How to Identify and Defend Against a Cryptocurrency Heist

Misinformation relating to cryptocurrency, such as Bitcoin, continues to increase public exposure and vulnerability to cyber crime. Some people have developed an overconfidence in the technology behind cryptocurrency (blockchain), while others have a misunderstanding of how it works entirely. However, the majority of those who trade digital currency have one common characteristic: They don’t fully recognize or mitigate against the risks and threats associated with cryptocurrency holdings.

Cryptocurrency and Blockchain Weaknesses

Blockchain technology is heralded for its security, with each block secured by cryptography and linked to a cryptographic hash of the previous block, transaction data, and a timestamp. This setup makes data alteration of existing blocks extremely difficult, making the blockchain ledger a very secure transaction log for cryptocurrencies and other applications. So what's the problem?

Parties involved in Bitcoin transactions must have a public and private key. Many rely on third-party services to handle this key pair, so that they can simply keep track of a username and password. Thus, one of the biggest problems is that cryptocurrency transactions must still involve humans with usernames and passwords. These elements introduce weakness into the transaction process. However, users can take steps to protect their holdings in digital currencies such as Bitcoin.

Recognizing a Potential Heist

Many companies that have experienced recent cryptocurrency heists have been tight-lipped about how the attacks occurred. However, there are commonalities among breaches that can help business leaders  proactively spot potential attacks. Oftentimes, cryptocurrency attacks employ the same hacks and social engineering techniques that have been in play since long before currencies like Bitcoin existed. For example, spear-phishing lures for Bitcoin related services and even jobs have led to successful heists. Fortune explains, “In certain cases, clever hackers impersonated the companies with a fake website and persuaded the investors to send millions of dollars’ worth of funds to a different Bitcoin wallet. Once the Bitcoin was sent, there was no recovering it, and both the companies and investors lost their Bitcoin.”

Protecting Your Cryptocurrency

Securing your investments goes hand-in-hand with common security best practices:

  • Keep Private Keys Private. Ensure that private keys are stored offline in a secure and protected location.
  • Set Up Multi-Factor Authentication. Oftentimes, attackers acquire email information and then use that data to reset account passwords. Requiring more than one authentication method gives you that much more protection from this type of attack.
  • Vet Third Parties. With NiceHash, a $64 million breach occurred when attackers were able to access a customer’s Bitcoin wallet via a compromised NiceHash employee laptop. As with personal data breaches like Target and Equifax, third-party cryptocurrency services are targets and must be vetted for security practices and posture within any organization.

As cryptocurrencies grow in popularity and more companies invest in them, a strong security posture will become increasingly crucial. Start thinking about cryptocurrency websites when developing security protocols for your company and invest in ongoing security awareness training. Staff who are trained and aware of potential cryptocurrency attack vectors will be much more vigilant in their efforts to help prevent a data breach.