As cryptocurrency becomes more popular and the adoption rises, we see a related increase in the number of cybercrimes, fraud, and malware schemes. Criminals like to hunt and plunder where there is money! If you hold cryptocurrency or are using Web3 platforms, you need to be careful.
Among other risks, the latest method is to use a crypto drainer! Crypto drainers are malicious code injected into software and webpages that compromise the victim's crypto wallets or secret keys to drain the accounts.
This can be accomplished through:
- Phishing websites, emails, texts, and other social engineering practices
- Fake airdrops, contests, and ads
- Malicious digital contracts
- Fake exchanges, marketplaces, and crypto services
- And malicious or trojanized browser extensions
Crypto drainers are being productionalized for scale within the cybercriminal community, with Drainers-as-a-Service tools being offered to less savvy wannabe fraudsters. These packages include the malicious code, apps, social engineering functions, and back-end infrastructure to handle the unauthorized asset transfers at scale. Some come with management dashboards to oversee the progress of all the victimization, documentation, tutorials, system updates, and customer support!
Kits start at a mere $100, which is a low bar for many of the unscrupulous cybercriminals. The lure of high rewards, low effort, and a small investment will continue to bring many over to the dark side. Personal and corporate cybersecurity practices must be employed.
Some key recommendations for protecting crypto wallets include:
- Enable multifactor authentication (2FA or MFA) when available on your wallets
- Use hardware wallets or cold wallets for maximum security
- Don’t be phished or socially engineered! Never click a questionable link, install untrusted software, or provide your private keys!
- Avoid browser extensions! They can hijack your webpages and anything you input on them.
- Secure your seeds and private keys in a password manager or offline.
- Enable multifactor authentication (2FA or MFA) when available on your wallets
- Use hardware wallets or cold wallets for maximum security
- Don’t be phished or socially engineered! Never click a questionable link, install untrusted software, or provide your private keys!
- Avoid browser extensions! They can hijack your webpages and anything you input on them.
- Secure your seeds and private keys in a password manager or offline.
Watch your wallets for unusual activity – although if you see any, it will likely be too late for that wallet!
Cryptocurrency is great, but like any innovative and disruptive technology, the attackers are motivated to find creative ways to victimize users! Understand the risks, act securely, and be cautious.
For more Cybersecurity Insights, follow me on:
- LinkedIn: https://www.linkedin.com/in/matthewrosenquist/
- YouTube: https://www.youtube.com/CybersecurityInsights
- Substack: https://substack.com/@matthewrosenquist
- Cybersecurity Insights: https://www.cybersecurityinsights.us/
It's still like the wild west on the blockchain, but the govt want their piece of our pie too now. What a tight rope to try keeping your earnings from greedy others.
I too am a fan of crypto! Personally, I see the importance and value of paying taxes. I want my freedom, protection, services, etc. that my government provides. That said, there is waste and fraud. It is not a perfect system, but it is far better than the alternative.
As for cybercriminals, I don't like or appreciate them. In fact, I want my tax contributions to pursue those criminals and keep our crypto services and infrastructure better protected. Just my 2 satoshis.