 Microsoft has warned users to defend wallets against ‘cryware’. (Photo: Pixabay)
Microsoft has warned users to defend wallets against ‘cryware’. (Photo: Pixabay)These days cybercriminals are using different techniques to get hold of a user’s crypto wallets. Now, researchers at Microsoft are observing a new threat referred to as cryware. Cryware is an information stealer, a type of Trojan that collects data from non-custodial cryptocurrency wallets. These wallets are also known as hot wallets. Unlike custodial wallets, where users store their private keys— the equivalent of a password with a third-party like a crypto exchange, hot wallets are stored locally on one’s computer device which provides easier access to cryptographic keys needed to perform transactions.
According to Microsoft, attackers who gain access to hot wallet data can use it to quickly transfer the target’s cryptocurrencies to their own wallets. It should be noted that such theft is irreversible. Blockchain transactions are final even if they were made without a user’s consent or knowledge.
“Unlike credit cards and other financial transactions, there are currently no available mechanisms that could help reverse fraudulent cryptocurrency transactions or protect users from such,” Microsoft said in a blog post.
Cryware could cause a severe financial impact because transactions can’t be changed once they’re added to the blockchain. For instance, in 2021, a user posted about how he lost $78,000 worth of Ethereum after storing their wallet seed phrase in an insecure location. An attacker likely gained access to the target’s device and installed cryware that discovered the sensitive data. Once this data was compromised, the attacker emptied the targeted wallet.
The increasing popularity of cryptocurrency has also led to the emergence of cryware like Mars Stealer and RedLine Stealer. These threats aim to steal cryptocurrencies through wallet data theft, clipboard manipulation, phishing and scams, or even misleading smart contracts.
As cryptocurrency investing continues to become mainstream, users should be aware of the different ways attackers attempt to compromise hot wallets. Here’s what Microsoft suggests:
#Users should lock hot wallets when not actively trading. This feature in most wallet applications can prevent attackers from creating transactions without the user’s knowledge.
#When a user isn’t actively doing a transaction on a decentralized finance (DeFi) platform, a hot wallet’s disconnect feature ensures that the website or app won’t interact with the user’s wallet without their knowledge.
#Never store seed phrases on the device or cloud storage services. Instead, write them down on paper (or something equivalent) and properly secure them.
#When copying a wallet address for a transaction, double-check if the value of the address is indeed the one indicated on the wallet.
#Never share private keys or seed phrases. Under no circumstances will a third party or even the wallet app developers need these types of sensitive information.
#Use a hardware wallet unless it needs to be actively connected to a device. Hardware wallets store private keys offline.