Security in the crypto world

What you need to know so that your cryptocurrencies are not stolen.

To put you in context, cryptocurrencies are a kind of digital money that exists only in the digital world, not in a physical way. They were created as an alternative to traditional money and became popular for their advanced design, growth potential, and anonymity. One of the earliest and most successful forms of cryptocurrency, bitcoin, emerged in 2009. In December 2017, the value of a single bitcoin reached an all-time high of nearly $20,000, and then fell below $10,000. The success of bitcoin inspired the creation of other cryptocurrencies that operate in much the same way. Within a decade of its invention, people all over the world are using cryptocurrencies to buy and sell things or make investments.

The word “cryptocurrency” comes from the combination of two other terms, “crypto” and “currency”. It is defined as electronic money based on the principles of complex mathematical encryption. All cryptocurrencies exist as encrypted and decentralized currency units that can be freely transferred between network participants. In other words, a cryptocurrency is electricity converted into lines of code that have monetary value.

Fraud and scam of cryptocurrencies

First of all I imagine that you are not going to give a stranger your wallet or a wad of money to hold it for you, this is the same principle that one should keep in mind when using virtual wallets

As everybody knows, there have been and will be many cryptocurrency thefts. What the public does not know is that many of these «robberies» or rather appropriation; it is due to human error.

If you are interested in entering the world of cryptocurrencies, first I recommend you investigate; learn to protect your money because although they are assets, they can easily be transferred to Fiat money.

Here are some security points to keep in mind when investing in these digital assets.

1) Spear phishing

Phishing would be when for example, they send you an email from your bank saying that your password was compromised and that you please change it, a typical person should know that this is not the common procedure of banks and when verifying the sender has nothing to do with the bank. In the world of cryptocurrencies, the attackers target specific individuals with personalized messages, usually a deceptive email claiming to be from a known or trusted sender.

The sender’s goal is to force recipients to reveal sensitive information or to induce them to visit a malware-laden website.

When it comes to cryptocurrencies, phishing emails and text messages purporting to be from hardware wallet providers such as Trezor or even cryptocurrency exchanges, try to trick the recipient into «updating» their seed phrase or change their password, after which the thief can steal your login credentials and empty the virtual wallet.

Another tactic is to draw users with plausible promotions, as was the case with the attack on Celsius users earlier this year.

In case of doubt, it is better to investigate twice and not fall into the trap of an elaborate plan to get your cryptocurrencies. Always verify the legitimacy of the senders, carefully examine the senders’ links and email addresses, avoid open Wi-Fi networks, and have two-factor authentication. Above all, mistrust any email that asks you to enter username and password.

2) DNS hijacking and spoofed URL

This type of scam goes beyond the ordinary user as attackers spoof a platform’s DNS. Cybercriminals hijack legitimate websites and replace them with a malicious interface, before tricking users into entering their private keys into the fraudulent domain.

Another type of very common scam is the URL spoofing, where the attackers create an address very similar to that of the legitimate website and position it in search engines where users believe they are entering; for example with www.binance.com, instead of entering on that website they are doing it on www.binanse.com which would be a fake website.

The recommended way to be protected from a DNS attack is to use a VPN, since it eludes the router configuration by sending the traffic through an encrypted tunnel.

To protect yourself from the imitation of URLs you must check that the URL you are accessing is the official page. Always check the URL in your browser to make sure the website’s certificate is trusted, and pay attention to any warnings that indicate that your connection to a site is not secure.

3) Phishing bots

This type of theft also has a lot to do with people who do not corroborate the official pages; like in this case Twitter, they were created to steal our precious seed phrases.

In this case, basically what the attackers did was create a profile posing as the best-known and most popular cryptocurrency wallet Metamask, offering technical support and when users requested the service, they were asked for the seed phrase, with which the attackers had access to the wallet of these unsuspecting users who ended up losing their cryptocurrencies.

The Ethereum-based MetaMask wallet drew the attention of users about a phishing attack perpetrated by phrase-stealing bots on Twitter.

«The phishing request comes from an account that seems ‘normal’ (but with few followers), usefully suggests filling out a support form on a major site like Google sheets (hard to block), and asks for your secret recovery phrase», MetaMask explained, before dispensing some sage advice on how to protect yourself: «Seek help ONLY WITHIN the app you want help for.»

Although it may seem like a good idea to verify that the mail comes from an official account, this strategy is not totally secure: social media accounts can be hacked like any other, as the great Twitter hack of 2020 shows, which caused the cybercriminals to earn $121,000 in bitcoins.

4) Fake browser extensions.

Always the doubly attentive person is the one who does not fall for the tricks and plans well executed by the attackers as is the case…

In the cryptosphere, we are used to using all kinds of browser extensions, such as wallets, with the aforementioned MetaMask being especially popular.

Unfortunately, cybercriminals are taking advantage of this predilection to create fake extensions and steal funds from users. Last year, a malicious Chrome extension called Ledger Live was downloaded more than 120 times before being banned from the Chrome Web Store. More worryingly, the attackers were able to take advantage of Google ads to promote the product and gain an air of legitimacy.

What must be considered? Don’t trust web stores to properly examine the extensions they make available for you. If you download a crypto extension, check its profile page to make sure it has a lot of reviews and that it comes from a developer you trust. Examine the permissions requested by the extension (Chrome Settings> Extensions> Details) to verify that they are in accordance with its characteristics. Oh, and you may want to download an extension directly from a link on the company’s website.

There are several tips to protect yourself from scams, for example; it’s smart to bookmark verified sites where you often enter sensitive information. The same goes for saving the contact email addresses of the crypto companies you use. Also double checking URLs is a good habit to get into.

5) Ponzi schemes:

Cryptocurrency criminals promote non-existent opportunities to invest in digital currencies and create the illusion of huge returns by paying old investors with new investors’ money. This type of scam does not only occur in the world of cryptocurrencies but in various fields and it is always the same scheme, large amounts of profit but first you put your cryptocurrencies or money and second you invite more people to join. Believe it or not, this type of scam is much more complex, they use the persuasion and ambition of people to fall for this type of operation where very few win and the majority loses. In my personal case, whenever I am offered a business that is very good, the first thing I ask myself is how it is sustained, if the profits are well above the average and especially if it is by invitation. Remember, «Beware the Greeks when they come bearing gifts»

6) Romantic Scams:

The FBI has warned of a trend in online dating scams, in which scammers persuade people they meet on dating apps or social networks to invest or trade in virtual currencies. The FBI’s Internet Crime Complaint Center recorded more than 1,800 reports of crypto-focused romantic scams in the first 7 months of 2021, with losses approaching $133 million.

Alternatively, scammers can pretend to be legitimate virtual currency dealers or set up fake exchanges to trick people into giving them money. Another cryptocurrency scam involves fraudulent sales strategies for cryptocurrency individual retirement accounts. Then there is direct cryptocurrency hacking, in which criminals break into digital wallets where people keep their virtual money to steal it.

7) Exchanges:

 Cryptocurrency exchanges are pages where you can exchange fiat money for cryptocurrencies or vice versa. When you are going to create one, always take into account choosing the best known and investigate if they legally respond to any regulatory entity. I want to make 2 things clear… The first one is that the better known a platform is, the more reliable it is but that does not make it invulnerable to hacks or other types of vulnerabilities; the fact of having your cryptocurrencies on these sites implies that you do not have your seed phrase so although they are reliable, you do not have absolute control of your assets.

The second thing is to keep in mind is that although there are several exchanges, when it is more unknown it can have vulnerabilities, in that case I would recommend you, and beware that this is not an investment advice; but the best known ones such as Binance or Coinbase with a couple of years in the market at least proved to be serious until now, and with it they gained many followers in the world of cryptos.

P2P: Person to person: This is more than anything if you want to buy from a person who placed an ad on an exchange and to do so you must always take into account certain factors, such as reputation, when the exchange is likely to come out as high as you expected. You should also keep in mind that if the exchange is done person to person, it must take place where you feel safe or if it is recommended by someone you know. And never give your cell phone so that the counterparty can verify the transaction, there is no reason why the person who buys or sells you checks anything in your account and if he asks you to do so, refuse. Because they can either through computer manipulation get hold of your account or your seed phrase.

8) Scam a fraudulent project:

It is always possible when the scammers are very convincing and sophisticated. But investors are advised to always carry out due diligence and explore the «white paper» and other documentation on any digital asset initiative. Investigate everything you can before investing in any project; don’t invest just because a youtuber so-and-so recommended it, because several get paid to say that a project is the best and that it will be much more valuable. Always do your own research.

“The world of cryptocurrencies does not imply being as complex as it seems and being well informed and studying how everything works; it makes your job much easier.”

There are several ways to have your assets protected:

Seed phrases can be stored in hot or cold wallets. Cold ones that are outside the network (it can be on paper or even in a bank safe deposit box, but this term refers to the fact that they are not on the internet because it is much more difficult for them to be stolen by a hack, etc. hot wallets can be like wallets that are installed in browsers or come as an app.)

Having your assets in an exchange implies that you do not have your seed phrase, so no matter how secure the exchange is you also depend, so to speak, on a third party. Never save your seed phrases on your computer, because there are several ways that you can be hacked. Always enable second factor authentication and lockouts if you log in from an unknown location, little tips like these make you less vulnerable to these attackers.

To conclude, a little advice: First study and then invest; you have to know perfectly where you are putting the money that costs you so much to get…

By Dina Maldonado Mendoza for SOCINCE -News Agency for the Americas-

•