Phishing: How to protect cryptocurrencies and NFTs?

Phishing is not only a problem for investors who have bet on Bitcoin or other cryptocurrencies. More generally, criminals are targeting sensitive data. Companies as well as consumers are constantly affected by this. Sometimes it turns out that a successful phishing attempt could often have been averted if the victims had followed certain rules. It is not necessary to follow a complex set of rules at all, but only a handful of guidelines.

Was ist Phishing? Warum sind Kryptowährungen für die Täter besonders interessant und wie kann man seine Kryptos schützen? Diese Fragen wollen wir in dem vorliegenden Artikel für unsere Leser beantworten und aufzeigen, was zu tun ist, wenn man bereits Opfer von Phishing geworden ist.

What is phishing and how does it work?

The generic term "phishing" covers a number of methods used to steal data. The term itself is an artificial word made up of the English words "password" and "fishing". The idea is to fish for access data, which the perpetrators then misuse for other crimes.

Typical targets for the perpetrators fall into the following categories, which prove to be extremely lucrative for them:

• Login credentials: These are passwords and the corresponding email addresses of user accounts from a wide variety of platforms. Even if the accounts seem insignificant, the data is still valuable because many users use the same password over and over again. So if the perpetrators have access to a password and can associate an email address with it, this automatically creates new targets for them. In addition, there is a vibrant trade in the darknet with entire lists full of access data that promise criminals added value.
• Credit card numbers: This involves the actual credit card number and the three- to four-digit verification number on the back of the card. In addition to the possibility of misusing the card itself, there are also digital black markets for this data, where it can be offered for sale.
• Cryptocurrency: The perpetrators aim to gain access to the user's wallet. There are a number of different methods that tempt users to disclose their seed or private keys. Also popular are fake websites that prompt to make a transaction with the browser wallet, but after the user confirms it, it is used to steal crypto. Alternatively, criminals obtain access to exchange accounts such as Binance, Kraken or Coinbase. Although these cases belong to the category of access data, the focus here is mostly on looting the victims' exchange accounts.

The actual methods used to obtain the above-mentioned data differ drastically in individual cases. Extremely popular are spam emails that either redirect to malicious websites or send a file attachment with malware. Although many providers now have excellent filters and most users do not even see such e-mails, the perpetrators always manage to find a loophole. In these e-mails, the senders usually feign an urgent need for action. Sometimes the user is asked to act quickly because otherwise he will lose money, sometimes it is suggested that money is to be received but that something must be done first. The layout of the e-mails can be bungling, but also extremely convincing. Thus, such emails cannot always be recognized at first glance and can easily be mistaken for those of real companies.

Alternatively, the perpetrators promote fake websites via social media, where they create accounts that often resemble those of famous public figures. There, they write to other users or comment on posts. In doing so, they usually invite people to participate in a sweepstakes or pretend to give away cryptocurrencies.

What these methods have in common is that users end up revealing sensitive data because they believe that they are legitimate requests or websites.

Why is phishing so lucrative?

From the perpetrators' perspective, these are different target markets where they can become active and earn certain margins. The trade-in data may lead them to try to send masses of spam emails, for example. In this case, it is only worthwhile if they can sell as much high-quality access data as possible. In this context, the global black market is gigantic. The German Federal Office for Information Security estimates the damage through phishingin Germany alone in the double-digit millions per year.

Auf Kryptowährungen bezogen sieht die Situation jedoch komplexer aus, denn hier versuchen sich die Täter unmittelbar zu bereichern. Schließlich können sie darauf hoffen, die gestohlenen Kryptos direkt verwerten zu können. Zusätzlich besteht die Möglichkeit, dass sie einen Glückstreffer landen und besonders reiche Opfer finden. So gelang es unbekannte Hacker im Juni 2022 aus ungeklärten Gründen, den Discord-Account des Community-Managers von Yuga Labs zu übernehmen. Danach nutzten sie ihn, um innerhalb der BAYC-Community ein Gewinnspiel vorzutäuschen. Neben 32 NFTs aus den Sammlungen des Bored Ape Yacht Club und Otherworld, wurden außerdem 145 Ethereum gestohlen. Nur wenige Monate zuvor hatten Kriminelle den Instagram-Account des BAYC übernommen und einen Schaden von rund 3 Millionen Dollar angerichtet.

This reveals that, depending on the chosen target, the perpetrators use different methods, target users more purposefully, and take more time for elaborate preparations before commiting the crime.

How can I protect my cryptocurrencies from phishing?

Cryptocurrencies can be protected by using a hardware wallet. The device manages the private keys and always keeps them separate from vulnerable computer systems. An attacker would need physical access to the hardware wallet, which therefore makes all remote attacks impossible.

However, phishing involves several other aspects, because as the example explained above shows, the perpetrators aim to lure users into a trap. The victims voluntarily agree to the transfer, which can ultimately also happen when using a hardware wallet. In order not to give the perpetrators a chance, a number of security standards should be adhered to, which reduce the attack surface for criminals:

• Secure Passwords: Preferably, you use a password manager, which makes it much easier to randomly assign and store a new password for each application or service. Here we recommend KeePass or Bitwarden as free and open source options.
• Two-factor authentication: Most crypto exchanges have made it standard anyway. Nevertheless, it should be used everywhere if it is available. The password manager can help here as well, because it allows to secure the recovery data in case the designated 2-FA device is lost.
• Use different wallets: It is recommended to use a separate wallet for DeFi applications and NFTs. Only cryptocurrencies and other digital assets that are directly needed for interaction should be stored there. All other assets belong on a hardware wallet or directly on cold storage.
• Don't enter your seedThe mnemonic phrase, commonly called the seed, is the master key to any wallet. Therefore, all prompts should be cancelled immediately. It is never necessary to disclose the seed of a wallet to a website or third party!
• Check URLs and certificates: Even well-made forgeries of websites are quickly discovered when checking the SSL certificate and viewing the URL. In this context, links from external sources should not be accessed in connection with cryptocurrencies. This is where the criminals plant the fake links on the victims. It is best to bookmark crypto exchanges or DeFi applications in the browser.
• Block strangers: Phishing is also initiated by comments on social media or direct messages. This is very similar to the so-called romance scam. If in doubt, cancel the contact and block and report the user in question.

Cryptocurrencies stolen through phishing: How to get your money back

The first step to get your money back is to start an investigation. Crypto-Tracing specializes in using blockchain forensics to track down the perpetrators, contacting law enforcement agencies as well as exchanges, and arranging help from a lawyer in legal matters. The measures taken make it difficult for the perpetrators to hide behind the supposed anonymity of the Internet and cryptocurrencies.

Every hacker leaves traces and the blockchain, figuratively speaking, never forgets. This allows us to create a basis for identifying recipients and demanding the return of stolen cryptocurrencies by legal means.

You are welcome to describe your individual case to us via our contact form. We will get in touch with you promptly and will be happy to give you an initial assessment and explain what measures can be taken next.