From cryptojacking to social engineering and keylogger attacks, there are plenty of ways for hackers to get their hands on your crypto. According to Ledger CEO Eric Larcheveque, cryptocurrency is the easiest asset in the world to steal. So, don’t make it even easier for hackers by allowing your cybersecurity to be overly lax.
What are keyloggers?
A keylogger is a piece of software that records any text an infected user inputs into the keyboard. It then passes on the recorded data to a hacker. Since keyloggers record keystrokes made by computers, they’re extremely dangerous in cryptocurrency.
Lead engineer and blockchain developer at Rate3 Wai Hon explains: “Users’ private key information can be stolen or exposed once they enter it onto a device, such as a web wallet like MetaMask or MyEtherWallet while accessing their wallets”.
Keylogger attacks could be potentially catastrophic for cryptocurrency users depending on the amount of crypto you hold. After all, if you lose your private keys, you’ll almost certainly lose all the cryptocurrency you own. Hackers can authorise transactions to and from the target wallet.
According to the Security Team at Cindicator, a tokenised fintech company that uses predictive analytics to make market forecasts, it’s important to be aware that keylogger attacks rarely affect just one device. They more commonly appear as elements of more complex viruses.
“These complex viruses may include modules with the following capabilities: recording what is happening on the screen, recording anything copied to the clipboard, accessing the infected user’s file system, recording the user via webcam, recording internet browsing history, and so on”.
The threat level of keylogger attacks thus increases as a result. It also means that not even cold wallets provide a safe harbour. They can also be assessed on the infected user’s computer.
What are the chances of keylogger attacks happening?
There are plenty of viruses out there, and increasingly more creative ways for hackers to get hold of your funds. But just how common are keylogger attacks? According to Security Magazine, cryptojacking is still the biggest threat to watch out for in 2019.
However, since most cryptocurrency platforms ask users to key in their password and set up multi-factor authentication, Dey warns that “all this information can be silently harvested by the keylogger and sent back to the malicious hacker”.
Moreover, as technology advances, so does the threat of cybercrime. Keylogger attacks have now become more sophisticated and often go undetected by free antivirus software.
How can you avoid keyloggers when keeping your crypto safe?
Use antivirus software
Your first safeguard when it comes to protecting yourself from a keylogger attack is practising basic cyber hygiene. This begins by using antivirus software and making sure that it is up to date.
The Cindicator Security Team say, “this will provide security in the case of a mass attack where hackers prioritise quantity of machines attacked over quality. If you are the main target of hackers, however, antivirus software may prove useless”.
Follow basic computer literacy and cyber hygiene
Beyond antivirus software, general computer literacy and basic precautionary measures can play an important role. This means staying alert when surfing the net, not opening links from unknown sources, and being wary of attachments.
You should also double and triple-check the website that you’re entering your username and password into, particularly when it comes to using a cryptocurrency exchange.
Take extra care during transactions
Wai Hon explains that you need to be particularly vigilant during transactions: “Check the receiver address when copying and pasting addresses as malware can swap addresses from one to another, and this is indicative that an account has been compromised”.
Use a hardware wallet
One of the best ways to keep your cryptocurrency safe is to use a cold wallet. However, this doesn’t guarantee your safety once you connect your wallet to the internet.
Head of technology and co-founder of Zilliqa Yaoqi Jia warns: “Keyloggers can be used to steal users’ private keys, which can then be used to transfer tokens from cold wallets, and also to record users’ passwords on exchanges in order to withdraw tokens from their accounts”.
Try a human-readable address
While the majority of wallet addresses are machine-readable, there are currently several initiatives to make them human-readable. This will greatly improve the user experience and allow users to instantly notice if an address has been changed.
FIO Protocol is one such solution that wallets and exchanges could adopt to protect users from keyloggers. The project has the backing of ShapeShift’s Erik Voorhees as well as other major supporters such as KeepKey, Coinomi, and Mycelium.
A little glimpse of the future of crypto payments. FIO live alpha demo. Decentralized & cross-blockchain. Builders keep building through the market bloodshed. https://t.co/tfAEea8Xy5 And FIO website here: https://t.co/WSRnQvDMX9 @joinFIO #bitcoin #ethereum #blockchain
— Erik Voorhees (@ErikVoorhees) November 28, 2018
Its creator, David Gold, says that hackers “would have to change a human-readable FIO address which a user would quickly see as not being the correct one. In addition, if the FIO Request for Send was used, there would be no way for a hacker to get in the middle of the transaction via a keylogger”.
Like all cyber threats, you should be vigilant when it comes to keylogger attacks. In many cases, you can avoid them by using common sense. They don’t call it the ‘Wild West’ for nothing, so it pays to be on your guard.