Though Bitcoin’s value has taken a hit, it is making a gradual comeback after a big slump, almost doubling in value since December. And when Bitcoin (and other crypto currencies) become more valuable, bad actors notice. Threat actors have always targeted crypto currency wallets or exchanges, but increasing exchange rates make these currencies a tempting target.
Will Managing Your Own Crypto Wallets Keep You Safer?
Most believe that it is safer to manage your own crypto wallet (if done correctly). If an exchange or online wallet manages your private key, they control your crypto currency. And as recent history shows - from exchanges being hacked, going bankrupt, or the founders just taking the money and disappearing - that isn't always a good thing!
Since crypto exchanges are not as regulated nor insured like most banks are, if something happens to the exchange or online wallet, in most cases, you will lose your crypto currency. This is the reason many people choose to use local crypto wallets. There are many different crypto wallets for all the operating systems, desktop and mobile.
So does that mean that having your own local wallet makes you completely safe? Unfortunately not. This has been an active year for crypto wallet stealing malware, which target browser extensions and operating systems - from macOS and Windows to Android.
The goal is always the same: to steal your crypto wallet's private key(s) or recovery/seed phrase. Having a wallet's private key is like having root on an OS. It gives you total control. A threat actor will use the private key to transfer funds into a wallet only they control. And having the recovery/seed phrase allows reconstructing all the private keys of a wallet, ultimately giving the same access.
Infostealer Malware
Malware that steals your crypto wallet's information is often referred to as an "infostealer" because the malware also tries to steal other information, such as credit card details and credentials for bank accounts, crypto exchanges, email access, and so forth.
It makes sense from a threat actor's perspective. If you are already able to successfully infect a system, why not gather other potential valuable data as well?
This year, we have seen many new and updated infostealers and the campaigns using them.
Notable Infostealers On the Rise
Realst: This is a massive ongoing campaign targeting macOS devices. Realst is distributed in the form of blockchain games, because who better to install blockchain games than people who keep their wealth on the blockchain?
CherryBlos: This one has a neat feature that uses OCR (Optical Character Recognition) to scan photos and screenshots and extract text from them. Many people take screenshots of their recovery/seed phrase, and CherryBlos uses these screenshots to capture the phrase.
BlackGuard: This infostealer is more than a year old, but recently updated to target (57) crypto wallets and crypto extensions. This malware is being sold as Malware-as-a-Service (MaaS) for $200/month or a lifetime fee of $700. We can conclude that their big update probably means there are plenty of people subscribing.
And these aren't the only ones on the market. With Malware-As-a-Service becoming more prevalent, even low skilled threat actors have access to powerful malware.
Best Practices for Crypto Wallet Security
So how to best keep your crypto currency secure? The best way to ensure wallet security is to use a paper wallet that contains your private key and/or seed phrase and store it in a physically secure location. A paper wallet is nothing more than a paper version, which means there is nothing to be hacked. The only risk is having it physically stolen.
However, this also means you cannot send any crypto currency until you actually enter the private key, or more likely seed phrase, into a wallet, which then makes you vulnerable to infostealers again. So, unless you want to keep your crypto currency safe by doing no transactions (!), this is not the ideal method. Though still a very good way to backup your crypto wallet!
Another option is a hardware wallet, generally a USB device that holds your private key(s) and can sign transactions when connected to your computer. This method is also vulnerable to malware, though less malware exists that specifically targets the hardware device.
The Importance of General Computer Hygiene
This means that general computer hygiene is very important. Having everything up to date like your operating system, virus scanner etc. will allow you to catch at least some of the malware. This is of course true for any type of malware, not just the ones trying to steal your crypto wallet. Another way to safeguard your systems is to not install software or games from untrusted sources, not click on suspicious links, etc.
"There are only two types of companies: Those that have been hacked and those that will be hacked." - Robert S. Mueller III, former director of the FBI
There is one last line of defense that is important as well. Robert S. Mueller III, former director of the FBI, famously said: "There are only two types of companies: Those that have been hacked and those that will be hacked."
This statement holds true for most home users. Even with good computer hygiene, there is always a chance malware does make it onto their home computer, phone, or other digital device.
The Role of HYAS Protect At Home
This is where HYAS Protect At Home can help. HYAS Protect is an industry-leading Protective DNS solution specifically designed to detect, block, and protect organizations from threats like phishing, malware, and ransomware. Many organizations around the world use HYAS Protect as both an early warning signal and the last line of defense for network protection.
One thing all infostealers have in common is they must always send the stolen data back to the threat actor. We detailed how they do this by using threat attacker infrastructure in this recent blog post.
HYAS has unrivaled knowledge about threat actor infrastructure. So, when malware attempts to send back your precious private key or seed phrase, our free HYAS Protect At Home solution can detect it, block it and warn you, keeping your crypto currency safe.
