Holding assets in crypto is a risk.

Like any investment, there is no guarantee that the chosen crypto is going to hold value.

There is a chance of sudden changes in the liquidation of the currency.

Yet, a hefty award awaits the patient investors.

In 2022, companies counted the record sum of $3.8 billion stolen in crypto, adding hacking risk to that list as well.

Since the market has been expanding and the number of hacking threats increased, protecting crypto wallets has become a matter of cyber security now more than ever.

How to protect crypto wallets from modern threats?

Which common cyber incidents should you know about to take better care of your virtual investments?

Cyber Attacks

The most common hacking threats that can lead to drained crypto wallets are:

• Ransomware
• Insider threats
• Crypto malware

Ransomware Groups

The most dangerous and damaging cases of ransomware can be linked to organized groups that offer ransomware as a service and are mostly involved in high-profile cases.

They use their own version of ransomware – the type of malware that locks either some of the files, can obtain sensitive data, or even lock entire infrastructures.

Once the malware is in the system of the victim, the hackers demand ransom in crypto, in the exchange for offering a key that unlocks encrypted documents.

Some of the most prolific and notorious ransomware groups that every crypto enthusiast should know about are:

• Black Cat – known for its involvement with another group (DarkSide) responsible for the Colonial Pipeline in 2021.
• LockBit – the group that targeted the Royal Mail in January, stopped international shipments for two weeks and is currently threatening to release sensitive data to the public.
• Hive – a highly active group using phishing emails as a vector and targeting the industrial sector, healthcare, education, and more.

Malware Designed to Mine Crypto

Crypto malware is the type that enables illicit access to users who can then mine crypto using the devices or servers of their victims.

In most cases, this is possible due to a successful email phishing campaign. The victim either opens the link or downloads the attachment that contains the malware.

Fraudulent phishing websites contain malicious code that is activated unintentionally by the victim.

As a result, the malware is installed on the user’s device and grants threat actors illicit access.

Insider Threats

Having cybersecurity that guards the company against external hacking is not enough.

The access has to be restricted following zero trust policies that limit access for users based on their roles. This can prevent insider hacking threats.

One of the most well-known cases of insider threats relating to crypto is that of FTX, a former cryptocurrency exchange company that went bankrupt following the hacking. The company collapsed over ten days in November 2022.

Unsophisticated methods have been used to damage the company and the insider threat actor who is responsible for the incident is known to the authorities.

In this attack, $415 million worth of crypto was obtained by the insider.

Crypto Scams

Although many people typically think of more sophisticated hacking cases, past cases of stolen crypto have shown that threat actors still heavily rely on old techniques such as social engineering to illegally obtain crypto.

Some of the most common cryptocurrency scams to be ready for in 2023 are:

• Phishing
• Crypto ATM fraud

Let’s break those scams further.

Phishing For Crypto

In most cases, the hackers will have readily available crypto phishing sites. The victim gets the link for the scam website impersonating a crypto trading platform in their email.

Once they click on it and type in their credentials and the recovery phrase, the criminal has all the information they need.

The victim often unintentionally reveals information if they don’t notice that the site is impersonating a reputable domain. For instance, the domain name might look the same at first glance but have a single different letter inconspicuously thrown in.

However, not every phishing case occurs in the anonymity of an email or even targets individual users.

In their letter, the metaverse game engine known as Webaverse disclosed that they have fallen victim to a phishing scam that started with email correspondences and video calls.

Once the scammers gained the trust of their victims, they arranged a meeting in person. It took place in a hotel lobby in Rome where the criminals took a photo of the Webarse’s balance.

The scammers who have impersonated investors stole $4 million from the company’s Trust Wallet and walked out of the lobby without turning back.

Crypto ATM Fraud

In this one, the scammer creates a sense of urgency for the user – a reason for the need to withdraw funds at a specific Bitcoin ATM.

For the transfer of funds, the criminals provide the victim with a specific QR code.

This type of fraud has all the elements of typical fraudulent behavior – including time pressure and specific instructions that have to be followed.

However, many people fall for this scam because the threat actor impersonates an authority figure or organization they trust, such as a law officer or a bank official.

Better Cybersecurity to Safeguard Crypto

In a nutshell, as the crypto industry grows, it’s facing more challenges. Hacking and social engineering scams are some of them.

Mentioned scams and attacks are not an extensive list of all the possible threats but do cover those that are common and not likely to go away in 2023.

Both businesses and individuals that invest and keep their funds in crypto should protect their assets to get the most out of their investments.

Getting to know how scammers target their victims can aid both crypto-savvy individuals and companies to guard their virtual wallets better.

This also requires stronger, more robust cybersecurity for the platforms that enable the trading of crypto.