This year, the cryptocurrency market capitalization reached $3 trillion, according to the cryptocurrency portal CoinMarketCap. In the first half of 2021, the number of cryptocurrency users has grown by more than 200 million, Coinbase notes. How secure the cryptoassets.
Cryptocurrencies are not issued by central banks, do not belong to specific countries, and no one can restrict the owner’s access to his crypto funds. They are available anytime and in every location in the world.
What means the anonymity and security of cryptocurrencies from the cybersecurity point of view and how to keep in safe digital money?
How to stay incognito
There is a misconception that all cryptocurrencies are anonymous. Blockchain technology is a ledger that records all transactions carried out since the launch of the cryptocurrency. Only some currencies do not disclose any user details. Among them are Monero, Zcash, Dash. But in general, certain data are recorded in the blockchain by which a user can be identified.
A striking example of the deanonymization of cryptocurrency transactions is the history of the Silkroad website. Users of this platform used Bitcoin as a payment method to purchase illegal services and goods. In 2013, the number of transactions on the service reached 1 million. The US intelligence services conducted an operation to search for intruders and, using Bitcoin, were able to de-anonymize and track down the most dangerous users.
CyberSEALs experts analyzed the anonymity and security of the three most popular currencies – Bitcoin, Etherum and Tether. Bitcoin is the first cryptocurrency in the world. Its market part currently is 43.63%. Ethereum is in second place with 19.33%. Although Tether’s part on the market is only 2.51%, it is directly linked to the US dollar, which guarantees currency stability.
These currencies can be called pseudonymous rather than anonymous. That is, containing certain information that can be used to identify the owners of crypto assets. If necessary, any expert can identify the persons conducting transactions with them.
The vulnerabilities of these cryptocurrencies are the entry and exit of funds. Users often use the same or similar logins and passwords for different accounts, including crypto wallets. Analyzing this data, you can compare it with those already available in the Darknet and de-anonymize the user.
You can also identify a person by conversion transactions. If he buys or withdraws cryptocurrency through personal bank cards, his anonymity is at risk. Cryptocurrency owners should also be careful with personal data on cryptocurrency exchanges. Centralized exchanges often encourage users to provide personal information in exchange for bonuses. However, there are low guarantees that the data will be completely safe. There are companies that buy data on cryptocurrency exchanges, analyze them, and sell conclusions to anyone who subscribes to their web resources.
To increase the level of anonymity, experienced crypto investors use mixing services, with the help of which one large transaction can be split into many small ones. This reduces the likelihood of setting the complete chain and transaction details. Among the famous mixers are Blender, BitcoinMixer, BMC Mixer.
Is it safe to invest in crypto
Bitcoin, Etherum, Tether, as well as other advanced cryptocurrencies are well protected. Determining the degree of their protection is simple. Just look at the number of people involved in cryptocurrency mining. The more such people, the safer the currency.
However, there are vulnerabilities that can be exploited by attackers to steal cryptocurrencies. The most serious is the so-called “51% attack”. It occurs when 51% of cryptocurrency miners’ machines confirm a transaction that did not actually take place. It is technically difficult to do. However, there are a number of cases where such attacks have taken place. For example, two such attacks were carried out on the Ethereum Classic network last year, resulting in the loss of more than $7 million.
Attacks on cryptocurrency exchanges and platforms are more common. The vast majority of thefts are caused by vulnerabilities in the protection systems of such web resources. In August of this year, hackers withdrew $600 million in assets from the Poly Network platform. Between March and May 2021, attackers stole funds from more than 6,000 Coinbase users’ accounts. And the total amount of cryptocurrency infrastructure losses due to cyberattacks in the third quarter of this year reached more than $1.1 billion.
A common method of stealing money from wallets is the clipper virus. It works on the infected device in such a way that, at the time of filling in the data for the transaction, replaces the recipient’s address with the data of the attacker. Therefore, an inattentive sender voluntarily sends funds to the wrong address.
Where to keep cryptocurrencies
Despite all the risks associated with the theft of cryptocurrencies, this market has many advantages. Low entry threshold, availability, potentially high profitability compared to traditional investment markets
There are several types of cryptocurrencies:
Desktop – installed on a PC and may require Internet access.
Mobile – smartphone applications.
Hardware – usually looks like a flash drive and has an additional authentication mechanism.
Web wallets are only available online.
Paper is typically a printed QR code with a passphrase.
Cryptocurrencies can be divided into hot and cold. The hot ones require access to the Internet, and the cold ones are located on a device isolated from the network. Wallets are also divided into thick and thin. Thick wallets allow the user to keep a local copy of the history of all transactions on the device. In thin, access to such a copy is only available through the network.
The safest place to store cryptocurrencies is a cold hardware wallet. Obtaining unauthorized access to hotspots, including web wallets, is a simple task for a skilled hacker. Data for access to such wallets can be picked up or stolen by phishing or hacking mail/login and password. We talked about these types of cyberattacks earlier.
There is only one rather complicated method for breaking cold hardware wallets – brute force. The mechanism of brute force is to search through all possible variants of the key or mnemonic phrase-password, which can take more than one hundred years. This method requires physical access to the device.
However, there are nuances with some hardware wallets. There is a possibility of errors of developers at the stage of cryptocurrencies development. There was a vulnerability in the Trezor wallet, which during the firmware update transferred a mnemonic phrase to access the wallet in RAM. After receiving the RAM data, the attacker could identify such a phrase.
To safely invest in cryptocurrencies, we recommend:
For active transactions, you should download a thin hot wallet or use a mobile or web application, but keep only operating funds there.
Use a cold hardware crypto wallet to store the underlying asset.
Use two-factor authentication on wallets of any type.
Choose open-source cryptocurrencies.
Create separate wallets for each cryptocurrency.