Cryptocurrency users often fall victim to online hacks, as evidenced by high-profile cases like Mark Cuban losing nearly a million dollars from his digital wallet.
In this article, we will outline three simple guidelines that can significantly enhance the security of your funds. However, before we delve into these measures, it is important to understand the current threats.
FBI has clear evidence on the Lazarus Group
The Lazarus Group is a North Korean state-sponsored hacking group known for its sophisticated attacks, including the WannaCry ransomware attack.
One of their early crypto-related hacks involved breaching the South Korean crypto exchange Yapizon (later rebranded to Youbit) in April 2017, resulting in the theft of 3,831 Bitcoin, valued at over $4.5 million at the time.
The Lazarus Group’s activities in the cryptocurrency space have raised concerns about their support for the North Korean regime and evasion of international sanctions. They have been linked to high-profile cryptocurrency hacks, including the $620 million theft from Axie Infinity bridge Ronin.
According to the Federal Bureau of Investigation (FBI), the Lazarus Group is responsible for the Alphapo, CoinsPaid, and Atomic Wallet hacks, which cumulatively amount to over $200 million stolen in 2023.
Recently, the FBI attributed Lazarus Group to a $41 million hack of the crypto gambling site Stake, carried out through a spear-phishing campaign targeting its employees.
In addition, the blockchain security firm SlowMist revealed that the $55 million hack of the crypto exchange CoinEx was executed by North Korean state-sponsored hackers.
Most hacks involve social engineering and human error
Contrary to depictions in movies, most hacks occur through phishing and social engineering techniques rather than physical device access or password brute-forcing. Attackers exploit human curiosity or greed to deceive victims.
Hackers often impersonate customer support representatives or trusted figures, tricking victims into disclosing personal information.
For example, an attacker may pose as an IT support representative of a company and call an employee, claiming to verify their login credentials for a system update. They might use public information about the company and the target’s role to establish trust.
Phishing attacks involve deceptive emails or messages that coax recipients into taking malicious actions. Attackers may impersonate reputable organizations, such as banks, and send emails asking users to click a link to verify their accounts. The link leads to a fraudulent website where login credentials are stolen.
Baiting attacks offer enticing offers like free software or job opportunities. Attackers pose as recruiters, creating convincing job postings on reputable job search websites. To establish trust, they may even conduct fake video interviews. They send seemingly innocuous files, such as PDFs or Word documents, that contain malware.
How crypto investors can prevent hacks and exploits
Fortunately, despite the increasing sophistication of hackers, there are three simple steps you can take to secure your funds:
1. Use hardware wallets for long-term storage of your crypto assets. These wallets are not directly connected to the internet, providing high security against online threats like phishing attacks or malware. They keep private keys offline, away from potential hackers.
2. Enable Two-Factor Authentication (2FA) on all your cryptocurrency exchange and wallet accounts. This adds an extra layer of security by requiring a one-time code generated by an app like Google Authenticator or Authy. Even if an attacker steals your password, they cannot access your accounts without the additional code.
3. Exercise caution when clicking on links in emails and social media. Scammers often use appealing offers or giveaways to entice victims. Consider using separate “burner” accounts or wallets for experimenting with new decentralized applications and airdrops to minimize the risk of losing your funds.
Please note that this article provides general information and should not be considered legal or investment advice. The views, thoughts, and opinions expressed here are solely those of the author and do not necessarily reflect the views and opinions of Cointelegraph.