The Boom of crypto-currencies has attracted not only a lot of hungry investors but also to hackers. Meanwhile, some of the common attack vectors are known, such as, for example, the Sim-Hijacking and Clipboard Hacking. Who knows how, can protect his money relatively easily in front of a Cyber-attack.
Sim-Hijacking bypasses the 2FA
The weak point in the so-called Sim Hijacking or Sim-Swapping are not the users, but most of the mobile operators. The attack could use all the meeting, the phone number for a so-called 2-Factor Authentication (abbreviated 2FA).
In the case of the 2FA Login requires the use of two independent confirmations that it is indeed the real user. For one, this is the usual Login-password, on the other, it is a one-time Code that is displayed by E-Mail, SMS or in an application. After the Login with the user name and password you must then enter the unique Code.
Is specified as a second factor of a telephone number, an attacker can proceed as follows: call to the appropriate mobile operator, and ask for the phone number to a new SIM card, which is controlled by the Hacker, rewrite. Usually the customer service of mobile operators, rejects such requests, however, the attacker can repeat this process until you get a Service-employee to management, the granted him the wish. This hurdle is taken, will be sent the Codes via SMS to a new SIM card. Thus, the second factor is circumvented and the Hacker can dial in to the foreign account.
Can protect you against this form of attack is only limited by, for example, is very careful with the handover of the mobile number and not with your own wealth brags. In principle, however, is not advisable to make a 2FA via SMS, and you should prefer to access to a Authenticator program such as Google Authenticator. This program generated more often per Minute, a new Code with which you authenticate yourself. A 2FA with an external application is the safest way to protect yourself against hackers.
Clipboard Hacking changed the receiving address
Another attack vector is the Change of the clipboard, if a user is receiving copies addresses a crypto-currency. The Hacker replaced the copied address by an address of his choice and may possibly conduct the transaction.
Protect you can against such attacks only with special attention It is therefore necessary to check the destination address prior to a transaction according to thoroughly. Hardware Wallets such as Trezor and Ledger to provide a further Form of 2FA, by the receiving address is also displayed on the Display of the Hardware Wallet.
Don’t be phishing
Again and again web sites on the Internet, which are identical with the major crypto exchanges and Wallet providers. MyEtherWallet and Trezor in the year 2018, already victims of such attacks. The user does not pay attention to the authenticity of the Website and enters his / her Login-data, it can cause that he serves to the hackers its information and the associated money – on a silver platter.
Whether You are actually on the Website of the stock exchange or not, You recognize the “https://” on the left side of the URL. The SSL certificate should be valid. Only then is the right side. For the future, you should save these pages as bookmarks.
Conclusion: be Mindful!
Crypto is a new Form of money, currencies and have real value. Clearly, that attracts the sharks. According to the Motto “Be Your Own Bank”, each for his own safety responsible. Most of the attacks with caution and mindfulness to prevent. The safety precautions should grow proportionately to the value.
For larger stocks is always to store it on an exchange, but to use a separate Hardware Wallet. The Seed-Phrase for this Hardware Wallet should be protected as well.