Problems and risks of cryptocurrency
The author of the article is Alexey Malanov, an expert in the development of anti-virus technologies at Kaspersky Lab.
By and large, cryptocurrency is the same electronic money as any WebMoney or Yandex.Money. And this means that the common problems characteristic of electronic payment systems are also peculiar to them.
')
However, the specific principles by which cryptocurrencies operate sometimes make the occurrence of these problems more likely, and the consequences more unpleasant. In addition, these same special principles define a number of risks that are unique to cryptocurrencies.
Let's start with the problems of simple and familiar, for example, with the banal theft. Let's say you transfer money to a friend. Copied the address of his wallet, and the Trojan on the clipboard replaced this address with his own . Not every user remains alert and rechecks the address after copying. Especially if this address looks like a set of more or less random characters.
Or, for example, phishing. As in the case of the usual electronic money, the user can be tricked into enticing a fake website, on which the user will download the wallet and enter the password.
Of course, similar troubles can also be expected to the user of a traditional bank or payment system. However, in the case of the traditional system there is always a rather big chance to cancel the transfer. In the case of cryptocurrency, you can only write a complaint to Sportloto. What got into the blockchain remains in the blockchain.
In addition, even the real payment portal with the correct address can cause loss of money. In June 2017, the most popular cryptocurrency wallet for Ethereum Classic, located at the original address https://classicetherwallet.com , suddenly began to steal money from users' wallets .
Hackers have applied social engineering methods and convinced the hosting provider that they are the real owners of the domain. Having access, they began to intervene in financial flows.
Fortunately, hackers used a non-optimal strategy - they immediately replaced the recipient of money, so they quickly “slept” and managed to steal only $ 300,000 in a few hours. If they had collected wallets and left for later, they would have gone unnoticed much longer — and the damage would certainly have been much greater.
In fairness, the same can happen with a classic financial service. For example, this year in Brazil, hackers managed to steal a whole bank at once .
These were the standard problems of electronic money, but, as mentioned above, cryptocurrencies add their own to them. For example, there is a risk that is very specific to cryptocurrency - the loss of money due to an error in the address to which the transfer is made.
For example, in the case of Ethereum, the last digit of the address was not copied - and the money went nowhere. Or, on the contrary, they flew where it was necessary, but instead of the amount that you were going to transfer, suddenly transferred to 256 times more .
In the case of Bitcoin addresses, such an error is excluded - there is a built-in verification of address validity in this system. But there you can just accidentally send someone money, say, 800 bitcoins (about 3.2 million dollars at the rate of September 28, 2017). Or accidentally pay a commission of 80 bitcoins (about $ 320,000). In fairness, it is unlikely to be so wrong with the popular Bitcoin client. Probably used something self-made.
There is still a risk to take a loan on the security of an apartment and invest all the money in bitcoins. But here it’s not a cryptocurrency. Risk is common for investments .
Another typical problem for cryptocurrency is the loss or theft of a wallet. Most users store files of their cryptocurrency wallets on their computers. So, they can be stolen with the help of malware , or they may disappear due to a hard drive failure.
Therefore, the most advanced users write a copy of the secret key on a piece of paper and order hardware USB-wallets. But the share of such users is small.
In the case of "centralized" electronic money at the moment the situation is radically better. Few internet banks do not require mandatory two-factor authentication and transaction confirmation via SMS with one-time passwords. And if we are talking about legal entities or large amounts, then the use of USB-token is obligatory.
In 2017, among holders of cryptocurrency has become especially popular to invest in various projects, usually associated with the blockchain or cryptocurrency. This fundraising is called ICO - Initial Coin Offering.
About how this all happens, what the Ethereum network is and how smart contracts work , we have a separate post, so let's not repeat the technical details here. The fact is that the use of cryptocurrency has simplified the process of collecting money to disgrace. For 2017, over $ 1.5 billion has already been raised through ICO. Little is heard about successful projects, but investors are not losing optimism.
What is the problem? The problem is that the cryptocurrency market is not regulated at all, there are no risk assessment mechanisms, and the return on investment is not guaranteed by anyone and nothing but the honest word of the author of the next project.
By and large, the fact that someone has an idea does not mean at all that the idea is good and realizable, that the resulting product will actually be profitable, that the author will really spend money on implementation, and not on the director’s salary (himself). In the end, he can simply run away with the money, because in the cryptocurrency market it is not so easy to track down and de-anonymize the payee.
But it happens that the scheme of withdrawing money is even easier. Typically, an ICO fundraiser opens at the agreed time and closes when the required amount is collected. Address collection posted on the project site at the time of opening, although this practice seems to us completely unfounded.
When conducting one ICO, the hacker got access to the project site and at the very moment of opening the fees, he changed the address to his own . Literally in an hour, 2000 participants donated $ 8 million. After that, the address was marked as false. But even this did not stop the eager to invest - many continued to transfer money to the same fake address. During the day, accumulated another 2 million dollars.
To summarize what is written and give some basic tips.
1. Always check the address of the web wallet, do not click on links that lure you into an online bank or a web wallet.
2. Recheck the recipient's address (at least the first and last characters), the amount sent and the amount of the commission before sending.
3. Write down the mnemonic phrase, with the help of which you can restore the cryptographic cards in case you lose it or forget the password.
4. When cryptoinvestment, keep a sober head and make informed decisions, do not panic, do not rush.
5. Do not invest more than you are willing to lose. Diversify your investments.
6. Use hardware wallets cryptocurrency.
7. Use high-quality anti-virus protection.
By and large, cryptocurrency is the same electronic money as any WebMoney or Yandex.Money. And this means that the common problems characteristic of electronic payment systems are also peculiar to them.
')
However, the specific principles by which cryptocurrencies operate sometimes make the occurrence of these problems more likely, and the consequences more unpleasant. In addition, these same special principles define a number of risks that are unique to cryptocurrencies.
Payment details substitution and phishing
Let's start with the problems of simple and familiar, for example, with the banal theft. Let's say you transfer money to a friend. Copied the address of his wallet, and the Trojan on the clipboard replaced this address with his own . Not every user remains alert and rechecks the address after copying. Especially if this address looks like a set of more or less random characters.
Or, for example, phishing. As in the case of the usual electronic money, the user can be tricked into enticing a fake website, on which the user will download the wallet and enter the password.
Of course, similar troubles can also be expected to the user of a traditional bank or payment system. However, in the case of the traditional system there is always a rather big chance to cancel the transfer. In the case of cryptocurrency, you can only write a complaint to Sportloto. What got into the blockchain remains in the blockchain.
Hacking payment portal
In addition, even the real payment portal with the correct address can cause loss of money. In June 2017, the most popular cryptocurrency wallet for Ethereum Classic, located at the original address https://classicetherwallet.com , suddenly began to steal money from users' wallets .
Hackers have applied social engineering methods and convinced the hosting provider that they are the real owners of the domain. Having access, they began to intervene in financial flows.
Fortunately, hackers used a non-optimal strategy - they immediately replaced the recipient of money, so they quickly “slept” and managed to steal only $ 300,000 in a few hours. If they had collected wallets and left for later, they would have gone unnoticed much longer — and the damage would certainly have been much greater.
In fairness, the same can happen with a classic financial service. For example, this year in Brazil, hackers managed to steal a whole bank at once .
The error in the address of the recipient
These were the standard problems of electronic money, but, as mentioned above, cryptocurrencies add their own to them. For example, there is a risk that is very specific to cryptocurrency - the loss of money due to an error in the address to which the transfer is made.
For example, in the case of Ethereum, the last digit of the address was not copied - and the money went nowhere. Or, on the contrary, they flew where it was necessary, but instead of the amount that you were going to transfer, suddenly transferred to 256 times more .
In the case of Bitcoin addresses, such an error is excluded - there is a built-in verification of address validity in this system. But there you can just accidentally send someone money, say, 800 bitcoins (about 3.2 million dollars at the rate of September 28, 2017). Or accidentally pay a commission of 80 bitcoins (about $ 320,000). In fairness, it is unlikely to be so wrong with the popular Bitcoin client. Probably used something self-made.
There is still a risk to take a loan on the security of an apartment and invest all the money in bitcoins. But here it’s not a cryptocurrency. Risk is common for investments .
Loss of a wallet file
Another typical problem for cryptocurrency is the loss or theft of a wallet. Most users store files of their cryptocurrency wallets on their computers. So, they can be stolen with the help of malware , or they may disappear due to a hard drive failure.
Therefore, the most advanced users write a copy of the secret key on a piece of paper and order hardware USB-wallets. But the share of such users is small.
In the case of "centralized" electronic money at the moment the situation is radically better. Few internet banks do not require mandatory two-factor authentication and transaction confirmation via SMS with one-time passwords. And if we are talking about legal entities or large amounts, then the use of USB-token is obligatory.
Unreliable ICO
In 2017, among holders of cryptocurrency has become especially popular to invest in various projects, usually associated with the blockchain or cryptocurrency. This fundraising is called ICO - Initial Coin Offering.
About how this all happens, what the Ethereum network is and how smart contracts work , we have a separate post, so let's not repeat the technical details here. The fact is that the use of cryptocurrency has simplified the process of collecting money to disgrace. For 2017, over $ 1.5 billion has already been raised through ICO. Little is heard about successful projects, but investors are not losing optimism.
What is the problem? The problem is that the cryptocurrency market is not regulated at all, there are no risk assessment mechanisms, and the return on investment is not guaranteed by anyone and nothing but the honest word of the author of the next project.
By and large, the fact that someone has an idea does not mean at all that the idea is good and realizable, that the resulting product will actually be profitable, that the author will really spend money on implementation, and not on the director’s salary (himself). In the end, he can simply run away with the money, because in the cryptocurrency market it is not so easy to track down and de-anonymize the payee.
Substitution of the recipient's address
But it happens that the scheme of withdrawing money is even easier. Typically, an ICO fundraiser opens at the agreed time and closes when the required amount is collected. Address collection posted on the project site at the time of opening, although this practice seems to us completely unfounded.
When conducting one ICO, the hacker got access to the project site and at the very moment of opening the fees, he changed the address to his own . Literally in an hour, 2000 participants donated $ 8 million. After that, the address was marked as false. But even this did not stop the eager to invest - many continued to transfer money to the same fake address. During the day, accumulated another 2 million dollars.
Tips for cryptocurrency holders and cryptoinvestors
To summarize what is written and give some basic tips.
1. Always check the address of the web wallet, do not click on links that lure you into an online bank or a web wallet.
2. Recheck the recipient's address (at least the first and last characters), the amount sent and the amount of the commission before sending.
3. Write down the mnemonic phrase, with the help of which you can restore the cryptographic cards in case you lose it or forget the password.
4. When cryptoinvestment, keep a sober head and make informed decisions, do not panic, do not rush.
5. Do not invest more than you are willing to lose. Diversify your investments.
6. Use hardware wallets cryptocurrency.
7. Use high-quality anti-virus protection.
Source: https://habr.com/ru/post/341552/
All Articles