Cryptonews Features

3 Ways Your Cryptocurrency Exchange Account Can Be Hacked

Exchange Hack Security

Author

Alex Lielacher

Author

Alex Lielacher

Author Profile

Last updated:

June 26, 2023

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Cryptocurrency exchanges are a premier target for cybercriminals who are looking to acquire cryptocurrency through illegitimate means. USD 731 million have been stolen during exchange hacks in the first half of 2018, according to blockchain security experts CipherTrace. While the majority of these hacks have involved attacked exchanges’ infrastructures, there are also ample hackers out there targeting individual cryptocurrency investors.

“What we’re seeing is a shift away from the exchanges to the users — so things like phishing attacks, and trying to trick people into giving money to them,” Tom Robinson, co-founder of Elliptic, a London-based company that tracks and tries to prevent criminal activity in cryptocurrencies, told Financial Times in July. Elliptic has seen a fivefold increase in phishing attacks since the start of the year.

“The types of people who are starting to use and buy bitcoin are much less technically sophisticated now, and so are much more prone to phishing attacks,“ he adds.

In this guide, you will discover the three most common ways hackers attempt to steal your digital asset holdings on exchanges.

Phishing Emails

If you are vocal about cryptocurrency on Twitter or other social media platforms, you will have likely already received dozens if not hundreds of phishing emails posing as notifications from cryptocurrency exchanges that require you to log in using a link in the email.

This is nothing more than a classic phishing scam to gather your login credentials. While they are usually very easy to detect, some hackers have gotten craftier and have developed phishing emails that look very much like real customer notifications form the leading exchanges.

It is essential to stay vigilante whenever you receive an email from any cryptocurrency exchange, and it is best to log in through your browser to ensure you are landing on the correct exchange website as opposed to login in through a link in an email to avoid getting your login credentials stolen.

Fake Phishing Exchange Websites

While phishing emails are probably the most common attempt to steal user credentials, fake exchange websites have become another popular tool for hackers to gain access to cryptocurrency investors’ funds.

When typing the name of an exchange into Google, you will regularly see exchanges listed on the top of the search results as ads. What is not always clear, however, is that some of these ads have been taken out by hackers and will lead you to a website that looks almost the same of the original exchange website but has the sole purpose of stealing your login credentials to then steal your funds on the actual exchange.

Fake exchange websites have popped up for a long list of exchanges including Bittrex, Poloniex, and Binance, among others.

Google has started to crack down on these type of ads, but new fake exchange websites are still being discovered on a regular basis.

Email Address Hacking

Finally, and perhaps the most dangerous method of hacking into your bitcoin exchange accounts is the hacking of your email account to then gain access to your exchange accounts by resetting the password.

While it is more difficult to hack an email account, hackers have been able to pull it off provided they have their victims name and personal phone number. If you have two-factor authentication set up for your email account – which is common for Gmail accounts for example – then a hacker is able to exploit the Signalling System No. 7 (SS7) vulnerability in telecom networks to gain access to your mobile phone’s text message functionalities.

By exploiting this flaw, the password can be reset for your email account, which can then be used to reset the password on your bitcoin exchange account to gain access to your coins.
_____
However, if you want to secure your funds even more, make sure you evaluate an exchange carefully before choosing one.