Remember when Axie Infinity (AXS-USD) had $625 million stolen from its Ronin blockchain? Between this and the Wormhole bridge hack ($320 million), we’ve seen two of the largest crypto hacks ever – just in February and March!
Now the U.S. Treasury Department says they’ve identified the culprit in the Ronin hack: none other than… North Korea.
Yes, the same ruthless regime that brought you the WannaCry ransomware attacks is now stealing massive hauls of crypto – directly from a blockchain.
The logic behind the Ronin hack was a bit odd: It was such a large hack – attracting worldwide media attention – that it’s proved extremely difficult to launder and access the funds. But even if North Korea can’t use the whole $600 million for its economic goals (funding its military and nuclear program in the face of sanctions)… The hack certainly achieves a political goal: striking fear into capitalist nations.
However, this article is not about fear. It is about practical advice to secure your accounts – and keep out of the crossfire between authoritarian regimes and their sanctioners.
In Ronin’s case, “there is not much that anyone could’ve done to prevent that hack specifically because someone actually used the features of the chain, the ability to vote on things, against itself,” notes Charlie Shrem, Senior Investment Analyst of our Crypto Investor Network. “We do a lot of the auditing and checking for this type of thing” in crafting our crypto portfolios in the first place.
As one of the O.G.s of Bitcoin (BTC-USD), Charlie got his start over a decade ago, and Bitcoin has still never been hacked. But even the most loyal Bitcoiners know the importance of personal security. After all, theft can always happen the old-fashioned way: through human error and trickery. So, here are some tips for staying safe in the New Digital World.
Guard Your Keys
Keeping your crypto in a “hot wallet” – on a crypto exchange or in a wallet app like MetaMask – is most convenient. But if you intend to hold and grow that crypto over time, moving it into “cold storage” is more secure. That way, even if someone does manage to compromise your account, your crypto will already be safely off the exchange – and even off the internet.
Hardware wallets are easy to find these days. The private keys (passwords) to your crypto will basically be on an encrypted flash drive, so if a thief wants them, they’ll have to steal the physical device.
Celebrate Proof of Keys.
Take self-custody of your wealth. For the first time in history, you can safely custody your wealth without the need of a third part intermediary.
Not your keys, not your coins pic.twitter.com/SHCLf1mCHC
— Charlie Shrem (@CharlieShrem) January 3, 2022
Either way: “My other recommendation is to not save screenshots or text files of your passwords and private keys on your computer because the hackers know how to scan for it without you even knowing,” says Charlie.
Password managers are a better option for your accounts on crypto exchanges, etc. That way, you can create as many randomized passwords as you want…and not have to remember them all! And it’s best to use unique passwords – then change them frequently – as stolen crypto passwords are in hot demand on the dark web.
Use 2FA – Wisely
If you enable two-factor authentication (2FA) on your accounts, it’ll make your crypto harder to steal.
In the most basic form of 2FA that we all probably use for our bank accounts, etc., you get a text message with a special access code. So, the thief would need not just your password – but also access to your cell phone.
However, hackers can gain control of your phone number by impersonating you to the telecom company and executing a SIM card swap…or simply through a phishing text.
So, instead of receiving the access code as a text message, you can download an app like Authy or even use a Yubikey, which is a hardware key designed for 2FA. The idea is to keep your 2FA codes off your phone, either on another internet device (like an iPad) or on the Yubikey.
Spot Phishing Tactics (They’re Getting More Sophisticated!)
If you’re like me, you get phishing messages practically every day – and most of them are easy to spot, trying to get you to click obviously sketchy links! One I got was a “citizen’s alert” that someone was trying to use my Zelle account to make payments.
But I’ve also recently fallen for a much more personalized email…one that sounded very harmless – and only a great I.T. system saved me!
The victims of North Korea weren’t so lucky.
In a cybersecurity alert on Monday, the U.S. government revealed that “North Korean cyber actors [are] targeting a variety of organizations in the blockchain technology and cryptocurrency industry.” The list includes exchanges, trading and investing companies, large investors in crypto and NFTs…and “play-to-earn cryptocurrency video games.” Like, you know, Axie Infinity!
The hacks start with phishing messages to employees “on a variety of communication platforms” that “offer high-paying jobs to entice the recipients to download malware-laced cryptocurrency applications.”
The Feds have nicknamed this malware “TraderTraitor” and say that the “campaigns feature websites with modern design” to provide legitimacy to the (fake) app.
Other cybercriminals will spoof actual websites that you know and use every day. Keeping this in mind… “Only open links and attachments from trusted senders,” says the government (and every I.T. worker you know!)
For example, if a message tries to get you to urgently click a link to an important message from your bank… Even if it looks extremely legit… Just go directly to their site, or call up the bank on the phone instead.
But If All Else Fails…
Since it’s so easy to be tricked these days – it’s best to use unique credentials for your crypto accounts. That way, if someone does get into your Google account, social media, etc, they can’t also get into your crypto.
“I recommend using a Gmail or Protonmail account [and] setting up an unique email account for each exchange you use, and make it hard to guess,” writes Binance CEO Changpeng Zhao in a cybersecurity blog post.
“This way, if another exchange has a breach, your account on Binance isn’t impacted. This will also reduce the amount of phishing or targeted email scams you get.”
Two more ways to keep your crypto safe from malware:
- Double-check the wallet address before you transfer any crypto. A common tactic is to hit you with a virus that replaces the wallet address with the thief’s address.
- Keep your crypto trades off your most commonly used devices. That way, if your other device gets compromised, the hacker can’t use it to get your crypto. Use a separate device (like a Chromebook) or a VPN for trading crypto.
If some of these tips sounded familiar already…then great! You’re a step ahead of the game – and a much more difficult target for cybercrime.
You can be sure that blockchain developers have an extra eye on their security these days, too…especially the team behind Axie Infinity that got hit so hard last month. And it seems they’ll have the cash to raise their game: DappRadar reported today that investment in crypto gaming totaled $2.5 billion in Q1 – versus $4 billion in all of 2021! So, the good news is, the best days may still lie ahead.
On the date of publication, Ashley Cassell did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines. To have more news from The New Digital World sent to your inbox, click here to sign up for the newsletter.