Electronic money is a type of alternative currency that does not depend on a central bank or entities. They are being used more and more frequently to pay for various products and services, being attractive for users as well as for cybercriminals. That is why the cybersecurity company ESET published an analysis about an analysis of the most important attacks suffered by these cryptocurrencies in the last year and provides advice to protect them.
"During 2017, cyber attacks against infrastructure providers were identified, including high-profile theft of users' virtual assets. In addition to targeting online currency suppliers, trade and mining exchanges, and other related services, attackers are also targeting investors and industry employees, "said Denise Giusto Bilic, IT Security Specialist at ESET Latin America.
The ESET Latin America Research Laboratory analyzed some of the most notable cybersecurity incidents that occurred in the cryptocurrency market, given that the enthusiasm for its success, gave a revenue of $ 4 thousand MDD at the beginning of last year, created a perfect scenario for cyber crime:
Targeted attacks: In February the home computer of an employee of the South Korean exchange house of bitcoin and ether, Bithumb, one of the most important in the world, was attacked. The data of more than 30,000 customers was compromised, being used for deviations of bitcoins over one million dollars.
Deception: Some $ 7.4 million ether, a currency similar to bitcoin, was stolen from investors, tricking them into sending their electronic money to a fake address. The same happened with potential investors in Enigma, Ethereum's platform, where they were tricked into sending $ 500,000 in 'cryptocurrency' with 'pre-sale' tokens to the attackers' account.
Security cracks: Another known attack had to do with a Parity encoding flaw, an Ethereum wallet, which facilitated the theft of around 150,000 cryptocurrency tokens. The value at that time was more than $ 30 million.
Social engineering: At the end of the year, the payment system of a cryptocurrency mining market based in Slovenia was looted, an equivalent of $ 64 million was stolen. The company described the breach as a "professional attack with sophisticated social engineering."
"Virtual currencies seek to obtain money from increasingly larger sectors of society. The deceptions are made to catch the imprudent, especially those users who do not have the most adequate security measures. It continues to be seen how, in the long term, the number of risks inherent in these new currencies, the fundamental security challenges they face and the increasingly stringent regulations result for the virtual 'money' and its fan group. Unless the countless security concerns are addressed, more and more people will be involved with this currency that will have to face the different risks along the way, "added Giusto Bilic.
So, how can we protect our valuable but vulnerable cryptocurrency? For that we bring you the following recommendations:
• Use a Bitcoin client. Regarding privacy, in addition to hiding the IP address, you can use a Bitcoin client that allows you to change to a new address with each operation. In addition, transactions can be separated categorically in different wallets, according to their importance: a recommended practice is to keep a wallet for daily transactions with small amounts, to recharge when necessary.
• Protect the identity. Be careful when sharing transaction data in public spaces to avoid unveiling the identity in conjunction with the Bitcoin address.
• Use a "custody service". When it is necessary to make a purchase / sale and you are not sure who is on the other side, you can use a "escrow service" -from English escrow service-¬. In these cases, who must make the payment sends their bitcoins to the custody service, while waiting to receive the item they requested. The seller knows that his money is safe in the custody and sends the agreed item. When the buyer receives the merchandise, he notifies the custodian so that the purchase can be made.
• Make a backup of the virtual portfolio and encrypt it. With regard to physical warehouses, like any backup policy of critical importance, it is advisable to make frequent updates, use different media and locations, and keep them encrypted.
• Avoid using portfolios on mobile devices. Especially when it comes to large sums of money, you should avoid using mobile devices as these can be lost and / or compromised. Moreover, in these cases it is preferable to keep the wallet on computers without any Internet connection.
• Consider using multiple signature addresses. In the case of corporate transactions or that require a high degree of security, it is possible to use multiple signature addresses, which involve the use of more than one password, usually stored in distant computers in possession of authorized personnel. In this way, an attacker will need to compromise all the computers in which the keys are found, to then be able to steal the bitcoins, which will make his task difficult.
• Delete a virtual portfolio when it is no longer used. Eliminating a virtual portfolio when it is no longer useful requires a careful process to verify that it has been completely destroyed. It is necessary to take the trouble to locate any possible copy that may have been created, by the user or the system, and perform this same process.