Recently I delved into the issues of investing in crypto and understanding the dangers of various coins based on the size of their blockchain.
As discussed there, the need to control 51
percent of a currency’s ledger record means that the bigger (and faster) a
network is, the harder it is to access the necessary nodes and keep up with
My conclusion (and I’m essentially a noob) was
that the coins themselves are difficult to hack, but what about individual
holdings such as software-based wallets or online accounts?
That’s where real digital danger lies.
In this article, I’m going to lay out the most
common threats to your digital pocketbook.
Nothing New Here
For the most part, cryptocurrencies are just another item of value and like many other digital items, access to where records are held can be enough to defeat our individual (often inept) security measures.
Like your online bank account, if someone can
gain access to that account with your details and password, they might easily steal
all of your money with a click of a keyboard.
The methods used to do this are not dissimilar
to how local crypto wallets (stored on a device) or remote exchange accounts
might be compromised.
To gain access to your funds, thieves can take
several approaches from stealing your ID or password to convincing you to send
the funds yourself.
If you have a healthy interest in all things deceptive, these tactics will be quite familiar.
The fact that most digital currencies are
unregulated creates a Wild West aspect that attracts online bandits and offers
them a degree of impunity compared to other forms of theft.
As a result, the diversity of thinking from this
new generation of fraudsters can create remarkably complex or elegantly simple
methods for taking your money.
How They Find You
With any con game, knowing what a potential target wants is the foundation upon which most scams are built but scammers also need to target victims with treasure that’s worth stealing.
Online profiling can create a catalogue of
viable crypto investors simply by trawling forums, video comments and social
media groups while collecting any available data from these sources.
With your email, phone number and real name,
scammers can attack people in several ways so fostering a disposal identity
that’s difficult to connect to your own might be a good strategy in terms of
protecting your true identity.
I don’t particularly care for anonymous online
interaction since it tends to foster negative discussions, insults, lies and
general bad behavior but when it comes to not revealing yourself as a target
for thieves, an alter-ego might not be such a bad idea when publicly discussing
I leave that up to you but please, act
An important factor is that there are a lot of
new investors vulnerable to many forms of attack and crypto seems to attract a
certain type of investor who tends to be overconfident in the face of much more
Like a brand-new chess player convinced they
could hold their own against a grandmaster when in fact, they’re almost certain
to lose; whereas a more intelligent beginner might have the self-awareness to recognize
when they’re sitting opposite a superior opponent and expect the inevitable.
This is nothing new and poker players everywhere have learned the hard lessons of hubris only to take full advantage when tables are turned later in their playing careers!
How They Get You
An exhaustive list or description of methods
might fill a book so take these are merely examples of how scams might catch
you. You should always be aware that new variations are common.
You will hopefully recognize all of these tactics from other types of scams but that does little to help if you don’t remain vigilant when trading online and accept that you might be outplayed and outgunned if you fall into a well-concealed trap.
Traditional methods like phishing, where an email or online communications trick people into accessing bogus sites and/or installing (openly or secretly) malware onto their devices remain successful.
No matter how hard we try, there will always be
a link we shouldn’t have clicked or a page we shouldn’t have opened.
A key component to the success of phishing is
timing and while billions of emails might be sent in the hope that a few will
fall into a victim’s inbox just after they’ve spoken to the bank or company
being emulated; crypto scams can make excellent use of data trawled from the
sources previously mentioned and be almost tailored to individual recipients.
A powerful tactic is to find subscribers to
certain websites, channels or individuals and then spoof these sources to make
it look like you are talking to someone you may already trust.
Recently, multiple celebrities were hacked and
their online identities used to advertise a giveaway of cryptocurrency where
any amount of crypto sent to them would be doubled and quickly returned.
Of course this sounds like a scam, but the fact
it came from verified sources (apparently) gave it enough credibility and
inherent trust in these famous accounts trapped lots of people into foolishly
sending their money.
2. Infestment Opportunities
Malware can come from many sources and now that
the incentive to hunt and steal digital currency is high, don’t think that
dodgy emails or texts are the only ways to get past your personal security
Genuine software updates from major companies
have had viruses incorporated at source and it’s only a matter of time before
one of the big two operating systems has a disastrous event baked into its own
code that might trigger before it can be recognized.
Hardware is also a very real danger and anything
you plug into your computer might have something unexpected lurking inside.
Personally, I’m hyper cautious about all USB
sticks and hard drives to the point where I would prefer to use one device
purely for financial matters and protect it from all other unnecessary software
I recently heard of a USB flash drive company sending
tens of thousands of sticks to corporate clients, each with a virus on board
waiting to find the right conditions for a digital heist.
It’s easy to become super-paranoid but a little paranoia is warranted in the face of unwanted parasites infesting seemingly legitimate products and providers.
3. Online Imposters
Unsurprisingly, fake websites have become
increasingly common as a way to facilitate various types of crypto theft and
these sites might run for hours, days or months before recycling into a
different form with a similar name.
Fake websites might be a complete copy of a recognized
legitimate site but with a tweaked URL to fool those who don’t double check
such things and still click through from emails.
Social Engineering attacks often direct people to these bogus sites and encourage them to create accounts or enter details that might be useful elsewhere.
This type of attack uses human-to-human
(apparently) engagement to gain trust or manipulate people into giving
sensitive information or taking actions that compromise their personal online
You can check these sites for yourself with services like Crunchbase but if you don’t know what you’re doing or have any reason to doubt, my advice is to stick with well-known exchange sites and always check the URL you’re using.
Your Best Defense?
As Mr. Miyagi says, the best defense is to “no
I’d caution anybody about getting too deeply and too openly involved in any financial venture without learning as much as you can about what’s safe and what’s not and to always recognize that the less you know, the more vulnerable you are.
Make sure your passwords are as strong as
possible and be equally careful with password recovery methods that should be as
strong as the password itself.
Think of it this way: if you have a 50-digit
password with numerals, letters and symbols but your password can be recovered
by knowing the name of your dog or grandmother’s maiden name, you’re not as
safe as you think you are.
By using two-factor authentication on all your accounts, tracking all wallet or exchange activity, deleting any remote access software that might be on your devices and using advance phrase recovery for your accounts, you minimize the chances of being scammed.
And of course, make sure your anti-virus
software is up to date on any devices you use for financial purposes.
Such steps will make you a harder target but if
hackers smell blood in the water and concentrate their efforts on any one of us,
it’s only a matter of time before they break through.
And if you do get hit, stop all activity
immediately, reset passwords and report it immediately to your brokerage.
If at all possible, have a trusted, verifiable
source for advice on how to navigate the minefield of cryptocurrencies.