Bitcoin continues to hit new highs. Cryptocurrency newcomer Ethereum threatens to explode into its own bubble. Interest in blockchain, mining, and cryptocurrency is at an all-time high.
So why are cryptocurrency enthusiasts under threat?
Securing Digital Currency
Cryptocurrency is extremely popular. The early rise and boom of Bitcoin piqued interest for casual miners and international investment firms alike. The appeal is clear: a currency with a finite reserve, decentralized, and entirely digital. Cryptocurrencies are easily associated with darknet markets — where they’re put to “good” use — but developers are shrugging that image off. Bitcoin, and the underlying blockchain technology, can do more than line the pockets of drug-dealers.
But just as fiat currency is liable to theft and fraud, so are cryptocurrencies. And the allure is greater, too.
Thievery in the real, analog world requires direct action: finding a target, making a plan, executing it, hoping authorities don’t notice. Furthermore, there is a significant chance of error, and those errors can result in immediate death (you won’t rob many banks).
Whereas cryptocurrency is faceless. It is an anonymous wallet hash that is suddenly empty. The crime is remote, and the gains are easily tumbled (the digital equivalent of washing the cash). Tracking down stolen cryptocurrency is near impossible. And you have to believe that if someone has the technical nous to hack a website, or use malware to steal a cryptocurrency wallet’s contents, they’re going to know how to cover their digital tracks.
As such, the crimes (e.g. theft, fraud) are the same. But they have different outcomes after the fact.
Only as Strong as Code
The major issue is that cryptocurrency services are only as strong as the code their built upon. Meaning, if there is an obvious vulnerability in a website, you’d better believe someone will take advantage of it.
Case in point: over $30 million in Ethereum disappears because of a coding error. Luckily, a further $75 million was recovered by vigilante white-hat hackers and returned to their rightful owners. This massive theft comes just days after an Israeli startup, CoinDash, had $7 million worth of Ethereum hijacked.
“It is unfortunate for us to announce that we have suffered a hacking attack during our Token Sale event. During the attack, $7 million were stolen by a currently unknown perpetrator. The CoinDash Token Sale secured $6.4 million from our early contributors and whitelist participants and we are grateful for your support and contribution.”
CoinDash pledged to replace the stolen coins. But as Mikko Hypponen of F-Secure states, “If they cash in (and don’t think through how to do it right) they can be found. Not holding my breath.” Confidence in finding stolen cryptocurrency is extremely low throughout the security industry.
How Do They Actually Steal the Coins?
Well, duh, Bitcoins are just 1s and 0s, right? So you find a wallet, press Ctrl + C, and voila! The coins are yours.
Did you fall for it? Stealing cryptocurrency isn’t that easy. If it was, no one would bother mining or holding any coins, period. No, stealing cryptocurrency is a little more sophisticated than that.
Malware is one of the primary routes for cryptocurrency theft. Attackers use Trojans to infect coin exchanges and other services. Furthermore, there are widespread phishing attempts for Bitcoin and other cryptocurrency credentials. Alternatively, a Trojan infects a regular user, creates a backdoor for a RAT (remote access tool), and an attacker can gain direct wallet access. Then, transferring coins to another address is simple.
Unfortunately, specific details of hacks aren’t always available. The public normally just hear “something happened.” For instance, the $30 million Ethereum heist was due to “a vulnerability in Parity Wallet’s variant of the standard multi-sig contract.” The vulnerability allowed any person to call initWallet() and replace the site wallet address with their own. For an ambitious company? Mind-boggling.
Security researchers recently found code in the massive Mirai botnet designed to mine Bitcoin using IoT devices. Now, IoT devices are by-and-large extremely low power. It’ll be worthless if you turn your IoT kettle into a miner. However, hook hundreds of thousands of IoT devices up at the same time, and you have a different result. Yet another reason why IoT is a security nightmare.
As well as the massive amount of phishing for credentials, there are numerous scams designed to defraud cryptocurrency users. And they’re extremely similar to their offline counterparts. Classic Ponzi schemes, trust scams, con men, non-existent cloud mining schemes… the list is massive, and continues to grow.
“The company seems to have targeted a global category of aspirational investors who noticed the breathless coverage and booming valuations of cryptocurrencies and blockchain companies, but weren’t savvy enough to understand the difference between the real thing and a sham.”
How Do I Stay Safe?
Staying safe with cryptocurrency isn’t that difficult. As with all new and evolving technologies, it is about education. Cryptocurrencies are constantly evolving. New currencies appear. Older seemingly stable currencies die. And, at times, someone will disappear with $450 million in Bitcoin.
Furthermore, popularity encourages newcomers, of all technical abilities. It is easy to become a victim in a marketplace where you see nobody, numbers and currency are never physical, and the technology is evolving.
That said, the majority of cryptocurrency users have an excellent time. More people are mining than ever (hence the ridiculous prices for GPUs at the moment), and new crypto-services are appearing all the time. Let alone those services using blockchain technology.
Break It Down
Staying safe means considering a few different aspects of the cryptocurrency process.
- Computer security — You need to keep your computer updated. It needs antivirus and anti-malware software. Those programs must remain updated.
- Operational security — Strong, single-use passwords are a must. Many sites and services offer two-factor authentication so use it! Create secure, offline backups of your crypto-credentials. Buy a logless VPN, use that at home and in public. Seriously consider encrypting your technology.
- Cold storage — Keeping your cryptocurrency all in one place, and always online, is probably not a good idea (given that it can be stolen, or worse, “misplaced”). Cold storage refers to keeping your cryptocurrency reserve offline.
- Exchanges — Tying into cold storage is the next tip: don’t leave assets on an exchange. It might make things slightly easier, but you’re potentially setting yourself up for a big loss.
- Wallet — Use a cryptocurrency wallet that you hold both the public and private keys for. If a third-party has access to your private key, it is a potential vulnerability.
- Triple-check — Before you send cryptocurrency to an address, make sure it is the right one. I know, I know, sounds simple. But once that transaction is complete, there is no getting the currency back if you realize it is the wrong address.
- Research — Too good to be true? It probably is. Stop, search, read, and think before parting with your cryptocurrency.
Bitcoin, LiteCoin, Ethereum, and other popular cryptocurrencies are an exciting development in privacy, security, freedom, and currency. There are always setbacks with new technologies, and new ventures, too.
People get robbed every day. Bankers commit billions of dollars of fraud, and governments play fast and loose with gold reserves and more. The point being, we still use money, because it has value. Cryptocurrencies have value… and we’ll see how that value grows over time.
Do you have any cryptocurrency storage tips? What about any scams or tricks you’ve spotted? Let us know in the comments below!
Image Credits: tommaso79/Shutterstock