New Dog, Old Tricks: Reducing Cryptocurrency Phishing Vulnerabilities | #cloudsecurity | #education | #technology | #infosec

While the blockchain on which a user’s chosen cryptocurrency operates may be relatively secure from a hacker’s prying eyes, users still need to be vigilant with their own wallets—especially if they’re accepting cryptocurrency for their business. Here’s why.

Don’t Leave Your Keys Lying Around

Hackers don’t have to go directly after Bitcoin or Ethereum technology to score big in a cryptocurrency heist. Instead, they may choose to target individual wallets. Bitcoin wallets are protected by public and private “keys,” long strings of numbers that are difficult—but not impossible—to hack. Users store private keys on their computers or in the cloud and may do the same with their public keys, a process that should immediately raise red flags for security experts.

Key attacks are growing in frequency. In December 2021, hackers stole the keys to two ‘hot’ cryptocurrency wallets—wallets that are continually connected to the Internet—from trading platform BitMart and got away with nearly $200 million in cryptocurrency. And in 2019, cryptocurrency enthusiasts discovered the Blockchain Bandit, a user who was successfully guessing weak keys that users may have generated, and getting away with their riches. It’s the cryptocurrency equivalent of a user getting hacked because they used password123 for their bank accounts.

For business owners, it’s especially important to consider the vulnerability of public and private keys. Many businesses are beginning to accept bitcoin and other cryptocurrencies as forms of payment, meaning they’ll need to keep track of public and private keys to access some of their revenue. This opens opportunities for hackers to come after money through old tactics like phishing and malware attacks, especially through email.

One simple click of a link in a phishing email can give hackers access to an entire inbox, or cloud drives. So how can businesses keep their keys, and ultimately their cryptocurrency revenue, safe from hackers?

Don’t Generate Private Keys

At a minimum, business owners shouldn’t generate private keys on their own—no matter how invulnerable they think the number is. But once a private key has been generated by a trusted source and lives on a user’s computer/in the cloud, taking basic email security steps can help significantly reduce the chance a business’ wallet will be compromised.