From cryptojacking to social engineering and keylogger attacks, there are plenty of ways for hackers to get their hands on your crypto. According to Ledger CEO Eric Larcheveque, cryptocurrency is the easiest asset in the world to steal. So, don’t make it even easier for hackers by allowing your cybersecurity to be overly lax.
A keylogger is a piece of software that records any text an infected user inputs into the keyboard. It then passes on the recorded data to a hacker. Since keyloggers record keystrokes made by computers, they’re extremely dangerous in cryptocurrency.
Lead engineer and blockchain developer at Rate3 Wai Hon explains: “Users’ private key information can be stolen or exposed once they enter it onto a device, such as a web wallet like MetaMask or MyEtherWallet while accessing their wallets”.
Keylogger attacks could be potentially catastrophic for cryptocurrency users depending on the amount of crypto you hold. After all, if you lose your private keys, you’ll almost certainly lose all the cryptocurrency you own. Hackers can authorise transactions to and from the target wallet.
According to the Security Team at Cindicator, a tokenised fintech company that uses predictive analytics to make market forecasts, it’s important to be aware that keylogger attacks rarely affect just one device. They more commonly appear as elements of more complex viruses.
“These complex viruses may include modules with the following capabilities: recording what is happening on the screen, recording anything copied to the clipboard, accessing the infected user’s file system, recording the user via webcam, recording internet browsing history, and so on”.
The threat level of keylogger attacks thus increases as a result. It also means that not even cold wallets provide a safe harbour. They can also be assessed on the infected user’s computer.
There are plenty of viruses out there, and increasingly more creative ways for hackers to get hold of your funds. But just how common are keylogger attacks? According to Security Magazine, cryptojacking is still the biggest threat to watch out for in 2019.
Embedded AI scientist at the University of Essex Somdip Dey further adds that while threats from keyloggers are still “very plausible”, there are “more pressing threats such as Sybil attacks”.
However, since most cryptocurrency platforms ask users to key in their password and set up multi-factor authentication, Dey warns that “all this information can be silently harvested by the keylogger and sent back to the malicious hacker”.
Moreover, as technology advances, so does the threat of cybercrime. Keylogger attacks have now become more sophisticated and often go undetected by free antivirus software.
Your first safeguard when it comes to protecting yourself from a keylogger attack is practising basic cyber hygiene. This begins by using antivirus software and making sure that it is up to date.
The Cindicator Security Team say, “this will provide security in the case of a mass attack where hackers prioritise quantity of machines attacked over quality. If you are the main target of hackers, however, antivirus software may prove useless”.
Beyond antivirus software, general computer literacy and basic precautionary measures can play an important role. This means staying alert when surfing the net, not opening links from unknown sources, and being wary of attachments.
You should also double and triple-check the website that you’re entering your username and password into, particularly when it comes to using a cryptocurrency exchange.
Wai Hon explains that you need to be particularly vigilant during transactions: “Check the receiver address when copying and pasting addresses as malware can swap addresses from one to another, and this is indicative that an account has been compromised”.
One of the best ways to keep your cryptocurrency safe is to use a cold wallet. However, this doesn’t guarantee your safety once you connect your wallet to the internet.
Head of technology and co-founder of Zilliqa Yaoqi Jia warns: “Keyloggers can be used to steal users’ private keys, which can then be used to transfer tokens from cold wallets, and also to record users’ passwords on exchanges in order to withdraw tokens from their accounts”.
While the majority of wallet addresses are machine-readable, there are currently several initiatives to make them human-readable. This will greatly improve the user experience and allow users to instantly notice if an address has been changed.
FIO Protocol is one such solution that wallets and exchanges could adopt to protect users from keyloggers. The project has the backing of ShapeShift’s Erik Voorhees as well as other major supporters such as KeepKey, Coinomi, and Mycelium.
Its creator, David Gold, says that hackers “would have to change a human-readable FIO address which a user would quickly see as not being the correct one. In addition, if the FIO Request for Send was used, there would be no way for a hacker to get in the middle of the transaction via a keylogger”.
Like all cyber threats, you should be vigilant when it comes to keylogger attacks. In many cases, you can avoid them by using common sense. They don’t call it the ‘Wild West’ for nothing, so it pays to be on your guard.
Singapore, Singapore, 19th September 2024, Chainwire
Grand Cayman, Cayman Islands, 12th September 2024, Chainwire
Warsaw, Poland, 20th August 2024, Chainwire
Singapore, Singapore, 20th August 2024, Chainwire
Grand Cayman, Cayman Islands, 26th July 2024, Chainwire
As usual, the crypto market is keeping everyone guessing what could happen next. After an…