Cryptocurrency exchanges are a prime target for cybercriminals who are looking to acquire cryptocurrency though out the world. About $731 million have been stolen during exchange hacks in the first half of 2018, according to blockchain security experts CipherTrace. Majority of these hacks have involved attacked exchanges’ infrastructures and there are also hackers out there targeting individual investors of cryptocurrency.
“What we’re seeing is a shift away from the exchanges to the users — so things like phishing attacks, and trying to trick people into giving money to them,” Tom Robinson, co-founder of Elliptic, a London-based company that tracks and prevents criminal activity in cryptocurrencies. They have seen an 5 fold increase of cybercrime attacks in the beggining of 2018.
“The types of people who are starting to use and buy bitcoin are much less technically sophisticated now, and so are much more vulnerable to phishing attacks,“ he adds.
You will discover the three most common ways hackers attempt to steal your digital assets & holdings on exchanges.
If you are an active cryptocurrency miner or investor and you are very vocal and always posting it to social media like FB or Twitter then you are most likely be recieving tons of email from an cryptocurrency exhange that requires you to login using a link in the email. That's a hundred percent phising scam to get your login credentials.
Other hackers may be easily detected but they upgraded their emails that may look like a real customer notifications from legit exchanges. It is adviced to be more observant whenever you recieve and email from any exchange. For you to have your credentials safe, you must only login to the given valid website that you usually use.
Fake Phishing Exchange Websites
There are lots of fake phising exchange websites around the web. It is been said to be a popular tool for hackers to gain access to any crypto investors credentials.
When you type the name of an certain exchange into Google, you will usually see exchanges listed after you click the search button. However, there are ads that would take you to a fake phising exchange website that looks almost the same to the original exchange website and the only purpose is to steal your login name and password.
Google has started to takedown this ads but still there are lots of new fake phising websites due to upgrades of these cybercriminals.
Email Address Hacking
It is said the most dangerous method is hacking your email account. Hackers has found a way to reset an account password. They usually provide the names, address and even a personal phone number by using an FB account. There are some other ways aside from personal data hack.
If you have two-factor authentication set up for your email account - which is common for Gmail accounts for example - then a hacker is able to exploit the Signalling System No. 7 (SS7) vulnerability in telecom networks to gain access to your mobile phone’s text message functionalities then the password can be reset for your email account, which can then be used to reset the password on your bitcoin exchange account.
If you want your account to be secure, make sure to look carefully the link or website to avoid the loss of your account.