📕 BETTER THAN YESTERDAY WITH BSCSTATION #9: Blockchain Attacks You Should Know Part 2

Blockchain is a relatively new technology originally created to support Bitcoin. However, the technology’s popularity has soared, and people are discovering that blockchain has uses that go beyond cryptocurrency. This newfound popularity, naturally, begs the question of blockchain’s safety and integrity.

In the last part of Better Than Yesterday with BSCStation #8, we covered the “Blockchain Network Attacks” topic. So today, let’s dive into another “Blockchain Attacks You Should Know” sector to gear up with precious knowledge and submerge yourself in the fast-paced developing industry.

The topic of this week will be “User Wallet Attacks".

Blockchain and cybersecurity go together like salt and pepper until people interact with them. Blockchain users pose the greatest security threat. They know about the use of blockchain in cybersecurity and overestimate the security of the blockchain. Therefore, user wallet credentials are the main target for cybercriminals.

To obtain wallet credentials, hackers try to use both traditional methods like phishing and dictionary attacks and new sophisticated methods like finding weaknesses in cryptographic algorithms. Here’s an overview of the most common ways of attacking user wallets.

Phishing Attack

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to installing malware, freezing the system as part of a ransomware attack or revealing sensitive information.

Email phishing scams

Email phishing is a numbers game. An attacker sending out thousands of fraudulent messages can net significant information and sums of money, even if only a small percentage of recipients fall for the scam.

For one, they will go to great lengths in designing phishing messages to mimic actual emails from a spoofed organization. Using the same phrasing, typefaces, logos, and signatures makes the messages appear legitimate.

In addition, attackers will usually try to push users into action by creating a sense of urgency. For example, as previously shown, an email could threaten account expiration and place the recipient on a timer. Applying such pressure causes the user to be less diligent and more prone to error.

Lastly, links inside messages resemble their legitimate counterparts but typically have a misspelled domain name or extra subdomains.

Spear phishing

Spear phishing targets a specific person or enterprise, as opposed to random application users. It’s a more in-depth version of phishing that requires special knowledge about an organization, including its power structure.

An attack might play out as follows:

A perpetrator researches the names of employees within an organization’s marketing department and gains access to the latest project invoices.

Posing as the marketing director, the attacker emails a departmental project manager (PM) using a subject line. The text, style, and included logo duplicate the organization’s standard email template.

A link in the email redirects to a password-protected internal document, which is in actuality a spoofed version of a stolen invoice.

The PM is requested to log in to view the document. The attacker steals his credentials, gaining full access to sensitive areas within the organization’s network.

By providing an attacker with valid login credentials, spear phishing is an effective method for executing the first stage of an APT.

Dictionary Attacks

During these attacks, a hacker attempts to break a victim’s cryptographic hash and salt by trying hash values of common passwords like password1. By translating clear text passwords to cryptographic hashes, attackers can find wallet credentials.

Vulnerable signatures

Blockchain networks use various cryptographic algorithms to create user signatures, but they may also have vulnerabilities. For example, Bitcoin uses the ECDSA cryptographic algorithm to automatically generate unique private keys. However, it appears that ECDSA has insufficient entropy, which can result in the same random value in more than one signature.

Flawed key generation

Exploiting vulnerabilities in key generation, the hacker known as Johoe got access to private keys provided by Blockchain.info in December 2014. The attack happened as the result of a mistake that appeared during a code update that resulted in poor randomness of inputs for generating public user keys. Though this vulnerability was quickly mitigated, the flaw is still possible with the ECDSA algorithm.

Attacks on cold wallets

Hardware wallets, or cold wallets, can also be hacked. A new type of malware has been detected within internet forums, and more specifically within the world of cryptocurrencies, attacking especially to cold wallets or cold cryptocurrency wallets. Erbium is a new virus released as a service for those who want to carry out a cyber attack. It was first seen in July 2022 and has accumulated a large number of victims so far.

Erbium primarily targets e-wallets, a 2-factor authentication (2FA) and password management software. It uses the content delivery network from Discord and has the ability to steal passwords, autofill and cookie data from various browsers and email clients. It can also take screenshots of the desktop. Most of the cryptocurrency wallets it targets are browser extensions. However, the malware has also targeted the cold wallets in particular.

The new malware is usually found posing as applications, cheats or cracks in free hosts. In this way, the attackers promote products and distribute the file through forum posts, web pages, and even YouTube videos.

Attacks on hot wallets

Attackers try to identify and exfiltrate sensitive wallet data from a target device because once they have located the private key or seed phrase, they can create a new transaction and send the funds from inside the target’s wallet to an address they own. This transaction is then published to the blockchain of the cryptocurrency of the funds contained in the wallet. Once this action is completed, the target won’t be able to retrieve their funds as blockchains are immutable (unchangeable) by definition.

Tips for Preventing Wallet Attacks

Microsoft has been on the front lines to help protect users against crypto wallet malware. The company has provided a number of tips for protecting users’ hot wallets. 

• Keep hot wallets locked when the user is not actively trading, and disconnect sites that are connected to the hot wallet. 

• Do not store private key information in plain text format (which can be easily stolen), and use care when copying and pasting password information.

• Terminate a browser session every time a transaction is completed. 

• Be on the lookout for suspicious links to wallet websites and apps, and double-check crypto wallet transactions and approvals. 

• Don’t share private key information or seed phrases; seek out wallets that use multifactor authentication. 

• Use hardware wallets that store private keys offline. 

• Double-check the full file extensions of the files that you download. 

About BSCStation

BSCStation - The fully decentralized protocol for launching new ideas. An all-in-one Incubation Hub with a full-stack Defi platform across all main blockchain networks. We provide exclusive services including IDO/INO Launchpad, Yield farming, NFT Auction, Marketplace, and BSCSwap

BSCStation operates on top of all the main blockchain networks and is designed to offer maximum value to consumers and institutions.

BSCStation platform uses the Sharing Economy Model for the purpose of profit-sharing, helping users to access DeFi platforms in the easiest, safest, and most cost-effective way. BSCStation is the most convenient bridge to connect users and application products on all main blockchain networks.

Website | Telegram | Substack | Twitter | Channel

The information provided in this article is intended for general guidance and information purposes only. Contents of this article are under no circumstances intended to be considered as investment, business, legal or tax advice. We do not accept any responsibility for individual decisions made based on this article and we strongly encourage you to do your own research before taking any action.