New Dog, Old Tricks: Reducing Cryptocurrency Phishing Vulnerabilities
While the blockchain on which a user’s chosen cryptocurrency operates may be relatively secure from a hacker’s prying eyes, users still need to be vigilant with their own wallets—especially if they’re accepting cryptocurrency for their business. Here’s why.
Don’t Leave Your Keys Lying Around
Hackers don’t have to go directly after Bitcoin or Ethereum technology to score big in a cryptocurrency heist. Instead, they may choose to target individual wallets. Bitcoin wallets are protected by public and private “keys,” long strings of numbers that are difficult—but not impossible—to hack. Users store private keys on their computers or in the cloud and may do the same with their public keys, a process that should immediately raise red flags for security experts.
Key attacks are growing in frequency. In December 2021, hackers stole the keys to two ‘hot’ cryptocurrency wallets—wallets that are continually connected to the Internet—from trading platform BitMart and got away with nearly $200 million in cryptocurrency. And in 2019, cryptocurrency enthusiasts discovered the Blockchain Bandit, a user who was successfully guessing weak keys that users may have generated, and getting away with their riches. It’s the cryptocurrency equivalent of a user getting hacked because they used password123 for their bank accounts.
For business owners, it’s especially important to consider the vulnerability of public and private keys. Many businesses are beginning to accept bitcoin and other cryptocurrencies as forms of payment, meaning they’ll need to keep track of public and private keys to access some of their revenue. This opens opportunities for hackers to come after money through old tactics like phishing and malware attacks, especially through email.
One simple click of a link in a phishing email can give hackers access to an entire inbox, or cloud drives. So how can businesses keep their keys, and ultimately their cryptocurrency revenue, safe from hackers?
Don’t Generate Private Keys
At a minimum, business owners shouldn’t generate private keys on their own—no matter how invulnerable they think the number is. But once a private key has been generated by a trusted source and lives on a user’s computer/in the cloud, taking basic email security steps can help significantly reduce the chance a business’ wallet will be compromised.
Businesses should start by adopting tools that monitor and adapt to evolving security threats. The same bad actors who are leveraging cryptocurrency for its anonymity are coming up with new ways to trick users into giving up access to their private keys. As these attacks become more sophisticated, AI-powered security tools are a business’ best option, as they can learn from similar attacks and bolster defenses before the next business becomes a victim.
Next, businesses should consider training employees, especially those with access to the cryptocurrency wallet, to be vigilant against potential phishing attacks because employees are the last line of defense against hacking threats. Many security tools also offer training programs and can generate fake phishing emails to test whether employees are paying attention to potential attacks.
Proactive Threat Detection Against Cryptocurrency Hacks
Adopting cryptocurrency as a payment option can open business possibilities, including reaching tech-savvy audiences. But even though the transaction process offers an extra layer of privacy, the basic rules of proactive threat detection still apply. Keeping email threat detection strategies up to date can prevent a basic business tool from becoming a crack in the wall for cryptocurrency hacks.