Hackers use three methods to steal digital assets that give them access to users’ crypto wallets. These techniques include using search engines, stealing data from the clipboard, and deception through liquidity mining.
Bitrace analysts have outlined information about safe crypto storage, highlighting three methods popular among cybercriminals for stealing digital assets directly from users’ wallets.
Among the main tricks hackers use are:
- Use of search engines. Cybercriminals use search engine optimization (SEO) techniques to promote their resources to the top of search engines like Google or Bing. Downloading cryptocurrency storage applications from similar, unverified sources results in hackers gaining access to all of a user’s assets.
- Clipboard data access. The process of automatically capturing or modifying copied text data from the clipboard is accomplished by installing special malware on the user’s PC. Hackers most often capture seed phrases to access crypto wallets, which users don’t enter manually but simply copy. Due to the copying of addresses for sending assets, attackers can also force users to send tokens to their addresses by merely replacing it in the clipboard.
- Liquidity mining. The scam scheme is that the user is offered a “high yield” for storing crypto. Moreover, the yield in such schemes is directly proportional to the number of coins stored in the cryptocurrency wallet. Thus, hackers force users to deposit a certain cryptocurrency by sending it to smart contracts that contain malicious code that allows attackers to access all funds on the wallet.
In order to protect their assets, users need to:
- verify all sources of crypto transaction apps before downloading them;
- minimize clipboard usage and regularly check their PC for malware;
- scrutinize the crypto project thoroughly and carefully before making a decision to invest in it;
- closely monitor where the funds are sent to and, in case of a security breach, immediately contact law enforcement authorities.
CP Media recently had an interesting conversation about the security of smart contracts with Mike Belous, Co-Founder and CTO of consulting company Psy Labs.