Security of cryptocurrency exchange

In November last year, the prestigious research company Forrester Research published the forecast “Cybersecurity Risks Intensify”. According to analysts, in 2017 one of the leading companies in the world on the Fortune 1000 list will collapse as a result of a hacker attack. Today it is difficult to estimate what effects the virus will have on WannaCry virus, information systems in about 200 countries. However, many studies show that cybersecurity is today the main area of risk for companies and markets. According to FBI data, only in the first quarter of 2016, various institutions paid hackers in the form of ransom over $ 200 million.

Before business owners heard about the largest hacker attack in history, they were already aware of how important IT security is. According to the Allianz Risk Barometer analysis, digital crime is today the second largest risk, according to the response of 1200 experts in this field — 30% of indications. Just two years ago, it was 17%, and in 2013 even lower. Five years ago, the threat of attacks on the network was mainly associated with the telecommunications and IT sectors. It took five years for fear of this threat to become widespread, without any division into sectors and industries. Also because IT tools are today the bloodstream of the economy, regardless of the industry, including cryptocurrency exchanges.

The fact that the threats mentioned in the Allianz report are real, we have been convincing for several years, following information about attacks on new companies, cryptocurrency exchanges or public institutions. Already in 2011, after the hacker attack, bankruptcy was announced by the Dutch DigiNotar. The company dealing in issuing digital security certificates was attacked by a hacker from Iran. Having had access to its systems for over a month, he issued about 500 false SSL certificates. After disclosing the case, the company lost its credibility and it was impossible to continue operations.

According to the FBI, in the first quarter of 2016, the various institutions paid in the form of a ransom over USD 200 million. and globally this amount reaches USD 2 billion. However, the actual cost, taking into account downtime at work, the elimination of the effects of these events, the involvement of companies in activities unrelated to their activities, is many times higher. The IBM report says a 60-fold increase in attacks of this type.

A well-known company in the cybersecurity industry — Kaspersky Lab has published a report in which it has the latest information on cybercriminals’ activities. Kaspersky Lab traditionally focuses on protection against viruses, trojans and any other malware, but recently the firm also draws attention to the behavior of criminals related to cryptocurrencies. In November 2017, Kaspersky Lab warned cryptocurrency users against a trojan replacing the portfolio address in a clipboard to redirect cryptocurrency transactions to fraudsters’ addresses. At the end of June, the company announced a change in the popularity of crypto jacking ransomware attacks. On July 9 a report was released by Kaspersky Lab informing about the increase in the popularity of new scam schemes used by cybercriminals. During the first half of 2018, the company recorded over 100,000 attempts to extort cryptocurrencies.

The latest trends among cybercriminals

According to the report, the growing interest in cryptocurrencies has also become the focus of cybercriminals’ interest. To achieve their evil goals, they usually use typical phishing techniques. However, they are increasingly going beyond this “typical” scenario with which the market is already familiar. Criminals are becoming more and more creative, leaning towards various social engineering tricks.

In his report, Kaspersky Lab draws attention to the inspiration of ICO fraudsters. They use investors’ interest in this market, using fake websites and phishing e-mails to extort money. In their actions, they are so effective that they extort money from both novices and experienced market participants. The most popular target of cybercriminals are investors in ICO who want to invest their resources in start-ups in the hope of achieving large profits in the future. For this group of investors, fraudsters create fake websites that mimic the pages of official ICO projects or try to access their contacts to send out a phishing email with a portfolio number for investors to send a cryptocurrency among them. The most successful attacks have been used by well-known real ICO projects. The Kaspersky Lab report gives an example of ICO Switcheo, where scammers have stolen a cryptocurrency worth over USD 25,000 after sending a link from a fake Twitter account. Another example of the activity of cheaters is the creation of phishing sites related to the IMI OmiseGo project. In this way, they scammed a cryptocurrency valued at over 1.1 million dollars. The rumors surrounding the ICO Telegram were also very popular among cybercriminals, which resulted in the creation of hundreds of fake sites collecting “investments”.

The Kaspersky Lab report also draws attention to another popular trend among cybercriminals. Fraudsters ask victims to send a small amount of cryptocurrency, and in return, they promise a much larger amount of this cryptocurrency in the future.

The other technique used by the criminals is to use social media accounts of well-known people, such as the financial magnate Elon Musk or the founder Telegram Pavel Durov. By creating fake accounts and responding to users’ tweets, fraudsters misled them by engaging in scams.

According to Kaspersky Lab’s estimates, over the past year, criminals have been able to earn over 21,000 ETH, equivalent to more than $ 10 million, using various social engineering tricks. This sum does not even include classical phishing attacks or examples of generating individual addresses for each victim. The results of the study show that cybercriminals are increasingly improving their methods to achieve the best results in extorting cryptocurrencies. New schemes based on simple social engineering methods help criminals earn millions of dollars and the success of criminals suggests that they know very well how to use the human factor, which has always been one of the weakest links in cybersecurity to benefit from user behavior.

How then protect your cryptocurrencies? Let’s start with the wallet

In the case of online wallets and cryptocurrency exchanges, it is crucial to always remember about the certificate of the website. How important are the security of cryptocurrencies and verification of the SSL certificate when using the Website in April 2018, people using the most popular portfolio Ethereum, or Myetherwallet. Well, for some users the certificate displayed a warning about an untrusted certificate. It was connected with the attack of hackers on DNS servers. And what’s interesting, the attack did not affect Myetherwallet, but Google. As it turned out, people using DNS servers were redirected to a malicious website, the purpose of which was to take over the login data and, simultaneously, cryptocurrency on the user’s wallet. This event only confirms how important it is to check the correctness of the SSL certificate operation. And not only when using websites related to cryptocurrencies. If on any page (in particular a bank) the browser displays information about an untrusted certificate, under no circumstances should it be used!

The message about an untrusted certificate looks like this:

Below are the most important issues regarding the use of online wallets:

-Choose an account with multi-level authentication.

Try to choose an account that offers some additional form of authentication. The majority of websites offers a service to confirm logging in with a code sent to us on the phone via SMS or using the Google Authenticator application.

-Look out for suspicious emails.

Watch out for messages with links to portfolios or online services — this method is often used to get you on a website resembling a real website. This is called phishing. After attempting to log into this site your access data will be stolen. It is always safer to enter the site using browser tabs.

-Always log out after finishing work.

It is good practice to always log out of the cryptocurrency portfolio sessions after completed operations. This will reduce the chance that we will become a victim of session interception or cross-site scripting. You can also apply for additional protection in the form of cache caching on your computer or phone after each session.

-Create a strong password.

If your wallet requires a password created by the user in order to log in to the account, make sure that you have selected a strong password. The best way is to create a long password with uppercase and lowercase letters, numbers and special characters. Avoid using simple words or phrases and never create a password that contains your name, surname, initials or your date of birth. Use a password manager if you are afraid that you will not remember all passwords. I recommend the free KeePass. And above all, do not stick the password to the monitor. This applies to all passwords. 😉

-Protect your computer and remember to update the software.

Security software is very important, regardless of your computer. The absolute minimum is having a firewall and antivirus software. This will provide protection against Trojans, keyloggers and other types of malware that can be used to access your finances. It is important to keep the operating system and other software up to date so as not to be vulnerable to hacker attacks.

-Log in only from secure places.

It’s best to log in to accounts from computers and networks you know. However, if you need to log in to your account from uncertain locations, you can use a VPN with which you can establish an encrypted connection to your home or other secure network and from there log into the exchange website. Look for a small padlock in your browser and check the address bar — the URL of the page you are on should start with “https”. Both of these things show a safe connection. I wrote about it above!

-Check your account often.

Checking your monthly account statement is a good practice because it is easy to notice suspicious activity. However, if you rarely visit your account, it is definitely better to transfer funds to the cryptocurrency portfolio. The long-term holding of your funds on cryptocurrency exchanges is not a good solution. There is never any certainty that a given exchange will not be hacked or will simply go bankrupt.

-Set account notification (if possible).

Some websites offer the option of setting SMS or email notifications about certain activities in your account. For example, if the withdrawal from the account exceeds a certain fixed amount or if the account balance drops below a certain amount, the notification is sent. These alerts can quickly inform you of suspicious activity on your account.

Finally, I would like to expand the thread of not keeping their cryptocurrencies on the cryptocurrency exchanges. They are markets used for dynamic trading and are not cryptocurrency wallets. It can not be ruled out that this will change in the future and stock exchanges will be the safest place to store tokens, but it is still far from this situation.

The challenge to increase the security of the cryptocurrency exchange was accepted by the Paymium and Blockchain.io merge that will soon be fully operative as a hybrid of centralized-decentralized cryptocurrency exchange. The exchange will offer the technology, team, security protocols and infrastructure of Paymium, which has been hack-free since the beginning of their operations in 2013. Moreover, Paymium has proven to be the most secure and reliable cryptocurrency exchange in Europe thanks to their experienced team with a high level of digital asset protection and safety record of transactions. This means the secure trading conditions on Blockchain.io will be possible even under high volume, heavy traffic conditions and hacker attacks due to the ultra-secure and non-custodial security means like encrypted cold storage;hard storage and cryptographic proof of reserves.

Blockchain.io will offer Crypto and Altcoin listing facilities as well as ICO services and aims to become the leading European cryptocurrency exchange by 2020.