Crypto Threats: A Glossary
| Key Takeaways |
|
— Crypto is vulnerable to specific hacks, threats, and scams because it is digital.
— With no central authority, there is nobody to fall back on and no way to get your crypto back if you make a mistake. — Protecting your crypto is 100% your responsibility. This means understanding the specific threats you face. — Here, we explain different ways your crypto can be stolen – so you can proactively manage those crypto threats. |
Well done for making it this far in this crypto crash course! You’ve learned nearly everything you need to know about blockchain security – crypto wallets, private, public keys and the all-important recovery phrase. But one thing remains in the shadows – what exactly are you securing your crypto from?
Here, we take a deep dive into crypto security threats, so you know exactly what you’re dealing with.
Crypto: New Game, New Rules
If crypto could be summed up in one statement, it would be, “With great power, comes great responsibility.”
Cryptocurrencies provide us huge freedom compared to fiat money. But, this new and unfamiliar environment is much more vulnerable to threats, and there are a couple of reasons for that.
- An unfamiliar ecosystem means new threats you may not have seen before.
- No central authority or bank means no customer support if you make a mistake.
Self-custody means taking total responsibility for your funds. You are the gatekeeper. So, understanding how the hacks work is essential.
How Crypto Gets Stolen
1) Digital Threats
As you already know, most crypto-threats target you via your internet connection. In this category, there are different approaches they might take. Let’s discuss them.
- Hot wallet hacks
Hackers from anywhere on the planet can target you via your internet connection.
Let’s say you are using a software wallet that exists on your computer. Hackers can access this wallet to hack your private keys, and steal your crypto.
When you use a hot wallet that lives as an interface on your computer, your private keys are always connected to the internet. Hot wallets may not prevent clever hackers from accessing your private keys. All they need is some technological know-how to steal your funds.
- Malicious links
Links are one of the biggest threats to your crypto. So, merely browsing the internet can be a risk if you store the keys on your PC or laptop. A malicious link can look as innocent as this:
When you click on the wrong link, hackers will be able to remotely access your computer or device. This way, they can extract your private keys from your hot wallet, tamper with the interface to manipulate your transactions, or even see your secret recovery phrase if you’re storing it on your device.
In short, whether it’s hacking or spyware, your internet connection can be a means for bad guys to access your sensitive data. This is why it’s extremely important to ensure that your private keys and recovery phrase are stored completely offline.
2) Social engineering scams
While some scams target weaknesses in your security infrastructure, others target weaknesses in your judgement . Social engineering scams manipulate you into opening the door to your crypto all by yourself, by creating a fake situation to gain your trust.
For instance, scammers share fraudulent posts on social media outlets promising crypto giveaways. Some of these scams also include fake celebrity accounts to attract users. Once a user clicks the links to receive the giveaway, he/she will be asked to make a payment to get the access, or to type in their recovery phrase in order to register.
Either way, you lose your crypto.
3) Blind Signing: reading the story instead of the data
Web3 is based on smart contracts, and when you sign a smart contract, you’re agreeing to its specific terms.
These are displayed on your wallet so that you can read and approve. But not all wallets can display these details, which means users often find themselves “blind signing.” It means agreeing to a transaction even when they don’t know the details of it.
In these cases, users would have to approve a transaction based on other factors – whether the platform seems genuine for example. But, none of this really proves what you’re agreeing to. This is a huge opportunity for scammers.
Clever scammers will create scenarios that seem real – such as a customer support conversation – to manipulate you into giving permission for using your wallet. Knowing that you cannot read all the conditions of the smart contract, but that you trust the situation, the scammer will deploy a contract that gives them access to the contents of your wallet. And without being able to really see this, you agree.
Transparency is key in Web3
Lack of transparency along with the unfamiliar UX of crypto will leave you vulnerable to attacks that you cannot detect. So, choosing a wallet that can display transaction details, and learning how to read them, is the only way of protecting your assets against blind signing.
Crypto threats recap
Three key factors that will define your crypto security are:
- Always use a wallet that keeps your private keys offline.
- Make sure you can see full transaction details every time you make a transaction.
- Constantly educate yourself about how crypto works, and the most recent scam tactics.
Even though owning and interacting with cryptocurrency gives freedom, it comes with risks that don’t exist in the fiat system. But, you can be aware of these threats and be proactive in keeping your funds secure.
In our next section, we’ll tell you exactly how you can avoid all of these crypto threats, while remaining completely free to enjoy Web3.
