3 Ways Your Cryptocurrency Exchange Account Can Be Hacked
Cryptocurrency exchanges are a premier target for cybercriminals who are looking to acquire cryptocurrency through illegitimate means. USD 731 million have been stolen during exchange hacks in the first half of 2018, according to blockchain security experts CipherTrace. While the majority of these hacks have involved attacked exchanges’ infrastructures, there are also ample hackers out there targeting individual cryptocurrency investors.
“What we’re seeing is a shift away from the exchanges to the users — so things like phishing attacks, and trying to trick people into giving money to them,” Tom Robinson, co-founder of Elliptic, a London-based company that tracks and tries to prevent criminal activity in cryptocurrencies, told Financial Times in July. Elliptic has seen a fivefold increase in phishing attacks since the start of the year.
“The types of people who are starting to use and buy bitcoin are much less technically sophisticated now, and so are much more prone to phishing attacks,“ he adds.
In this guide, you will discover the three most common ways hackers attempt to steal your digital asset holdings on exchanges.
If you are vocal about cryptocurrency on Twitter or other social media platforms, you will have likely already received dozens if not hundreds of phishing emails posing as notifications from cryptocurrency exchanges that require you to log in using a link in the email.
This is nothing more than a classic phishing scam to gather your login credentials. While they are usually very easy to detect, some hackers have gotten craftier and have developed phishing emails that look very much like real customer notifications form the leading exchanges.
It is essential to stay vigilante whenever you receive an email from any cryptocurrency exchange, and it is best to log in through your browser to ensure you are landing on the correct exchange website as opposed to login in through a link in an email to avoid getting your login credentials stolen.
Fake Phishing Exchange Websites
While phishing emails are probably the most common attempt to steal user credentials, fake exchange websites have become another popular tool for hackers to gain access to cryptocurrency investors’ funds.
When typing the name of an exchange into Google, you will regularly see exchanges listed on the top of the search results as ads. What is not always clear, however, is that some of these ads have been taken out by hackers and will lead you to a website that looks almost the same of the original exchange website but has the sole purpose of stealing your login credentials to then steal your funds on the actual exchange.
Google has started to crack down on these type of ads, but new fake exchange websites are still being discovered on a regular basis.
Email Address Hacking
Finally, and perhaps the most dangerous method of hacking into your bitcoin exchange accounts is the hacking of your email account to then gain access to your exchange accounts by resetting the password.
While it is more difficult to hack an email account, hackers have been able to pull it off provided they have their victims name and personal phone number. If you have two-factor authentication set up for your email account - which is common for Gmail accounts for example - then a hacker is able to exploit the Signalling System No. 7 (SS7) vulnerability in telecom networks to gain access to your mobile phone’s text message functionalities.
By exploiting this flaw, the password can be reset for your email account, which can then be used to reset the password on your bitcoin exchange account to gain access to your coins.
However, if you want to secure your funds even more, make sure you evaluate an exchange carefully before choosing one.