How To Steal Bitcoin And Other Crypto?

The Bitcoin fever is a real magnet for thieves who come up with many ways to steal crypto. It turns out that Bitcoin stealers target not only big companies but individual users with modest amounts in their crypto wallets. Chainalysis recently revealed that $3.8 billion of crypto assets were stolen in 2022, an increase of 15% compared to the previous year. You need a better idea of how to protect crypto these days. We will keep you aware of cyber threats lurking around the corner.

Learn more about biggest crypto hacks.

4 Common Ways Hackers Steal Сryptocurrency

Most crypto scams follow a common pattern of theft. If you are aware of these 4 common patterns, you can better secure your Bitcoin from hackers.

          1. Cryptojacking

Nobody can tell you the exact figures, but cryptojacking might be the most popular scheme of stealing crypto. Recent insights from the SonicWall Mid-Year 2023 Cyber Threat Report reveal alarming trends: In 2022, over 100 million cases of cryptojacking were reported, a major increase. But in the first half of 2023, these incidents shot up by 399%, reaching over 332 million hits.

How to steal crypto using this malware? The criminals focus their efforts on stealing computing power for mining crypto. Cryptojackers can stealthily use someone else’s computer or server resources over long periods of time without anyone suspecting something is amiss. 

At least 5% of all Monero (XMR) had been mined this way by 2018, according to a report from Palo Alto Networks. Except for this coin, cryptojackers can mine Ethereum, Dogecoin, ZCash, Ravencoin, etc. Bitcoin stealers don’t use cryptojacking malware because it takes special equipment to mine BTC rather than personal computers.

Some recommended ways to avoid falling for cryptojacking are installing ad-blockers and efficient mining extensions on your browser. What do you do when you are cryptojacked? Disable Javascript on your browser so malicious scripts cannot run. Or you can uninstall and reinstall your browser.

          2. Info Stealers

This type of malware allows bad actors to collect credentials (such as crypto wallet details) stored on their web browser. Most info stealers cost around $100-$300 and can be used even by amateurs. 

As a rule, they use the Malware-as-a-Service business model. They have their own C2 infrastructure, a web panel, and cryptos whose purpose is encrypting the file with malware to escape the basic security layers. The data obtained using such software is usually sold to Bitcoin stealers on darknet forums or Telegram channels. 

A popular info stealer is еру so-called crew are, which allows users to grab and exfiltrate information from hot wallets as they provide easier access to crypto keys for making transactions. 

You can mitigate info theft in two ways:

1. First, you can switch from a software wallet to a hardware wallet.
2. Second, do not auto-save the details of your wallet on your browser. Although it can be stressful, manually inputting your details at every instance is safer.

          3. Social Engineering Schemes

Bitcoin stealers can resort to various social engineering techniques to weave webs of lies, leveraging common patterns of human behavior and emotional reactions in certain life scenarios. They can send malicious links via email, pose as government agency officials, send a potential victim to fake websites, and even trick crypto owners into giving away their wallet recovery codes.

One of the most vivid examples of social engineering is the Ponzi scheme. With so many scandals and revelations associated with similar scams, it should have been long forgotten and buried, but it’s still evergreen. 

A recent story: PlusToken, an Asian crypto wallet service that encouraged over 3 million people to purchase the fake company’s token using BTC or ETH. 

In addition, romance scams are among the most common social engineering scams. Romance scams kick off with fraud appealing to the sexual orientation of the victim. Usually, they would promise a sexual service or file in return for the Bitcoin that the victim sends. There are reports that scammers have stolen around $1.5 million worth of BTC from Tinder and Bumble.

Reading about multiple social engineering scams can massage your brain into mush. You can’t get prepared for all of them, but you need to know how to protect crypto from fraudsters of this kind. Just a few rules to follow:

• Never give out your crypto recovery phrase to anyone
• Never install apps from untrusted sources
• Don’t follow links in emails from unknown people
• Be generally smart

      4. Crypto Exchange Hack

Centralized exchanges have a friendlier gateway to crypto and Bitcoin. As a result, many people prefer to buy, sell, or keep their Bitcoins on centralized exchanges.

However, the users need complete autonomy over their accounts with a centralized exchange. This is because they keep the private keys on behalf of their customers. Hackers target to hack exchanges to access this array of private keys. Once they can get hold of the private keys, the crypto of such users, including their Bitcoin, is gone.

For instance, the 2023 security breach of the Poloniex exchange serves as a notable example. During this hack, attackers exploited system vulnerabilities, resulting in the theft of an estimated $126 million. The stolen assets included significant amounts of Ethereum (ETH), TRON (TRX), and Bitcoin (BTC).

To protect Bitcoin from such an attack, we recommend not putting all your funds in a centralized exchange. You should also use hot wallets or get a cold wallet. In addition, ensure that any exchange you will use has undergone penetration testing and smart contract audit. 

How To Protect Crypto From Hackers

Keeping your crypto in cold wallets would be a good idea – they are less likely to be compromised than hot wallets. However, it might not be enough for certain types of threats. 

So we recommend adhering to the following points to protect against intruders: 

1. Always Check Email Domains: ​​Besides just checking the domain, learn to notice small errors or changed letters in email addresses that might indicate phishing attempts. Use email verification tools if you need to.
2. Advanced Anti-Phishing: If a platform offers an Anti-Phishing code feature, make sure to set it up and keep it updated. Also, learn about the latest phishing techniques to stay ahead of scammers.
3. Deposit Only on Reputable Exchanges: Check the exchange ratings on the following services: CER.live, Coingecko, Coinmarketcap, Cryptocompare, etc. 
4. IP Whitelists and Login Alerts: If a service offers the option to set up a login IP whitelist, use it. Also, enable login alerts to be notified of any unauthorized attempts to access your account.
5. Crypto Wallets Research: Before downloading a wallet, look into both the wallet and its creators, even if it’s listed in your app store. See their past work, what people are saying about them, and if they’ve had any security problems.
6. API Key Restrictions: When setting IP restrictions for API keys, also consider setting up additional restrictions such as withdrawal limits or allowing access only to specific functions.
7. Document Source Verification: Ensure that any downloaded document is from a verified and secure source. Preferably, use direct links from official websites or trusted platforms.
8. Regular Security Updates: When updating your operating system for security, also consider updating your network security settings and any other related software that interacts with your crypto.
9. Official Sources for Apps: Strictly download applications and updates from official websites. Avoid third-party providers, and double-check URLs to ensure you’re on the official site.
10. DYOR: For new crypto projects, research the team and investors, and also check for independent audits, the project’s code, and what people say about it on Reddit or crypto forums.
    
    To improve your understanding of navigating the crypto project ecosystem, check out our DYOR 101 course.

Follow @hackenclub on ? (Twitter)