For people who trade and hold cryptocurrency, security is pretty high on the list of concerns. It’s not hard to see why; a digital currency based entirely online, often with an enormous value, poses all kinds of security worries.
Fortunately, cryptocurrencies are built on blockchain technology, which is notoriously difficult to hack and tamper with. Due to its immutable structure and decentralized, distributed nature, even the most advanced hackers find it near impossible to defeat the blockchain, and any suspicious behavior is flagged almost immediately.
However, that doesn’t mean your cryptocurrency is completely safe. One big vulnerability is in the crypto wallets which people use to access and store their money. These wallets don’t contain any actual ‘coins,’ instead, they contain unique security keys which can be used to access, withdraw, and trade your cryptocurrency.
Since the wallets are stored online and aren’t protected by the blockchain, they’re a perfect target for hackers. If they can get hold of your security keys, they can get hold of your cryptocurrency.
It’s still tricky to do this, but sophisticated hackers can and do steal huge amounts of money from digital wallets. The Parity hack earlier this year is just one example of how hackers infiltrated a popular wallet to steal more than $30 million worth of ether.
How does the Attack Work?
For hackers looking to get their hands on a crypto wallet, there are a number of options. One common choice is the SQL attack, which is where hackers inject malicious code into a website or web application, often via data input forms like login pages.
This code then manipulates the software into revealing data, such as the security keys of a wallet’s users.
It isn’t an easy task, but it has been done before. In 2014 hackers used this technique to hijack Vericoin, and steal eight million of their VRC tokens, which at the time amounted to 30 percent of all their coins. The total loss was thousands of dollars, but without quick action, it could have been up to $2 million.
Another method favored by cryptocurrency hackers is cross-site scripting. This is where the attacker uses a legitimate website or app to execute a malicious code and deliver it to the victim’s browser.
In other words, the targeted site acts as a vessel for the harmful code, which can be used to intercept information, like login details, between the client and the server.
These attacks can be highly damaging, so how can companies stop them? The most effective way is by using a Web Application Firewall, or WAF.
Using a WAF to Thwart Hackers
A WAF applies a series of rules to an HTTP conversation to detect and block attacks like the ones above. In other words, they put a framework of rules in place that filter out malicious traffic and keep the site or app protected.
Incapsula’s cloud-based WAF is a prime example. This software acts as a gateway to web applications and uses information collected from the security team and its own network to make sure defense is as accurate and effective as possible.
There are plenty of cases where WAFs have made all the difference in security. eToro, an online trading company, was struggling with a wave of DDoS attacks when they turned to Incapsula for help. The Incapsula WAF was able to overcome the attacks and prevent any future issues with malicious traffic.
Another example is when blinkbox, a movie, and TV streaming service, used Barracuda’s WAF to stay safe during the process of uploading their content to the cloud.
Although it can have a huge impact, this technology isn’t directly aimed at the end-users of wallets and similar software applications. Instead, it’s a way for the owner of the platform to ensure the service is as safe and reliable as possible.
Users should still try to stay aware of the security measures their chosen wallet is using, and take some time to decide if it’s secure enough for them. Remember that wallets are one of the weaker points in the cryptocurrency infrastructure, and a large number of hacking attempts focus on them.
If you keep the majority of your coins in one wallet and fail to research the security measures of the wallet provider properly, you’re putting all of your digital currency at risk.
Ultimately, it’s the user’s responsibility to make sure their own digital assets are safe. This can be done by using offline wallets, using more than one wallet, and sticking to service providers who have a solid track record when it comes to security.