Crypto Malware: How Hackers Steal Your Funds
Unfortunately, the cryptocurrency world is full of malicious scammers just waiting for an opportunity to steal cryptocurrency from you. The worst of all of these is malware scammers, who develop advanced applications and tools that will steal from you without you knowing.
Cryptocurrency malware is easy to accidentally download on your phone or computer, and your account can be drained in a matter of seconds. Read on to learn about crypto malware and how you can best protect your investment.
Wallet Drainers
In the malware world, wallet drainers are perhaps the most dangerous because, you guessed it, they can drain your entire balance before you even know what happened.
Wallet drainers are advanced malware that requires the victim to either click a link or download something. Although you might think this makes things more difficult, it is actually very easy to get individuals to click a link or execute a transaction that they are able to clone and use to siphon the entire account.
Malicious actors generally start with social engineering, convincing individuals to donate crypto or to visit their fake website. Either way, once the individual is there and completes a single transaction or shares their wallet information, the scam is done, and the wallet draining begins. In one instance, a man agreed to donate a single NFT, only for his account to be drained of all of his NFTs instead.
To make matters worse, perpetrators often use stolen accounts to execute their crimes, often relying on their ability to act (by posting a link to the wallet drainer) before the original account owner notices.
To avoid wallet drainers, we recommend never clicking any links you see, even if it’s on social media. Instead, go directly to the website (by typing in the search bar) of that token and see if the same offer is available there; if it’s not, it may be a scam.
Keyloggers
Keyloggers aren’t new, and they aren’t specific to crypto. Keyloggers have been around since the advent of the internet, hoping to steal private information from anyone who is willing to download them.
Keyloggers record keystrokes, meaning anytime you log into a website, whether that’s your bank, crypto wallet, or something else, the malicious app tracks what you type and sends them to the malicious actor.
The good thing about keyloggers is that they require a download, and typically, time from the malicious actor as they wait for you to log into accounts worth robbing. Unfortunately, this means that many malicious actors are moving away from this method of robbery because it isn’t as efficient as the others on this list.
Still, you should take steps to ensure you are never the victim of a keylogger scam. The best way is by using anti-virus software, though some online companies offering this software “for free” are malware themselves. Instead, we recommend using a password manager and 2 factor authentication to ensure that even if you accidentally download a keylogger, that it will only provide worthless information.
Malicious Smart Contracts
Now this is a malware which is unique to cryptocurrency, because fiat money does not run on smart contracts like cryptocurrency does. Similar to wallet drainers, once you input your wallet information into a malicious smart contract, it’s too late, the contract will execute and drain your funds.
Malicious smart contracts, unfortunately, often parade as real cryptocurrency projects, offering participants a chance to stake their tokens if they sign up for it. It is during this sign-up process that the damage is done, as once the smart contract has the user’s information, it will drain their wallet, often transferring the funds to the malicious actor’s wallet.
This is the hardest crypto malware to avoid in our opinion, as it is a concern anytime to consider supporting an ICO—and it can be hard to know without extensive coding knowledge you can use to check the smart contracts code, if you even have access. The only way to avoid malicious smart contracts is to invest only in known cryptocurrencies, or those that are publicly audited by a company you know and trust, which is rare in the crypto world.
Clippers
Clippers are malware that can affect anyone, even those who don’t purchase cryptocurrency. Clippers are a malware similar to keyloggers, and they hide out in your computer waiting for you to copy something worth replacing. For example, if you copy your wallet address to send to someone, they will replace it with their own address so the money is routed to their account instead.
Because Clippers are installed with malware, the best way to defend against them is by never clicking on malicious links or downloading apps you don’t trust to your computer. You should also consider running malware protection or a firewall, but as we mentioned previously, ensure you are using a reputable company, as fake companies often offer Clippers disguised as anti-virus software.
Cryptojackers
Cryptojackers are perhaps the most well-known scam in the cryptocurrency world, but surprisingly, they are far more rare. This is because while they do provide a benefit to the scammer convincing you to install them (they mine cryptocurrency on your computer) they are easy to spot and often shut down quickly.
Cryptojackers will cause your computer to run slowly and crash frequently, thus many individuals know something is wrong early on and are able to have their computer wiped and stop the attack. Additionally, cryptojacking merely uses your private resources—it doesn’t steal from your wallet like the other malware on this list.
The most damaging aspect of cryptojackers is actually when you get your power bill—it will be higher than anticipated and cost you money out of pocket. But, as we mentioned above, cryptojackers are usually easy to spot, so if you notice your computer running slowly and a spike in your energy bill, it’s time to wipe your computer and kick the cryptojacker out.
Remember, above all else, never click to download an app you don’t trust, as this is how these malicious actors gain access to your device in the first place.
