One year stealing $500,000 in cryptocurrency hacker Daniel tells you how easy it is to steal coins
Cryptographic currency is difficult to track. In most cases, they are also unregulated and based on a decentralized blockchain network. This also means that stolen encrypted assets are basically impossible to find, which makes such assets the primary target of hackers.
Daniel is such a cryptocurrency hacker, Daniel is not his real name. In an interview, he explained how he stole $500,000 worth of crypto assets in just one year.
- Bloomberg: Blockchain IPO platform will be listed in June for the first company
- Bakkt plans to test upcoming Bitcoin futures products in July
- Opinion: BTC has no “intrinsic value” but it is still the best value storage medium
"But I only attacked about 20 people, so I am not particularly active."
Deceiving telecommunications companies is easy
When Daniel steals someone else's cryptocurrency, his main method is "SIM card swap scam." Daniel said it is easy to deceive a large telecommunications company. When the hacker calls the victim’s telecommunications company and falsely claims to be the victim, claiming that the SIM card has been lost, requesting that the victim’s phone number be transferred to the hacker-controlled phone number is the first step in the victim’s funds being stolen. .
Most of the customer service of large telecom companies should sign an agreement and conduct control checks to minimize the risk of such fraud, but Daniel said it is not difficult to convince the customer to transfer the phone number.
“There are many ways to convince customer service. For example, you can call to pretend to work at Tele2 (a Swedish telecom company) and ask them to transfer a number for you.”
So is Daniel very good at this?
"Yes, you can learn to disguise after a few calls."
Two-factor authentication? Not always useful
Once the number is transferred, the hacker will access the victim's Gmail or Outlook account, enter the victim's email address, and click "Forgot Password." The hacker then chooses to send the verification code to the victim's mobile number via voice—after all, the number has been controlled by the hacker. This is actually an extra feature that can help people with special needs such as visual impairments reset their account passwords.
In this way, two-factor authentication is also insignificant in the face of hackers.
"I think this is caused by carelessness. So much money is stolen in this way. But it still doesn't get enough attention, which is an advantage for us."
According to Daniel, he found the private key of the cryptocurrency multiple times in people's Gmail mailboxes. Some of these private keys are saved as drafts, and sometimes they also send the private key to themselves via email.
Once Daniel has obtained the private key, he can easily log in to a digital encryption wallet and steal all the cryptocurrencies inside. He said that he sometimes finds login information for different cryptocurrency exchanges, and then he logs in and steals the victim's assets.
So will hackers feel guilty about stealing someone else’s assets?
"You can't feel anything. You have never seen this person, and everything is anonymous, so you don't feel guilty."
He also said that he believes that if people do not better protect themselves, they can only blame themselves.
Telecommunications company's dereliction of duty
Several large telecom companies have previously claimed that they have developed an agreement to prevent user numbers from being hijacked. But Daniel said that most of the operators' customer service is easy to be deceived – this is the case with several telecommunications companies in the US, and Swedish telecommunications companies are no exception.
Trijo News has contacted large telecom companies in Sweden and the United States, but most companies have not responded. However, Sweden's Telenor responded by saying that SIM card exchange scams are very rare and have only happened in individual cases in recent years.
Gabriella Mathisson of Telenor Communications said:
“We have also introduced various measures to prevent this from happening, including some control issues, and the ability to call back from the number we want to transfer.”
So for Daniel, it’s easy to convince the customer to transfer the number. What does Mathisson say?
“We have a lot of agreements to prevent similar situations. We take all forms of fraud seriously and consider adding additional verification solutions when transferring numbers.”
How to protect yourself and protect assets?
Although it sounds easy to be hacked, it is not difficult to protect yourself. From a security perspective, the first thing may be to never keep your private key on your mailbox or computer. If the private key has any form of connection to the Internet, there is always a risk of theft.
Daniel believes that the best way to protect yourself is not to bind the phone number to the mailbox, but to use another multi-factor authentication, such as Google Authenticator. Daniel said this would make it difficult for hackers to get the user's cryptocurrency.
Author: Christian Ploog
Source (Buffalo): Babbitt Information (https://www.8btc.com/article/413307)
- Chain to 2013 – Looking back at the beginning of the blockchain business
- Opinion: Why is the cryptocurrency market about to usher in a “slow cow”?
- Behind the return of Bitcoin is human greed and fear?
- Myanmar central bank issues cryptocurrency trading warning
- How much does the encryption company have to entangle with the US SEC?
- China has begun testing its own digital currency for interbank transfers.
- Analysis of the madman market on May 20: Investment technology is the magic weapon to make money in the future