Thousands of users are exposed daily to many forms of fraud and piracy. According to the latest statistics for the year 2023, approximately 889 million dollars in encrypted assets were lost. This is due to many reasons and loopholes, some of which are technical, some are software, and some are due to coincidence, perhaps due to the user’s ignorance, lack of awareness, or complacency.
Most of the thefts that occur are directly related to or based on one of these methods:
Social engineering:-
●One of the primitive methods, based on phishing, in which the attacker studies the victim’s interest - usually targeting gullible victims - and relies on electronic promotional messages in which he uses reverse engineering and collects information from them to penetrate the victim’s connected devices, and this enables him to obtain the stored security keys and thus complete control. In all wallets with ease.
●This method has a low risk.
●This type of attack can be avoided by carefully dealing with all spam emails and ensuring that two-factor authentication (2Factor Authentication) is activated.
Guess the secret words Brute-force-attack:-
●Most of us use wallets based on the BIP39 protocol
It is an algorithm standard that relies on only 2048 words. If, for example, you download TrustWallet and create a wallet that gives you a private key for recovery and secret words as well (recovery phrase), this list was not chosen randomly, but was chosen carefully, so that there is no more than one word that begins with the same word. The first four letters, the wallet words are generated randomly based on these complex mathematical algorithms. After that, the wallet uses the random wallet words to generate the wallet’s private and public encryption keys, usually consisting of 12 or 24 words. Of course, all of these conditions make the guessing process difficult, but with the recent AI wave and the development of quantum computers, the risk rate has increased, and spelling guessing has become not as difficult as expected.
●Threat rate from low to medium.
●This type of attack can be avoided by using trusted wallets only, as most of the thefts that occurred were the result of sharing spell checks with a third party.
Cloned websites and mined contracts:-
The majority of wallets are targeted by these methods, in which an official website is forged by changing the domain or a number of characters, and once the user falls into the trap, the hacker can obtain the signature and complete control over the wallet’s assets.
Another common reason is dealing with forged smart contracts, which are usually injected with codes and calling functions such as initWallet that can pass on the wallet address and seize it.
●The threat rate of these attacks is high.
●We can protect ourselves by not interacting with contracts except after confirming their nature, as well as verifying the HTTPS protocol when linking to any site, and when any suspicious movement is detected, the window must be closed. Also, continuous updating of all programs is sufficient to give us the necessary protection.
Thefts linked to security vulnerabilities:-
● They are usually few, but one must be alerted because they are of high risk. Examples include cold wallet vulnerabilities and block chain vulnerabilities (nodes vulnerabilities). For example, immediate cancellation of transactions was not allowed, but increasing the commission contributes to passing the transfer. This mechanism allows changing the recipient and sending the currencies back to the sender. This requires advanced technological knowledge and is usually linked to the developer of the currency itself, as well as attacks associated with decentralized platforms such as sandwiching attacks carried out by bots by manipulating slippage levels and other vulnerabilities that we can discuss in more detail and understanding. Its mechanism will be covered in upcoming topics....
#Write2earn