Current security threats in crypto and how to mitigate them

Threats

Malware

Malware or malicious software, is a blanket term for any kind of computer software with malicious intent. Most online threats are some form of malware.

Phishing

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

https://metamask.io/phishing.html

I like to recommend people to use MetaMask, it does a really good job at spotting phishing site, even though it’s not its main purpose.

— MisterCh0c

Judgement should be your first line of defense, phishing attempts usually appeal to fear in case you don’t take immediate action, and greed for a “once in a lifetime opportunity”, if its too good to be truth, it might not be that good. Be skeptical of everything you receive on your inbox.

22 Social Engineering Red Flags

SMS 2FA

2FA (second factor authentication) is the use of two independent mechanisms to verify the identity of a user, in this case an SMS (text message) with the access code will be sent to your mobile.

Juice jacking

Juice jacking is a term used to describe a cyber attack wherein malware might be installed on to, or data surreptitiously copied from, a smart phone, tablet or other computer device using a charging port that doubles as a data connection, typically over USB.⁴

PortaPow 3rd Gen Data Blocker

Or wear a USB condom on your power cable.

— TheCrypt0Mask

Data snooping over VPN

A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.⁵

Passwords manager vulnerabilities

A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand.

Hardware Wallets Vulnerabilities

A hardware wallet is a special type of bitcoin (or cryptocurrencies) wallet which stores the user’s private keys in a secure hardware device.⁷

How to avoid hardware wallets vulnerabilities?

Hardware wallet have very few vulnerabilities that we should be worried about, but here are a few recommendations:

  • Always make sure the address you are sending cryptocurrencies is the same as prompted on you hardware wallet, if its different you might be being subject to a MIM (Man in the Middle attack).
  • Never leave your hardware wallet unattended or exposed to a third party access where it could be updated with an unwanted firmware.
  • Keep your passphrase recovery in a different place than your hardware wallet, not on a digital form, but on paper, or even better on Titanium, and store on somewhere only you have access, i.e. a safe.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store