The 5 Main Types of Crypto Attacks

Hackers use these methods to extract information from users, break into their wallets and steal their cryptocurrency. Although the end goal is almost always to steal your cryptocurrency, the methods used and the ways to protect against them are different-so it’s good to be familiar with them all.

 

1. Dusting

One of the key tenets and security features of cryptocurrency is anonymity. Anonymity helps to keep cryptocurrency users safe from hackers that target them through their email address, phone number or physical address. Dusting is a subversive method used by attackers to try and trick people into ‘deanonymizing’ their crypto wallets.

How it works

A hacker will typically send a small amount of cryptocurrency (dust) to the target’s wallet. In many cases, the target may not even realise that they have received anything because the amount is so small it goes unnoticed. However, this transaction gives the hacker an address to track that could eventually deanonymize the user. 

In practice, a hacker would send tiny amounts of BTC to a wide range of wallet addresses and then track the activity of those addresses on the blockchain. By tracking and combining the movement of funds between multiple wallets, the hacker may be able to figure out the identity of a user via a connection to their bank, company or exchange.

 

2. Ransomware

Ransomeware is a type of malware that attempts to scare the victim into paying a ransom using cryptocurrency. Typically, the hacker threatens to leak sensitive or embarrassing information about the target that they have acquired, but more often than not, no such information exists. In more serious cases, the hacker takes control of the target's computer or data, denying them access until payment is made.

How it works

The malware used to instigate a ransomware attack is installed on the user's computer either through a phishing attack, an infected website or compromised software. Once inside, it activates, locking out the user or threatening them with stolen data. 

To avoid ransomware attacks, always use up-to-date antivirus software and avoid unverified software or suspicious websites. Never click links or download software that you don’t recognize.

 

3. Phishing

Phishing is the term used to describe how hackers gather personal information such as usernames, passwords or seed phrases and then use this information to steal funds. To achieve this, the hackers usually pretend to be someone familiar to the target, such as a bank representative, fellow employee, or a customer support agent from a platform they use. 

How it works

The scam is perpetrated in several ways, most commonly via email, phone (vishing), or via a fake website or app. A target will receive a very realistic-looking email that either asks them for personal information or directs them to a fake but familiar website where they unknowingly hand over their password. Once the hackers have the login details, the target's funds are drained.

To protect yourself against phishing scams, you must exercise extreme caution when responding or clicking on links in emails or text messages. Always check to ensure the message comes from a genuine source and never click a link unless you are 100% sure it's safe. It's best practice to bookmark an address you commonly use and always use that bookmark to access the site. The use of 2-factor authentication (2FA) like Google Authenticator is a great way to protect against phishing because even if the hacker gets your password, they still can’t log in to your account.

 

4. Cryptojacking

This form of attack involves sneaking crypto mining software onto a target’s computer, with the intention of using their resources to mine cryptocurrency and send it back to the attacker's wallet. Although it is a relatively harmless attack in terms of the security of funds, it can cause severe annoyance to the target and result in additional electricity costs.

How it works

Cryptojacking malware is installed on a target’s computer through phishing emails, corrupted software or infected apps or websites. The software runs secretly in the background and is very hard to spot, and will usually relaunch automatically even after a reboot.

As with other attacks, always check the URL you are using is correct and never click any links until you’ve verified the source is genuine. Make sure you are using decent antivirus software and it’s up-to-date. If your computer suddenly starts running very slowly for no reason, chances are you’re a victim of cryptojacking.

 

5. Address Poisoning

This relatively new form of attack tricks a user into sending cryptocurrency to the wrong address by manipulating the common method of recognizing only the beginning and end of wallet addresses. 

How it works

Because addresses are so long and complicated, users typically just look at the first few and last few characters when copying an address to make a repeat transaction. Address poisoners generate similar addresses with the same leading and ending characters and then slip the address into the user's transaction history by sending them tiny amounts of crypto.

The hope is that if done to enough people, someone will eventually copy the poisoned address and send their cryptocurrency to it instead of the correct address.

To avoid address poisoning, always be sure to check your address fully and never copy them from your transaction history.