The boom of crypto currencies has attracted not only many hungry investors, but also hackers. Some common attack vectors are now known, such as sim hijacking and clipboard hacking. Who knows how, can protect their money relatively easily against a cyber attack.
Sim hijacking bypasses the 2FA
The weak point in so-called Sim Hijacking or Sim Swapping is not the users, but mostly the mobile network operators. The attack could hit anyone who uses their phone number for a so-called 2-factor authentication (short: 2FA).
With the 2FA, the login requires two independent confirmations that it is actually the real user. On the one hand this is the usual login password, on the other hand it is a unique code which is displayed by e-mail, SMS or in an application. After logging in with the user name and password, you then have to enter the unique code.
If a telephone number is specified as the second factor, attackers can proceed as follows: They call the relevant mobile operator and ask it to rewrite the phone number on a new SIM card controlled by the hacker. In most cases, mobile operator customer service rejects such requests, but attackers can repeat the process until they get a service representative on the line to grant them the request. Once this hurdle has been cleared, the codes are now sent by SMS to a new SIM card. This bypasses the second factor and the hacker can dial into the foreign account.
You can only protect yourself against this attack to a limited extent, for example by being very careful about giving out your mobile phone number and not bragging about your own wealth. In principle, however, a 2FA via SMS is not advisable, and you should rather use an authenticator program such as Google Authenticator. This program often generates a new code per minute to authenticate yourself. A 2FA with an external application is the safest way to protect yourself against hackers.
Clipboard Hacking changes the receiving address
A further attack vector is changing the clipboard when a user copies receiving addresses of a crypto currency. The hacker replaces the copied address with an address of his choice and can thus, if necessary, direct the transaction to himself.
You can only protect yourself against such attacks with special care. It is therefore necessary to thoroughly check the receiving address before a transaction. Hardware wallets such as the Trezor and Ledger offer a further form of 2FA in that the receiving address is also shown on the display of the hardware wallet itself.
Do not be phished
Again and again, websites appear on the Internet that are identical with large crypto exchanges and wallet providers. MyEtherWallet and Trezor were already victims of such attacks in 2018. If the user does not pay attention to the authenticity of the website and enters his login data, he may serve the hackers his information – and the money associated with it – on a silver tray.
You can tell whether you are actually on the stock exchange’s website or not by the “https://” on the left side of the URL. The SSL certificate should be valid under all circumstances. Only then it is the right page. For the future you should save these pages as bookmarks.
Conclusion: Be careful!
Crypto currencies are a new form of money and have real value. Clearly that attracts the sharks. According to the motto “Be Your Own Bank” everyone is responsible for his own security. Most attacks can be prevented with caution and attentiveness. The security precautions should increase proportionally to the value to be secured.
For larger holdings it is always necessary not to keep them on a stock exchange, but to use a separate hardware wallet. The seed phrase for this hardware wallet should also be protected.