While the cryptocurrency community is still in its infancy, so too are many of its security measures.
This is, of course, no knock against the brilliant white hat-minded security specialists currently working on making crypto safe for us all. It’s just to say that these specialists’ more nefarious counterparts are just as industrious and genius—constantly working on ways to compromise your crypto.
Today, then, we’ll be going over some of the top ongoing cryptocurrency security concerns to bring you up to speed on active threats in the space.
“Bad Rabbit” malware
New so-called “Bad Rabbit” malware appeared in Germany, Ukraine, and Russia this past week, re-raising concerns that stolen NSA (National Security Agency) tools have been re-purposed by malicious players.
The malware works by encrypting users’ files and demanding a ransom worth approximately $300 in Bitcoin for these users to then receive the appropriate decryption key.
While this isn’t an exploit against crypto users per se, it could lock up all users’ data—including all your crypto investments if you don’t have a hardware wallet. Moreover, you’d have to pay the USD equivalent of $300 Bitcoin.
As ICOs are booming like never before, so are the phishers who are working overtime to get you to click on a link that could drain your crypto wallet in seconds.
Indeed, this terrible dynamic has been happening to amateur crypto investors and veterans alike in increasing numbers.
Take the recent high-profile case of Kori Williams, a social media company CEO who just had her MyEtherWallet account scraped after clicking on a phishing link in a Slack chat.
In Ethereum-related incidents alone, there have been $225 million in phishing scams against ICO investors since these scams began.
The “DUHK” attack—named after the warning, “Don’t use hard-coded keys,” is a new vulnerability that could compromise users’ crypto exchange login credentials.
The attack works by capitalizing on the faulty ANSI X9.31 RNG pseudorandom number generator algorithm (PRNG).
Key details of the PRNG have been physically encoded into countless commercial products, allowing these products to be reverse-engineered in such a way that the PRNG can be broken, revealing web session data and login creds.
Technically, then, this exploit could be used to gain access to crypto users’ exchange accounts—devastating, to say the least.
Crypto exchange attacks
Direct attacks against crypto exchanges are on the rise as well.
Many of these attacks have been coming against Asian exchanges, which should come as no surprise as cyber experts believe rogue state North Korea is behind these attacks. The North Koreans are trying to be as troublesome as possible for their neighbors, it appears.
For example, South Korea’s largest exchange, Bithumb, was hacked over the summer, which lead to the private information of over 30,000 customers being compromised.
Crypto users would hope their wallets are a bastion of protection for their hard-earned investments, but some Jaxx wallet users recently lost everything thanks to such hope.
Thanks to a security flaw in the way Jaxx handled backup security phrases, hackers began penetrating the accounts of Jaxx users, making away with over $400,000 in digital heists.
Per the Vx Labs report on the vulnerability:
Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down. Jaxx does not have to be running for this to happen.
The exploit just goes to show that hackers are constantly on the prowl for viable fault lines in crypto security. You should be as well, accordingly.
Instability around Bitcoin pushes users to other coins
As some Bitcoin users worry about the health of BTC in light of the coming hard-fork madness, some are hedging their bets on new coins—coins that seem as if they’ll be more stable, at least from a social/community standpoint—for the near future.
Moreover, many Bitcoin users who place a premium on privacy are migrating to privacy coins like Monero and Zcash (ZEC) thanks to the extra security benefits of these altcoins.
Security must improve
The crypto community has come a long way, but for it to stay viable in the short-, mid-, and long-term, security measures in the space must improve and continue to stay abreast of the latest possible exploits.
The good news, though, is there are brilliant minds currently working night and day to make that happen.
Featured Image via Fotolia