Reports from recent weeks detail that attackers are targeting two privacy coin projects, Monero and Zcash, raising concerns about the growing rate of security incidents involving blockchain networks. Such incidents, as well as repeated 51% attacks on the Ethereum Classic network or the breach of the Electrum wallet, suggest that criminals are becoming more sophisticated.
However, bad actors sometimes use less sophisticated methods and seem to get away with it. For example, the security breach that targeted Monero users emerged after scammers created a fake URL of the Mymonero Android app.
In a Reddit post urging users to ignore the fake link, the Monero developers claimed that this was the work of the “same group of scammers who have been targeting Myetherwallet since at least 2016”. According to these developers, “every time it’s reported (the fake Myetherwallet) and removed, they manage to recur.”
Explaining why they issued an alert, the XMR Core team believes it is “very likely that the app could be used to steal user funds” and thus urges users to “report the fake web address to Google. “.
Meanwhile, another privacy-focused encryption project Zcash appears to have been targeted even after the attackers created a false Twitter account, according to Tim Ismilyaev, CEO and founder of Mana Security.
According to Ismilyaev, “the account (which now boasts more than 6,000 followers) even publishes information about fake crypto distributions and contains Ethereum addresses for fundraising.”
Explaining why privacy coins are apparently being targeted now, the founder of Mana Security says for criminals, this is more logical than targeting larger coins.
“The main reason for this is the simplicity to reach the top 3 in the search results. It is more difficult to get the same places for Bitcoin and Ethereum,” explains Ismilyaev.
However, the CEO also blames the Google Play Store, which says it doesn’t “manually check every app update like Apple does for its store.”
As a result, the Google store “contains at least dozens of thousands of fake apps”. It costs less than $ 25 “for an attacker to post a new fake wallet” after “spending just a couple of days building the app.”
Attackers also appear to be targeting users who “don’t want to go through additional steps to verify wallets from multiple sources.” Security experts like Ismilyaev say that “before installing a new crypto wallet” it would be wise to “find references about that particular wallet on the Internet”.
Other steps new users can take to protect themselves include triple checking their wallets. “Developers usually post recommended wallets to use. Additionally, users can find specific wallet reviews on the Internet – all good wallets have a handful of youtube / blog reviews posted in 2018/2019,” says Ismalyaev.
Meanwhile, as law enforcement and cybersecurity tech companies advance in the arena of blockchain analysis and tracking, transactions on privacy-focused networks are likely to become traceable. Just recently, Ciphertrace claimed to have tools capable of tracking Monero transactions even though other experts doubt that claim.
Whatever the case may be, Ismilyaev urges cryptocurrency buyers not to take risks when acquiring coins like Monero.
“Buy cryptocurrencies in batches, to minimize the likelihood of buying stolen funds. Limit the first purchase of a cryptocurrency to $ 10 and withdraw the coin at any cryptocurrency exchange. If it works well, buy the rest of the coins.”
Despite Google Play’s alleged failure to report fake apps, the CEO says users can still check an app’s installs, ratings, and reviews for guidance.
“It is a good idea to only install apps with over 100,000 installs, more than four stars and more than 1,000 reviews,” says Ismaliyaev.
What do you think of these security breaches? Share your thoughts in the comments section below.
Image credits: Shutterstock, Pixabay, Wiki Commons
[ad_2]Source link