We live in a world where we keep thousands of dollars hidden not under our mattress, but on a blockchain wallet on our computer. Cash is no longer king as using cryptocurrency as a means of exchange is becoming more attractive with each day. But while a mattress is enough for cash, you need far more expertise to keep your crypto safe.
While storing cash involves adding a physical layer of protection, like a safe, protecting your crypto warrants a digital layer of protection. Crypto malware – a type of malicious software – can easily steal your crypto savings from those with limited cybersecurity knowledge. However, preserving ownership over your assets isn’t impossible.
Today’s article explains crypto malware and how it works. I will teach you everything you need to know about protecting your cryptocurrency – no matter where you store it. You will also learn how to avoid coming into contact with various scams, malicious files, and links.
Crypto malware is a category of malicious software that – upon infecting your computer – performs a series of illegal activities involving cryptocurrency. Examples include mining cryptocurrency, file encryption in combination with extortion, transactions carried out by a 3rd-party, and so on.
Your computer can host undetected crypto malware and leave cybercriminals with unlimited access to your device – and thus, cryptocurrency. You can come in contact with such malware by interacting with malicious files, websites, applications, and other digital interfaces. This often happens when you don’t check the source of the file or verify links.
A recent report by blockchain security firm Chainalysis notes that cyber criminals stole $3.8 billion worth of crypto assets in 2022 alone. Although most of the hacking activity involved DeFi exploits, a significant amount of funds involve hacks targeting individual investors.
Over 90% of hacks involved DeFi dApps while the remaining amount mostly accounts for centralized services. In 2021, private hacks targeting investors accounted for roughly 10% of the crypto stolen that year.
The report indicates that hackers have shifted the trend and now target large DeFi protocols rather than users. However, that does not mean that users are not at risk anymore. The NFT sector alone had millions of dollars stolen last year as investors unknowingly interacted with malicious files and links.
The case is that cryptocurrency ownership moves towards a non-custodial model as investors switch from centralized exchanges to DeFi protocols and blockchain wallets. Delegating custody to CEXs meant that the exchange itself had to handle security. But a return to self-custody means that investors have to protect their assets on their own from now on.
So, what kind of crypto malware do you have to fend off?
Many types of crypto malware exist. The most popular malware includes:
All three types involve certain degrees of manipulating your device. For example, cryptojacking boils down to using your computer’s processing power for mining cryptocurrency. Ransomware is limited to encrypting files and extorting you for money. Finally, smart contract exploits involve draining funds from your blockchain wallet.
To keep things concise and help you understand each category one step at a time, I’ve decided to write a section for each aforementioned malware. The sections below offer examples for cryptojacking, crypto ransomware, and smart contract exploits.
Proof of Work blockchains utilize cryptocurrency mining as a way to generate new coins and confirm transactions. Mining involves solving complex mathematical problems in return for monetary rewards. Mining is completely legal, and those who mine earn the network’s native token.
Cryptojacking is a criminal activity that involves mining crypto on another person’s device without their permission. The malware infecting someone’s computer will continuously mine a certain cryptocurrency and remain undetected while doing so. It will also harness all of the computer’s processing power and severely impact its performance and health.
Cryptojacking might seem unprofitable at first. An individual computer cannot generate that much profit in a short period of time. Moreover, the machine might have limited processing power. But the attacker doesn’t target only one user. He targets thousands and thousands of users at the same time.
The attacker might create a torrent of a popular game or movie and attach a cryptojacking malware to it. Or he might scam you by publishing trading software, investing strategies, or other kinds of documents that promise riches but deliver demise.
You might not even find the malware on your computer. Not because it is undetectable, but because it is stored outside of your computer. You might interact with a malicious website that has a script running that automatically infects your computer.
You might not lose any crypto because of a cryptojacking attack. But you’ll certainly lose the ability to use your device like before. It might become too slow to use without you knowing why. However, the more dangerous fact is that if you were susceptible to a cryptojacking attack, you will likely lose assets in a more severe attack.
Ransomware is another difficult and costly type of malware – at least for the infected individual. Ransomware encrypts the files on your device and extorts you for money. Such malware usually has a timer running, letting you know when it will delete your files if you don’t send cryptocurrency to the attacker.
The most popular example of crypto ransomware is the WannaCry hack that emerged in 2017. WannaCry was a global cyberattack that infected over 300,000 computers. It encrypted the files of those infected and demanded cryptocurrency in return for unlocking files.
The attack reportedly extorted 327 users for an amount of up to $130,000. WannaCry was incredibly effective due to the fact that it used an exploit generated by the NSA – called EternalBlue – that could make copies of itself and rapidly spread to other devices on the network.
Much like cryptojacking, ransomware attacks do not involve directly stealing cryptocurrency. Such attacks target your files and extort you for money. In this sense, ransomware attacks such as WannaCry target non-crypto users as well. But whichever group it is, ransomware demands costly crypto payments.
One outcome of not sending crypto to the attacker is that he deletes your files. But a more worrisome outcome is that he sells your private information to the dark web. This might be an even costlier option if the infected device is part of a business.
Certain ransomware utilize so-called shock and fear tactics. The virus does not actually perform any encryption, it only scares you into believing so. However, it’s worth noting that this isn’t the case in most situations.
Attackers deliver ransomware mostly through files and attachments. You might receive a word document, a spreadsheet, or a very attractive attachment that screams ‘OPEN ME.’ Whatever the case, don’t download files from anonymous strangers.
Smart contract exploits come in all shapes and sizes. One type targets DeFi lending protocols and performs flash loan exploits that drain funds. Another type targets non-lending protocols, interacting with smart contracts of a yield farming dApp or DEX that drains funds from liquidity pools (LP). The opportunities are endless.
The most common exploit for you, the investor, is interacting with a fake dApp. Someone might create a website and copy-paste the entire layout of your favorite dApp. The attacker then adds smart contract functionality to the application. The final result is that you interact with the attacker’s wallet, instead of the official dApp.
The logical way of counteracting such exploits is to double check the websites you interact with. Go to the official Twitter page of your project and click the link in the bio. Googling terms such as Uniswap, Yearn Finance, SUSHI, and so on might yield search results that lead to other malicious websites.
The exploit works in such a way that you grant permission to the attacker the moment you connect your Web3 wallet to a malicious website. The attacker configures the website’s smart contracts in such a way that he can drain your funds and confirm transactions in your stead.
Unlike the previous two cases, the attacker doesn’t need to inject your computer with actual malware. All he needs you to do is to fall for his scam and interact with a clone-website of the dApp you have intended to use. This makes it even scarier because the attacker needs to make minimal effort to gain unlimited access to your funds.
Last but not least there is ‘standard crypto malware.’ This is any computer virus that you download that has the capability to read and scan files on your computer. In certain cases, the virus can perform actions on your device without your knowledge.
The objective of such malware is to steal cryptocurrency from your computer. It accomplishes this objective by scanning your device for seed phrases and private keys – which are usually stored on the device itself when using software wallets. Or it may simply monitor the password you use to log into your wallet and then drain it.
Much like smart contract exploits, standard crypto malware carries a lot of power. It has the ability to steal large swaths of wealth right before your eyes. You can risk having your computer infected with such malware by downloading malicious files and software.
Protecting yourself from crypto malware and protecting your wealth comes down to improving your digital hygiene. Much like you wash hands before eating to not catch unwarranted bacteria in your mouth, so much you check links and files before accessing them. Remember, malware never magically appears on your device.
Getting infected by crypto malware is – in this vain – similar to trading. You have no one to blame but yourself when you lose money. So to protect yourself, make sure to follow these 10 essential tips to practicing perfect digital hygiene as a crypto investor:
For avoiding special cases such as ransomware attacks, I also recommend backing up your files regularly. You can avoid sending crypto to the attacker since you can simply let him delete the files and reinstall your operating system. However, you still carry the risk of having your personal information sold on dark net markets.
The internet has helped connect everyone. And now that finances are turning digital, our wealth is on the internet as well. But all the ease of use we gain from digitalization comes with a heavy price: cybersecurity risk. Buying crypto on your computer is now as easy as losing it to a hacker – all you have to do is open the wrong link or download the wrong file.
But protecting yourself from malicious individuals is no difficult feat. I've been part of the cryptocurrency market for over 5 years now. I have tried out all the latest trends as they took place. And in these 5 years, I have never lost money to a hacker – I stayed loyal and lost money to exchanges and rugpulls.
You must practice excellent digital hygiene if you wish to preserve ownership over your digital assets. Some find it easy, as they’ve been on the internet for decades and now all the ins and outs of interacting with the online world. But those who don’t use our magical world apart from Facebook, Youtube, and Twitter might find themselves in a pickle.
The bottom line is that preserving your assets might be difficult – but it isn’t impossible. All you have to do is double-check files, links, and dApps. Someone might even trick you with some good ol’ social engineering, but we’ve already learned as kids not to talk with strangers.
Want to learn more about keeping your crypto funds safe? Then these articles might come in handy:
Each day Shrimpy executes over 200,000 automated trades on behalf of our investor community. And joining them is easy.
After you sign up and connect your first exchange account, you’ll deploy an investment-maximizing strategy in as few as 5-minutes.
Whether you create your own rebalancing strategy or completely custom automation, the ability to walk your own path belongs in the hands of every crypto investor.
Explore the pros and cons of investing in Bitcoin. Learn about its history, how it works, and whether Bitcoin is a good investment for you.
This list of the top 15 crypto influencers shows you everyone you need to follow in 2022 in order to get the most out of your social media experience.
Coinomi is a versatile multi-chain cryptocurrency wallet launched in 2014 trusted by millions of crypto investors due to its wide range of features and tight security.