Tools used by hackers to steal cryptocurrencies: Protection tips.

In early July, it was reported that Bleeping Computer detected suspicious activity destined to defraud 2.3 million Bitcoin purses, which they found under threat of being pirated. The attackers used malware known as “clipboard hijackers” that works on the clipboard and can potentially replace the address of the purse copied with one of the attackers.

The threat of hacking attacks of this type has been predicted by Kaspersky Lab as early as November last year, and they soon became a reality. For the time being, this is one of the most widespread types of attacks that aims to steal information or money from users, and the estimated proportion of attacks to individual accounts and portfolios is approximately 20% of the total number of malware attacks.

On July 12, Cointelegraph published the Kaspersky Lab report, which stated that criminals could steal more than $ 9 million in Ethereum (ETH) through social engineering schemes over the past year. Keep in mind that Bitcoin is the main cryptocurrency with the most capitalization in the crypto market, that is why all currencies are appreciated and depreciated according to the value of this, at the same time Bitcoin is the most used for exchanges of fiduciary money.

Briefly about the problem

The aforementioned Bleeping Computer portal, which works to improve computer literacy, writes about the importance of following at least some basic rules to guarantee a sufficient level of protection: “The majority of technical support problems do not reside in the computer, but rather in the fact that the user does not know the ‘basic concepts’ that underlie all the problems of computing. These concepts include hardware, files and folders, operating systems, the Internet and applications. “

The same point of view is shared by many experts in cryptocurrencies. One of them, Ouriel Ohayon investor and entrepreneur emphasizes the personal responsibility of users in a blog dedicated to Hackernoon: “Yes, you have control of your own assets, but the price to pay is that you are in charge of your own security. And because most people are not security experts, they are often exposed without knowing it.

I’m always surprised to see around me how many people, even tech savvy, do not take basic security measures. ” According to Lex Sokolin director of strategy at Fintech at Autonomous Research each year, thousands of people become victims of cloned sites and ordinary phishing, voluntarily sending scammers $ 200 million in cryptocurrencies, which is never returned.

What could you tell us? The hackers who are attacking the crypto-currency use the main vulnerability in the system: lack of human attention and arrogance.

Let’s see how they do it and how one can protect their funds.

A study conducted by the US company Foley & Lardner showed that 71 percent of the large merchants and investors of cryptocurrencies attribute the theft of cryptocurrencies to the greater risk that negatively affects the market. 31 percent of respondents rate the threat of hacker activity to the global cryptocurrency industry as very high. Hackernoon experts analyzed data on hacking attacks for 2017, which can be divided conditionally into three major segments:

– Attacks to blockchains, cryptocurrency bags and ICOs;

– Software distribution for hidden mining;

– Attacks targeting users’ purses.

Surprisingly, the article “Smart Hacking Tricks” published by Hackernoon does not seem to have great popularity and the warnings that seem obvious to an ordinary cryptocurrency user must be repeated again and again, since it is expected that the number of cryptocurrency holders will reach 200 million for 2024, according to RT.

According to research conducted by ING Bank NV and Ipsos – which did not consider East Asia in the study about nine percent of Europeans and eight percent of US residents own cryptocurrencies, and 25 percent of the population plans to buy assets digital in the near future. Therefore, almost a quarter of a billion potential victims could soon fall into the field of piracy.


– Do not get carried away by the installation of mobile applications without much need

– Add the two-factor authorization identification to all applications on the smartphone.

– Be sure to check the links to the applications on the official project site.

The victims of piracy are, more often, owners of smartphones with Android operating system, which does not use two-factor authentication (2FA) this requires not only a password and username, but also something that the user has on them, that is, an information element could know or have it on hand immediately, like a physical file.

The problem is that the open operating system of Google Android makes it more open to viruses and, therefore, less secure than the iPhone, according to Forbes. Hackers add applications on behalf of certain cryptocurrency resources to the Google Play Store. When the application starts, the user enters confidential data to access their accounts and, therefore, gives access to hackers.

One of the most famous targets of piracy attacks of this type were the merchants of the US cryon exchange bag Poloniex, which downloaded mobile applications published by hackers on Google Play, pretending to be a mobile gateway for the popular cryptocurrency exchange.

The Poloniex team did not develop applications for Android, and your site does not have links to any mobile application. According to Lukas Stefanko, an ESET malware analyst, 5,500 operators had been affected by the malware before the software was removed from Google Play.

Users of iOS devices, in turn, more frequently download App Store applications with hidden miners. Apple was even forced to adjust the rules for the admission of applications to its store in order to suspend in some way the distribution of such software. But this is a completely different story, whose damage is incomparable with the piracy of purses, since the miner only slows down the operation of the computer.


– Report the Slack-bots to block them;

– Ignore the activity of the bots;

– Protects the Slack channel, for example, with the Metacert or Webroot security bots, the Avira antivirus software or even the built-in secure browsing feature of Google.

Since mid-2017, Slack bots designed to steal cryptocurrencies have become the scourge of the fastest growing corporate messenger. More often, hackers create a bot that notifies users about problems with their crypts. The goal is to force a person to click on the link and enter a private key. With the same speed with which these robots appear, users block them. Although the community usually reacts quickly and the hacker has to retire, the latter manages to earn some money.

The biggest successful attack of hackers through Slack is considered the hack of the Enigma group. The attackers used the name Enigma that was organizing their presale round to launch a Slack bot, and ended up swindling a total of $ 500,000 into Ethereum of gullible users.


– Use a separate browser for operations with cryptocurrencies;

– Select an incognito mode;

– Do not download any cryptographic complement;

– Get a separate PC or smartphone only for cryptocommerce;

– Download an antivirus and install network protection.

Internet browsers offer extensions to customize the user interface for a more comfortable job with crypto bags and wallets. And the problem is not that even the add-ons read everything you’re typing while using the Internet, but the extensions are developed in JavaScript, which makes them extremely vulnerable to hacking attacks.

The reason is that, in recent times, with the popularity of Web 2.0, Ajax and rich Internet applications, JavaScript and its attendant vulnerabilities have become highly prevalent in organizations, especially those in India. In addition, many extensions could be used for hidden mining, due to the user’s computing resources.


– Deactivates call forwarding to make it impossible for an attacker to access your data;

– Waiver of the 2FA through SMS when the password is sent in the text, and uses a two-factor identification software solution.

Many users choose to use mobile authentication because they are used to it, and the smartphone is always available. Positive Technologies, a company that specializes in cybersecurity, has demonstrated how easy it is to intercept an SMS with a confirmation password, transmitted almost everywhere in the world by the Signaling System 7 (SS7) protocol.

The specialists were able to hijack the text messages using their own research tool, which exploits the weaknesses in the cellular network to intercept text messages in transit. A demonstration was carried out using the example of the Coinbase accounts, which surprised the users of cryptobolsa. At first glance, this seems like a vulnerability of Coinbase, but the real weakness is in the cellular system itself, affirmed Positive Technologies. This showed that any system can be accessed directly through SMS, even if 2FA is used.


– Never make cryptotansactions through public Wi-Fi, even if you are using a VPN;

– Regularly updates the firmware of your own router, since hardware manufacturers are constantly launching updates intended to protect against the replacement of keys.

In October last year, the Wi-Fi Protected Access (WPA) protocol using routers found an unrecoverable vulnerability. After carrying out an elemental KRACK attack (an attack with the reinstallation of the key), the user’s device is reconnected to the same Wi-Fi network as hackers. All information downloaded or sent through the network by a user is available to attackers, including the private keys of the cryptocurrencies. This problem is especially urgent for public Wi-Fi networks in railway stations, airports, hotels and places where large groups of people visit.


– Never interact with sites related to cryptocurrencies without HTPPS protocol;

– When you use Chrome, customize the extension, for example, Cryptonite, which shows the addresses of the submenus.

– When you receive messages from any resource related to the cryptocurrency, copy the link in the address field of the browser and compare it with the address of the original site;

– If something seems suspicious, close the window and delete the letter from your inbox.

These good old hacking methods are known since the “dotcom revolution”, but they still seem to work. In the first case, attackers create full copies of the original sites in domains that are disabled by a single letter.

The purpose of such hack, including the substitution of the address in the address field of the browser, is to attract a user to the clone of the site and force him to enter the password or a secret password of the account. In the second case, they send an email that, by design, identically copies the letters of the official project, but, in fact, aims to force you to click on the link and enter your personal data. According to Chainalysis, scammers who use this method have already stolen $ 225 million in cryptocurrencies.

Cryptojacking, hidden mining and common sense

The good news is that hackers are gradually losing interest in the brutal attacks on purses due to the growing opposition of cryptocurrency services and the increasing level of knowledge of the users themselves. The focus of the hackers now is the hidden mining.

According to McAfee Labs, in the first quarter of 2018, 2.9 million samples of antivirus software for hidden mining were registered worldwide. This is 625 percent more than in the last quarter of 2017. The method is called “cryptojacking” and has fascinated hackers with their simplicity in such a way that they took their implementation massively, abandoning traditional extortion programs.

The bad news is that the piracy activity has not diminished in the least. The experts of the company Carbon Black that works with cybersecurity revealed that, as of July 2018, there are approximately 12,000 trading platforms on the dark web that sell around 34,000 offers for hackers. The average price of malicious attack software sold on that platform is approximately $ 224.

But how does it get to our computers? Let’s go back to the news that we started with. On June 27, users began to leave comments in the Malwarebytes forum about a program called All-Radio 4.27 Portable that was being installed without knowing it on their devices. The situation was complicated by the impossibility of its elimination. Although, in its original form, this software seems to be a viewer of innocuous and popular content, its version was modified by the hackers to become a “suitcase” of unpleasant surprises.

Of course, the package contains a hidden miner, but it only slows down the computer. As for the program to monitor the clipboard, it replaces the addresses when the user copies and pastes the password, and has been collecting 2 343,286 Bitcoin purses from potential victims. This is the first time that hackers demonstrate such a large database of cryptocurrency owners, so far, such programs contain a very limited set of addresses for replacement.

After replacing the data, the user voluntarily transfers funds to the address of the attacker’s wallet. The only way to protect the funds against this is through a double verification of the address entered when visiting the website, which is not very nice, but reliable and could become a useful habit.

After questioning the victims of All-Radio 4.27 Portable, it was discovered that malicious software entered their computers as a result of unreasonable actions. As the experts at Malwarebytes and Bleeping Computer discovered, people used cracks from licensed programs and games, as well as Windows triggers such as KMSpico, for example. Therefore, hackers have chosen as victims those who consciously violated copyrights and security rules.

Well-known malware expert Mac Patrick Wardle often writes on his blog that many viruses aimed at ordinary users are infinitely stupid. It is equally foolish to become a victim of such hacking attacks. Therefore, in conclusion, we would like to remind you of the advice of Bryan Wallace, advisor of Google Small Business: “Encryption, antivirus software and the identification of multiple factors will only keep your assets safe to some extent; its key are preventive measures and simple common sense. “


Disclaimer: InfoCoin is not affiliated with any of the companies mentioned in this article and is not responsible for their products and / or services. This press release is for informational purposes information does not constitute investment advice or an offer to invest.

You may also like...