Head of Labs @ Momentum 6 | Tech Entrepreneur | Blockchain Investor | Car Enthusiast | Ask me about crypto and NFTs
Immutability is one of the features that attract people to blockchain technology. People who want to benefit from decentralization and unrestricted transfers are also pulled towards cryptocurrencies. However, cases of crypto theft are also rampant, and some have termed cryptocurrencies as ‘unsafe’.
Not too long ago, hackers stole cryptocurrencies worth $600m (£433m) in what has been described as the biggest crypto heist in history so far. In a statement sent out by Poly Network, the hackers exploited a smart contract vulnerability in its system and made away with the money. This is not the only isolated case, as individuals have also recently reported crypto theft from their wallets. To better understand how crypto theft occurs, we must analyze how public keys, private keys, and seed phrases work:
A Cryptocurrency wallet is like a home.
You have an address (the equivalent of a public key) that identifies your home. People can then send letters and postcards as long as they have your address.
A private key is equivalent to the key to your home. You will need this key to access what is in your home, the letters, and postcards received. Just as you protect the key to your home, you should also keep your wallet’s private key safe.
The seed phrase represents your private key, but it is represented in a readable format. The seed phrase is encrypted to ensure that you can easily retrieve your digital assets as long as you remember the seed phrase. The seed phrase is the key to your home and everything inside it.
Since you understand how crypto wallets work, it is time to point the different types of scams that may make you lose your digital coins:
Social media has been both a blessing and hell for some people. Con artists often use social media to swindle people off their funds. A perfect example is a con who posed as Elon Musk, and promised to double every BTC sent to a certain BTC address. It turned out that the hacker had hacked a verified Twitter account, changed the name to Elon Musk, and requested people to send money. Humans are wired to crave free things, and they ended up sending BTC in the hope of getting double (just for a 2x, ngmi). And unfortunately, they lost.
Phishing for keys
Such scams use psychological manipulation to gain access to vital information relating to user accounts. Phishing scams in the crypto space are very common, and the attackers are interested in private keys. The method works just like the standard scams. An email is usually sent with a link that asks the crypto users to add their private information, such as their private key. The scammers will then harvest the information and use it to drain the crypto wallets. Blackmail is another social engineering scam that works. The hackers will claim that they have information on the adult sites you have visited, and you must pay in Bitcoins, or else they release that data to your close contacts.
Fake websites with attractive rewards work like con artists on social media. Such sites will promise to double or even triple your money within a day, a week, or a month. All you have to do is stake your money, and they will pay you a certain commission as profit every day. A perfect example of such a scheme is when they promise to pay 1.5% profit every day. Some of these sites will also have a section where you are supposed to input your private key before you ‘claim’ the reward. This will leave your wallet exposed, and your coins subject to being exploited.
Humans are wired to crave free things. However, ensure that you conduct thorough research before you ‘claim’ that amazing offer you find on the internet. It is okay to claim airdrops. However, ensure that you avoid those sites that prompt you to input your private key.
Connecting a wallet simply means associating it with other applications. Connecting a wallet to an app or a website does not allow hackers to steal your funds. Connecting your wallet to a website will not allow hackers to view your private key and steal your funds. Connecting simply allows the website owners to view your wallet and it ends at that point.
Worries should arise when you grant a certain app or website to spend the coins in a wallet. Granting permission to an app or website means that your cryptos can be moved from the wallet without your involvement.
This is the process of revoking the permissions granted:
You can revoke the permissions you have granted to a protocol. There are many tools that you can use, but one of the most reliable is https://app.unrekt.net/. However, each revocation comes at a fee, and you can skip the headache of fees and revocations by sending all your coins to a new wallet.
You may come across a random token airdropped to your wallet. 99% of such tokens are scams. Never approve such a token as some will ask for your private key to make the tokens ‘available’. In some cases, approving or moving the token will simply allow the hackers to access your private key.
Ignore such tokens or send them to a burn address such as 0x000000000dead.
The security of your wallet is your responsibility. You should never disclose your private keys and seed phrases to anyone if you want your digital coins to be safe. Any app or website that prompts you to type in your private key should be ignored.
Also published on: https://medium.com/momentum6/shadowy-super-hackers-want-your-stacks-what-to-watch-out-for-d5c6184a97c4