Bitcoin hacking: Should it make you reconsider investing?
We chat cryptomining malware with Benjamin Cruz, principal threat researcher at Cylance, and explain how new bitcoin investors can protect themselves.
Bitcoin, the world’s first cryptocurrency, started out as the currency of the Internet, but today its users have extended far beyond online forums. Bitcoin’s recent surge in value and the increasing interest of governments have pushed it well and truly into the mainstream, but this has also made it a target for hackers.
Despite bitcoin and other cryptocurrencies being extremely secure, they are still vulnerable to hackers.
Principal threat researcher at AI and cybersecurity software firm Cylance Benjamin Cruz says that most cryptocurrency vulnerabilities are in users' own wallets.
"The users most likely are not tech savvy in terms of securing their wallets, which is where they save their coins," he said.
While online bitcoin exchanges such as Coinjar are available, Cruz says a lot of new users are saving bitcoins locally on their computers. This leads to security issues.
"We saw a lot of malware using what we call a zero-day exploit," Cruz said.
Zero-day exploits refer to a hole in software that is not immediately known to the original developer, giving hackers time to exploit the hole before it's fixed.
"They are using that [security hole] and including that in the malware so that they can get into the systems of the users. So, once they're inside the users, they will install backdoors and install the cryptomining applications. So, that's where they would start stealing information, stealing the wallet. That's how they get the coins."
What users are targeted?
So far, hackers have targeted a range of users. Cruz says there are no "set" users that they choose to target.
"If they have a vulnerable system, a hacker would just scan the Internet with any system with a vulnerability and that's where they can get hold of the users most likely having a coin."
"If they get into the system and then figure it might have a possibility of coins, they would download the coin miner or steal information from their system. If there are no coins, then they might just encrypt the whole system like a ransomware, so that they get paid bitcoin."
How do you ensure your bitcoin is secure?
Cruz says that while there are vulnerabilities in the system, there are ways to secure cryptocurrencies.
"You have to secure it by encryption. If you are using online exchanges, you have to enable the multi-factor authentication so that even if the hackers are able to get hold of the password, they would fill other layers of security."
Cruz suggests multi-factor authentication, where you can have your mobile phone as a second layer of authentification.
"If it's on your local computer, then you can enable encryption. There's also multi-signature encryption, such multiple keys securing your wallet."
Should you reconsider buying bitcoin?
Cruz says you have to consider security with any investment.
"It shouldn't stop anyone from looking into cryptocurrencies just because there are security concerns," he said.
"For any users that are really new into cryptocurrencies, they have to be aware of what they're getting themselves into. I believe most of them are probably not into securities. So, it's best to educate yourself."
Cruz offers the following tips for newcomers looking to invest in cryptocurrencies:
- Be wary of the dangers of being connected to the Internet
- Always update and patch systems to close any vulnerabilities
- Do not open unsolicited emails and always check the links for possible phishing attacks before clicking them
- Enable multi-factor authentification on online accounts whenever possible
- Protect yourself by using a firewall and next-generation antivirus software, such as CylancePROTECT
- “Have we actually delivered?” FinTech Australia chair calls out fintechs, banks
- How Australia’s fintech SME lenders have learnt from the US
- NAB launches Google Pay across its debit and credit cards
- Why Afterpay is capping its late fees to 25%
- Alipay users can now use the ewallet to pay Australian BPAY bills