sb-au logo
Story image

Can we protect against cryptocurrency theft?

17 Apr 2020

Article by Yubico Asia Pacific & Japan director of solutions engineering, Alex Wilson.

The cryptocurrency market attracts a huge number of investors and everyone hopes to get the highest returns possible. Bitcoin has so far been the most successful virtual currency, but has seen its value rise and fall dramatically over the past few years. Price volatility has undoubtedly been one of the most significant challenges facing all cryptocurrencies, but the other is security.

Over the years, digital thieves have stolen millions of dollars worth of cryptocurrency from both exchanges and wallets. The problem is that once cryptocurrency is stolen, there is no refund like there is with a bank or credit card company, and governments offer no protection for users. For some, this makes cryptocurrency too risky of an investment. 

There is a very real vulnerability of cryptocurrency exchanges and bitcoin wallets when it comes to hacking attacks and theft: SIM swapping. Recent events have shown that millions of dollars worth of cryptocurrency can be lost with just one attack. The current state of SIM spoofing attacks, where a mobile phone number is taken over by an attacker, means that when a two-factor authentication (2FA) code is sent via SMS it can be intercepted by an attacker to access and steal vast sums of cryptocurrency. It’s a silent but oftentimes catastrophic attack and there is very little anyone can do about it.

Such sophisticated attacks are now a reality — bolstered by the increasing use and value of cryptocurrency accounts — and these highly reported thefts have stunned currency traders across the globe. In turn, it’s spawning an industry uptick in stronger two-factor authentication (2FA) methods.   

WebAuthn, the new W3C open standard for web authentication, is gaining particular traction within the cryptocurrency space — and for good reason. WebAuthn is supported by all major browsers and operating systems and depending on the options a service enables, it allows traders to add a biometric device or physical security key as an additional authentication method. Whereas a one-time code sent via phone or email could be easily intercepted by a remote attacker, a fingerprint (biometric) or security key must be physically present to permit a user to log in. 

Motivating traders to use WebAuthn isn’t difficult. The ability to foil SIM hijacking and other attacks that use fraudulent credentials are reason enough to select a fingerprint or security key as the preferred method of account protection. With these, credentials are much more difficult to forge. And if there needs to be further convincing, usability is unparalleled. Both biometrics and security keys are able to be self-registered, and only take seconds to log in.  

Given the lack of regulation and protection for cryptocurrency, it would seem a no brainer that cryptocurrency platforms employ WebAuthn to offer traders peace of mind with a simple and easy solution. 
 

Story image
Video: 10 Minute IT Jam – Who is ExtraHop?
In this interview, we speak with ExtraHop's A/NZ regional sales manager, Glen Maloney.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Link image
Gartner report: Why SD-WAN is becoming the de-facto option
Network service providers are increasingly challenged by established and new competition in the overlay SD-WAN management as well as in the underlay WAN transport, the report says.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More