sb-as logo
Story image

Can we protect against cryptocurrency theft?

17 Apr 2020

Article by Yubico Asia Pacific & Japan director of solutions engineering, Alex Wilson.

The cryptocurrency market attracts a huge number of investors and everyone hopes to get the highest returns possible. Bitcoin has so far been the most successful virtual currency, but has seen its value rise and fall dramatically over the past few years. Price volatility has undoubtedly been one of the most significant challenges facing all cryptocurrencies, but the other is security.

Over the years, digital thieves have stolen millions of dollars worth of cryptocurrency from both exchanges and wallets. The problem is that once cryptocurrency is stolen, there is no refund like there is with a bank or credit card company, and governments offer no protection for users. For some, this makes cryptocurrency too risky of an investment. 

There is a very real vulnerability of cryptocurrency exchanges and bitcoin wallets when it comes to hacking attacks and theft: SIM swapping. Recent events have shown that millions of dollars worth of cryptocurrency can be lost with just one attack. The current state of SIM spoofing attacks, where a mobile phone number is taken over by an attacker, means that when a two-factor authentication (2FA) code is sent via SMS it can be intercepted by an attacker to access and steal vast sums of cryptocurrency. It’s a silent but oftentimes catastrophic attack and there is very little anyone can do about it.

Such sophisticated attacks are now a reality — bolstered by the increasing use and value of cryptocurrency accounts — and these highly reported thefts have stunned currency traders across the globe. In turn, it’s spawning an industry uptick in stronger two-factor authentication (2FA) methods.   

WebAuthn, the new W3C open standard for web authentication, is gaining particular traction within the cryptocurrency space — and for good reason. WebAuthn is supported by all major browsers and operating systems and depending on the options a service enables, it allows traders to add a biometric device or physical security key as an additional authentication method. Whereas a one-time code sent via phone or email could be easily intercepted by a remote attacker, a fingerprint (biometric) or security key must be physically present to permit a user to log in. 

Motivating traders to use WebAuthn isn’t difficult. The ability to foil SIM hijacking and other attacks that use fraudulent credentials are reason enough to select a fingerprint or security key as the preferred method of account protection. With these, credentials are much more difficult to forge. And if there needs to be further convincing, usability is unparalleled. Both biometrics and security keys are able to be self-registered, and only take seconds to log in.  

Given the lack of regulation and protection for cryptocurrency, it would seem a no brainer that cryptocurrency platforms employ WebAuthn to offer traders peace of mind with a simple and easy solution. 

Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More