There can be no larger problem than a security compromise in the crypto universe through phishing scams and hacks. Over time, there have been quite a few – both small and large. While some of the largest cases might have made mainstream news (think Coincheck with $534 million in funds stolen), the smaller ones often go unheard.
Below, we will take a look at various ways that crypto wallets can be hacked and phished, including the measures you can take to ensure your digital assets are completely secure from bad actors.
While most hacks drain funds from users’ wallets after gaining possession of their private key(s), if you hold your private keys and recovery phrases on a piece of paper (cold storage), that does not mean your funds are completely safe.
What matters is not that you have a paper wallet, but how you store it -both safely and securely.
Do not just leave it lying around, or even have it with you wherever you go. If, by any chance, someone who comes upon it understands what it is, they could drain your wallets after gaining access to your handwritten private keys. With just a few clicks, dishonest individuals with malicious intent can instantaneously send your crypto assets to a wallet of their own.
Proponents of cold storage methods should store the paper that contains the details of their wallets in a secure place, such as a safe.
Fishy Crypto Add-Ons
Not all add-ons designed for cryptocurrencies are safe.
For example, MEGA Chrome Extension, which aimed to provide faster page loading times and a secure cloud storage service, was ultimately compromised in September of 2018. MEGA extracted users’ private keys if they logged in to MyEtherWallet using their browser after installing the extension. This lead to a harsh response from Google, who felt they had no other choice other than deciding to remove the add-on from their store and disable it for users who already had the extension installed
Thus, before installing any crypto-related add-ons, perform your due diligence and always do your own research (DYOR) first. Although, it remains a good practice to avoid installing software from unverified sources altogether whenever possible.
Compromised Public Wi-Fi
And yes, this especially goes for those who love to work in public spaces – an attack known as “KRACK” (Key Reinstallation Attack) can reconnect devices of Wi-Fi users to a network controlled by hackers.
Thus, if at any point you send any personal details (which may include details of your crypto wallet), hackers can easily download and access them to steal your digital assets. While various attempts to guard against this vulnerability, the KRACK is still active, with the latest log of its infestation recorded in October 2018.
Disclaimer: We recommend entirely avoiding logging into any public Wi-Fi networks when you are sending or accessing sensitive information.
Clones and Phishing
Clones are often imitating legitimate crypto projects or even Twitter accounts of famous crypto figureheads. Phishing attacks come in many varieties, and for a quick example, you can see by logging in to crypto-Twitter.
Various accounts of people like Vitalik Buterin, the founder of Ethereum, have been impersonated by hackers (Elon Musk even got his hacked). While the people/websites that hackers are impersonating and imitating may vary, the usual modus operandi is the promise to crypto users some exponentially greater amount of a crypto-asset, in exchange for them to send a certain amount of the asset first to a wallet address provided by the hacker. If you ever see an offer like this – stay away.
The only thing one can suggest here is a bit of common sense: think – who would want to suffer a loss by sending more money than they receive?
Cryptojacking Through Malware
Cryptojacking itself is implanting malware that performs hidden mining by using a users’ computational power.
At times, the malware may come equipped with the ability to read your personal information, including details of your crypto wallets that you may have stored on your computer.
And so comes double the risk: not only is your computer being used for free by the hackers, but they could – at any time – send your crypto assets over to their wallet. To prevent this, have reputable antivirus and antimalware software installed on your device.
There are other general things that you can do to ensure the security of your wallets.
Avoid centralized exchange wallets. Whenever possible, try not to use exchanges as your stash for crypto wealth – despite the degree of trust you might hold on them, you are not 100% in control or aware of what is happening in the day-to-day operations in a centralized exchange (CEX).
When choosing a cryptocurrency wallet, safety should be the primary factor in considering your choice – use only the most secure wallet with up-to-date multi-signature features if using a desktop. When choosing your wallets, always take your time and DYOR.
You can find guides for secure wallets compatible with Uniswap on the Swapfolio Wiki page to ensure you’re able to enjoy everything the Swapfolio app has to offer without compromising the safety of your hard-earned crypto!
If you want to learn more about Swapfolio from the team members, or the community itself, consider joining our Telegram group! There are always enthusiastic $SWFL supporters and team members ready to answer questions and help out with any problems you may have.