Monero, the privacy-focused cryptocurrency was in the news recently, however, the project would rather avoid being in such news! Cryptocurrency hackers attacked the Monero website and delivered currency–stealing malware to users that downloaded a Monero wallet.
The incident highlights how cryptocurrencies continue to be the targets of hackers. It also shows how cryptocurrency users need sufficient computer literacy to secure their crypto, owing to the complexities of dealing in cryptocurrencies.
A report indicated that the attack on the Monero website impacted its users on the 18th of November 2019. On that day, a user noticed the attack while downloading a command-line interface wallet from the Monero website.
This user noticed that the cryptographic hash for the downloaded wallet didn’t match the hash listed on the webpage, subsequently, other users indicated that it wasn’t an error. Researchers that investigated the incident found that the users that downloaded the wallet had their computers infected with malware.
The malware added new functions that sent the wallet seed, i.e., the cryptographic secret of the wallet to another server and later sent the wallet funds to another server. At least one user reported the loss of cryptocurrencies worth $7,000 due to this malware.
The administrators of the Monero website acknowledged the attack. After their research, they advised users that downloaded the wallet during a 14-hour window on 18th November to delete the binary file if the hash didn’t match the official ones. They also advised the affected users to not use the impacted file, moreover, they asked these users to delete the old file and download the wallet again.
Cryptocurrency hackers and their myriad ways of attack
Blockchain is quite secure from hackers due to its cryptography, digital signatures, and consensus algorithms. However, cryptocurrency exchanges, which are nothing but centralized websites, are frequent targets of cyber-attackers.
Cryptocurrency hackers also frequently attack “Hot” wallets, i.e., web-based cryptocurrency wallets. They drain funds from the web-based wallets of crypto users like they attacked the Monero user in the recent incident.
There is yet another kind of attack on cryptocurrency users, which involves hijacking the computer processing power of unsuspecting users for mining cryptocurrency. This is done using malware, e.g., Coinhive code had affected nearly 400 websites in one instance.
Cryptojacking has become quite common in recent years, e.g., the website of the Make A Wish Foundation was once infected with cryptojacking malware. Monero had been the victim of cryptojacking attacks earlier.
Given the growing sophistication of cybercriminals, it’s imperative that crypto users proactively protect their digital coins. That’s not always easy, though!
Deterring cryptocurrency hackers: Crypto users must exercise caution
Let’s face it! Dealing in cryptocurrency isn’t always easy, and that’s especially true for users with limited knowledge of using computers. The various kinds of wallets, the need to secure passwords, and being on top of various strategies of hackers can be hard.
Crypto users must gain sufficient computer literacy in view of the inherent complexity of dealing in digital currencies. They must do the following to secure their crypto:
- Protect their passwords and private keys, and not upload them on any website/forum;
- Use “Cold” wallets, i.e., offline hardware wallets to store their crypto when not using them;
- Back-up their computer regularly;
- Create back-ups for their private keys and passwords;
- Refrain from visiting suspicious websites from the computer they use for crypto transactions;
- Keep only a few coins in web-based wallets and even fewer coins in mobile wallets;
- Use the paid versions of reputed anti-virus software;
- Always use official versions of software;
- Always update their computers with the latest security and other software patches.
While hackers will continue to target cryptocurrencies, crypto users can deter them by following the above-mentioned best practices.