How Secure Are Your Crypto Wallets? The Latest Scam Affecting Users
The principles of the blockchain according to the Satoshi standard, are privacy and security. Users making transactions over the blockchain by simply furnishing the recipient with a wallet URL certainly bring privacy to the user, who no longer needs to send his personal and financial data to third parties for storing on their servers
Servers for cybercriminals are like walking through a door, with one single point of entry to get to the treasure. However’ the blockchain’s nature is one of decentralization, with all of the data and transactions being stored across thousands of computers globally. For a hacker, this means walking through thousands of doors and piecing together the information, which for him is neither time consuming nor worth the computing power and energy.
For the user this also means not having to jump through hoops in order to make a transaction, it completely cuts out the rigmarole of KYC protocols, which can take time and are very frustrating. However, in this life, where cybercriminals can smell the amount of value being held and transacted in this arena, it is like playing cat and mouse. They are scrambling to build new technologies and scraping methods to catch up with the complexities of blockchain encryption.
Stealing passcodes over Twitter
And now cybercriminals have found a way to steal passwords to crypto wallets. They do this by following tweets that contain crypto keywords and they respond to these tweets with malicious links. The criminals scan for keywords like the names of specific wallets, and once they see this they respond by faking the role of support agents and send the poster links to malicious sites, which then allows them to gain access to wallets and to all the holdings inside. The cybercriminals are doing this by using Twitter’s own APIs, which Twitter uses for monitoring all tweets.
One company set up a fake test to see how this works. They filled a post with loads of crypto catchwords and waited to see what would come next. Keywords included “help”, “support”, “MetaMask”, “TrustWallet” and “Crypto Wallet”.They did not have long to wait though, as just seconds later, it had received a bunch of replies to their tweet from Twitter Bots claiming to be MetaMask and TrustWallet support staff.
From here the perpetrators had built Google Docs and other forms, which required the user to post their private details in order to get help, details like their email address and the issues they were facing with their accounts, as well as the wallet’s recovery phrase, a collection of 12 or more seed phrases, that only the wallet holder knows.
Once the criminal had managed to get these details, they could simply login to the wallet, and clear out the user’s account of tokens and coins by sending them to their own wallet. No chance of recompense for the user.
This is a very clever scam, and the advice to users is to never ever share your seed phrases with antony, they are only for you. While wallets are very simple to set up, they are also not the safest way to store funds.
One company has come up with a fool proof way to protect your holdings at all costs, using biometric identification. Avarta is a 4-in-1 solution for both DeFi and the blockchain which makes the users face the only key to accessing a variety of blockchains.
As well as a biometrically-secured, multichain blockchain wallet, it also offers an anti-bot mechanism for public DEX listing, a multi-signature wallet for corporations and legacy planning and multi-chain, decentralized identity management with the risk-based scoring mechanism.
What is clear is that as the criminals become ever more sophisticated so too must be the protection methods built to support this industry. Avarta is one example of the products that are being developed to help users feel safe and protect their accounts.