A Man-in-the-middle (MitM) attack involves a hacker who anonymously intercepts a communication line between several network participants in an attempt to interfere with their exchange of information. Usually, hackers discreetly stay within the infected communication lines to either eavesdrop or to divert them. This allows them to obtain personal and confidential information from their victims or sabotage their line.
The most susceptible victims of such an attack are communication lines that don’t possess high-grade encryption. Previous attacks have uncovered that regardless of network security, there are still potential vulnerabilities in some systems. Even the blockchain and its cryptocurrency holders have had their fair share of stories of such attacks in the past.
One notable report revealed a story about a previous hacking incident where an MitM strategy was utilized. A group of hackers tried to exploit the interaction between a cryptocurrency exchange and its users. Despite the encryption, the hackers were able to steal from crypto holders by diverting the transfer of funds from their Ledger wallet to a designated wallet which the hackers owned. They managed to execute this scheme by intercepting relevant transaction information from peer-to-peer exchanges, then eventually altering them to funnel the crypto assets to their own wallets.
Some attacks for MitM include malware programs that can execute themselves on any device and allow a hacker to take control of any information that goes in and out. And while encryption can work to lower the success rate of such attacks, it is not a surefire way to shield from them.
Conclusion
As hackers get smarter and more mainstream users enter the crypto space completely oblivious to the incredible threats that they’re exposed to, it is is important for crypto asset service providers to not only ensure that their users are effectively protected against bad actors, but are also educated on the best practices to safeguard their investments.
Therefore, it is a good idea to at least look into the options that digital asset custodial solutions like security experts CYBAVO and the company’s impenetrable VAULT solution offers customers, from anything to ETH staking to NFT token support, and at the very least learn some of their industry best practice tips.