Latest on ATNET:

#spend-your-crypto #yield
#portfolio-diversification #defi
NEW STRATEGY   Nft trading  · 09/04/21

Security Threats for Crypto Traders in 2020

Altcoin Trading Blog
08/11/21 · Reports

Note: This report was written in 2019 and remains published for reference purposes only.


What kind of threats can we as crypto traders and hodlers expect in 2020 and what are the ways to protect our holdings?
Crypto Trading Strategy - 5 Weeks of Onboarding Reads: Subscribe and select "All Posts" or "Strategy & Security" as your preference.
 

Malware and exploits are a real maturing industry, the times are long gone when you had to be a literal high-tech lowlife in order to hack someone.

As we reported back in 2018, you can get Malware-as-a-Service for measly 20 bucks if you’re ok to try your luck with something generic in hopes there is still some low-hanging fruit left.

It’s going to be more expensive than that if you’re targeting a particular segment of the internet, especially if your target is more technically skilled than an average 70-year-old, but then these targets usually earn more when the attack succeeds. In the end, the investment may pay off.

This scenario is probably what we have been seeing in 2019 in cryptospace: Cryptocurrency-related crime and targeting of crypto-traders grew especially in the second half of 2019.

That means it’s probably making good money.

Crypto-targeted threats: What are the dangers in 2020?

Because individuals involved in crypto are high-value targets, the attackers started milking as much as they can out of every successful hack.

If you become a victim, your machine will most likely get exploited in multiple different ways.

  • Typically your device will be searched for competing malware or hidden mining software, which will be either wiped out or redirected to the latest attacker who gained access to your stuff.
  • You will be scanned for cryptocurrency wallet files - bitcoin wallets, altcoin wallets, multicoin wallets. Don’t think that using little known wallet will protect you.
  • Next your device will be searched for anything related to cryptocurrency exchanges and crypto trading platforms: Any stored access credentials, 2FA backup codes, keys.
  • You will possibly get a keylogger or similar to learn your access credentials to wallet software, exchanges and also to your email - a hacked mailbox is valuable. Even if it’s not possible to restore passwords through it, it can be at least used to send off spam campaigns from a “legitimate” email account.
  • Last but not least, if your infected phone or laptop is not a model from the year 1960, it will probably have some spare capacity for illicit Monero mining.

Crypto malware in 2020: Distribution

How are you most likely to get exploited?

Clicking on an email or social media link you did not expect

An IRS or similar official-looking file in an e-mail attachment is an old classic, but remember it might be coming from the email of someone you know if they got exploited.

Security Threats for Crypto Traders in 2020

Fake “Action required”

It could be the web wallet from blockchain.com, other hosted wallets or even trading platform accounts. If your e-mail got exposed in relation to some leaked data, as it probably happened with most of you in the 2019 BitMEX mass email fuckup, sooner or later you will get phishing emails prompting you to reset passwords or similar.

Some of these are very good - the email design will be the exact copy of what you’d get from the real site just like the imposter landing page you will end up at. Some attackers even create fake companies to buy SSL certificates for their imposter sites.

Infected trading software and trading apps

This is the most recent way of targeting crypto traders who use Mac, once the platform without viruses. (Yeah, those days are long gone too.)

The malware was hidden inside an innocent-sounding CrashReporter executable in a clone of a real Mac app for trading on multiple platforms from a single place, a popular feature that active traders and arbers always search for.

From sentinelone.com – A fake company website offering “Advanced trading functions for cryptocurrency traders that includes: technical and fundamental analysis, automated trading and many other innovative features” was used to lure victims to a Github repo containing malware hidden inside an otherwise functional application.

You see that the app was distributed via Github, not via some obscure website you never heard of.

How to protect your crypto

You might feel threatened about technically complex and expensive to pull off vulnerabilities in hardware wallets, yet meanwhile it’s getting dangerous out there.

Potential dangers come from downloading any new crypto wallet, trading application or anything that could be of interest to crypto traders - including memes which can carry steganographic payload.

It is always safer to have a triered device system for crypto, including a burner device that you use as a dumpster for every activity that is potentially dangerous.

Latest Airdrops

Total 700k USD pool in Braintrust contest - until 30 Sep
BrainTrust is a gig marketplace like Fiverr. To promote their token launch, they are airdropping some to the total of 537 winners. The first prize amounts to 35k USD, the lowest tier winners get 700 USD each.
Provide liquidity and earn $GOC - weekly
Due to great demand for liquidity on the PancakeSwap exchange, there will be a $GOC airdrop to top 10 liquidity providers in the GoC/BNB pool on PancakeSwap.🥞 Snapshots of the top 10 liquidity providers will be taken every Friday at 10 am UTC. This is a recurring airdrop.
NFT airdrop Metacoin - 21 Sep
The Korean Metacoin project drops NFT gifts on 21 Sep which is a holiday in Korea.