Crypto Head, which tracks information on the crypto market, conducted an analysis and found that the number of cases reported of cryptocurrency hacking and theft increased by more than 40 percent in 2021.
Hacking has been around since the fathers of technology invented access control for computing technologies. Even before widespread internet use, some geniuses were exploiting password-protected computers.
In 1965, MIT researchers discovered an exploit in time-sharing software that allowed anyone trying to access an editor to see everyone else’s passwords. When multiple users attempted to access the editor, the system — only designed for a single user at a time — would randomly swap the password file, allowing access by those who already knew the password.
However, hacks in the cryptocurrency space are problematic because transactions are irreversible. A decentralized and trustless network cannot distinguish between transactions with stolen coins and legitimate ones since it is decentralized. This means that the protections around preventing illegitimate transactions are fundamental.
How Much has Crypto Lost to Hackers
There is a lot of coverage about high-profile hacks since they make for good headlines. The crypto security forum at Unify reports that hackers have made off with $1.2 billion so far this year. Consequently, this amount of money is almost eight times higher than the $154 million lost in the first quarter of 2021. Now, I will mention the five largest hacks in the history of cryptocurrency for illustration’s sake.
- Ronin Network– In one of the largest crypto heists on record, the Ronin blockchain project announced last month that hackers exploited its systems and stole cryptocurrency worth $615m.The project reported that unidentified hackers stole 173,600 ether tokens and 25.5 million USD coin tokens on March 23rd. Axie Infinity uses Ronin to power its popular online game. It has the most extensive collection of non-fungible tokens (NFTs) by all-time sales volume, according to the NFT market tracker CryptoSlam.
- Poly Network– Poly Network tokens worth $611m were transferred to three wallets controlled by a hacker on August 10th, 2021. A security researcher Mudit Gupta discovered that the attacker could ‘unlock’ (buy) tokens on Poly Network without having to ‘lock’ (sell) the corresponding tokens on other blockchains. The Poly Network is a platform for exchanging tokens between blockchains other than Bitcoin and Ethereum, such as Ethereum and Bitcoin.
- Coincheck– Coincheck, a Japanese crypto exchange, revealed to the public that $547m worth of lesser-known cryptocurrency NEM had been stolen in January 2018. The firm admitted to storing the assets in a ‘hot wallet,’ meaning cryptocurrency storage connected to the internet, making it vulnerable to cyber-attacks. Coincheck was one of the most prominent exchanges in Japan at the time of the attack, which was one of the biggest markets for cryptocurrency trading.
- KuCoin– Singapore-based crypto exchange KuCoin announced in September 2020 that $275 million worth of cryptocurrency had been stolen, including $127 million in ERC20 tokens used in Ethereum smart contracts. Chief executive Johnny Lyu revealed that hackers gained access to the exchange’s ‘hot wallets.’
- Mt. Gox– One of the most well-known crypto heists was the theft of $480m from another Japanese exchange, Mt. Gox, in 2014. Around 7% of all Bitcoins were in circulation at the time, making the haul worth $480m. It would be worth more than $35 billion today.
According to investigations, wallet and exchange breaches are the most common, with 126 outpacing attacks and fraud involving DeFi, or decentralized finance, at 41 each during the last ten years. These hacks are a wake-up call for the industry to improve its security posture. Meanwhile, you as an individual can take steps to protect your cryptocurrency from being hacked.
How Can you Protect Your Cryptocurrency from Hackers?
Since the digital currency has virtually no regulations backing it, investors cannot find their way out of cyber-attacks because there is no involvement of centralized authority. So, how do you get to safeguard your cryptocurrency investment? This article gives you a few suggestions;
Use Cold Wallets
Online wallets have gained incredible popularity in recent years, becoming a prime target for hackers. While online wallets are convenient, they also present a greater risk than cold or offline wallets. Terence Jackson, a chief information security officer, recommends that most consumers keep their cryptocurrencies in offline or cold wallets since it’s less vulnerable to cyber-attacks online.
As for hardware wallets, these devices can get lost or stolen, so it is essential to have a backup stored in a deposit box. Additionally, public and private keys should never be identical to prevent hacking.
Despite their tremendous effectiveness against digital thieves, hardware wallets also pose a risk: Lose your password key, and you’ll never be able to recover your funds.
Passwords and PINs
It is essential to have strong passwords unique to each account and not used for any other purpose. A user should never choose the same password for more than one account to eliminate the risk of cyber-crime.
Several crypto experts propose this idea and consider it one of the safest methods for securing digital accounts. Two or more factors of authentication can help in this matter, as can a diverse and robust password for every account.
To keep your online wallets secure, it is crucial to have strong password hygiene and two-factor authentication (or even better, three-factor authentication). Furthermore, avoid using public Wi-Fi to conduct any cryptocurrency transactions since it is easy for hackers to set up a rogue access point and steal your information. According to David Maimon, assistant professor at the University of Maryland’s department of criminology and criminal justice, public Wi-Fi is risky in three specific ways:
- Wi-Fi sniffing
- Man-in-middle attacks
Don’t let your Wi-Fi search and connect to public Wi-Fi connections if you want to avoid cyber attacks. Please turn it off and carry an internet dongle for private connections instead. You can protect your assets by purchasing a $10 internet dongle. Depending on your data plan, you can also use your cell phone as a hotspot.
Use Two-factor Authentication
Two-factor authentication adds an extra layer of security to your accounts by requiring a second code from a device you own to log in. This makes it much harder for hackers to access your accounts since they need your password and access to your physical device.
Wallets that support two-factor authentication are a good investment. For example, if someone had access to your login details, they would also need your phone to get the 2FA code. The disadvantage of text and email 2FA is that they are easily intercepted if someone has access to your email account or if you port your phone number from one device to another.
According to PolySwarm CTO Paul Makowski, the best 2FA options, from most secure to least secure, are as follows:
- Hardware dongle, available at: https://landing.google.com/advancedprotection/
- A phone app that does not sync your secrets anywhere (e.g., Google authenticator)
- A phone app that allows you to sync (e.g., Authy)
- SMS-based communication
Two-factor authentication is not foolproof, however. In 2018, Google’s Advanced Protection program was fooled by a phishing attack that resulted in the theft of $120,000 worth of Ethereum from a user’s account. The best way to protect your accounts is to use a hardware dongle in addition to two-factor authentication.
Use a Reputable Crypto Exchanges
When you are ready to purchase cryptocurrency, make sure to do so through a reputable exchange. Some exchanges have been around for a while and have implemented strong security measures to protect their users’ assets.
Reputable exchanges will also have insurance if their platform gets hacked and users’ funds stolen. Make sure to check if an exchange has insurance before using it.
Be Careful with What you Download
Malware can be attached to files, and once on your device, it can perform a variety of sinister commands. A person racking up your phone bill or using all your data is no longer the biggest concern. Now you need to worry about malware reading keystrokes, giving hackers access to your accounts, and even reading the screen on your phone.
Remember, the crypto world is full of clever people, and as you browse communities, Telegram, Facebook, Reddit, Bitcoin Talk, etc., you’ll find posted files. It may be tempting to click them, but be aware that they could be bait.
It’s not just about being careful with what you download but also about keeping your devices updated. Software updates often include security patches that close vulnerabilities in your system. Outdated software is one of the easiest ways for hackers to access your device.
When in Doubt, Don’t Click it
If you’re not sure about a file, don’t download it. If you’re not sure about a link, don’t click it. When in doubt, don’t do anything. This may seem like common sense, but we often overlook things when we’re in a hurry or not paying attention.
Be extra careful when you’re online and take the time to verify that everything is legitimate before taking any actions. A few extra seconds of caution could save you a lot of headaches down the road.
Hacks are inevitable, but you can take some steps to protect your assets. By following the tips in this article, you can make it harder for hackers to target you and your cryptocurrency. However, no security measure is perfect, so it is essential always to be vigilant and stay up to date on the latest security threats.