The search volume for the term “bitcoin hack” is at an all time high on Google. Why might this be? Let’s have a look at what is going on in the bitcoin world. Recent events, what to look out for and how to avoid a bitcoin hack on your own accounts.
Nicehash – over $70 million stolen in bitcoin hack
Most of the publishers were writing about the unfortunate bitcoin hack on the 7th of December that occurred on the Nicehash platform. Let’s go over a few details that are known at this point.
Nicehash, a multi-mining pool for cryptocurrencies announced late last week that they had a security breach where roughly 4700 BTC was stolen from the site’s account.
NiceHash is a platform for mining various cryptocurrencies where you can get paid in bitcoin for your computing power. Their CEO Marko Kobal has said that they have paid out over $1 billion to their users since they started operating 4 years ago.
Since the bitcoin hack they have halted service and are working on getting the platform back and potentially reimbursing the users. It seems that the hackers entered their platform using the credentials of one of the company’s engineers. They have not announced whether the bitcoin was stolen from the users’ accounts as well at this point.
How to avoid a bitcoin hack?
As it seems that one of the NiceHash’s employees got their account details compromised, let’s have a look at a few ways we can prevent this from happening to ourselves. Cryptocurrencies are an amazing innovation, this tech can bring us many new opportunities however the safety of your money is in your hands. Bitcoin transactions are irreversible, this means if your account details are compromised and someone steals your bitcoin, there is no way of getting it back.
A bitcoin hack can happen in many different ways. For example:
A phishing attack is when a users are tried to be lured in by fraudsters to click on a link and enter their credentials. Normally the website, creatives and copy is identical to the original website so if you are not paying attention it can be hard to spot the difference. The domain can look very similar. For example someone might try to trick you to click on pafxul.com.
The website it redirects you to can look identical at first glance. If you’re more technically advanced you could find out if a site is legit or not by inspecting the code. Fraudulent sites tend to have many errors in them as most people don’t look and it’s makes more sense for fraudsters to just get the cloned site up and running, collecting unsuspecting users’ login details.
When you enter your details through their site, they’ve got you. They now have your username and password to log in to your site.
How to prevent this? Always have 2 factor authentication set up. For extra security you should use either a Google Authenticator or Authy app for this because 2-FA via text is also hackable. The fraudster can call up your phone provider and take over your sim.
We work hard taking down the phishing sites as soon as they are brought to our attention however there is no way to completely stop this. Hackers have also started messaging our users directly via Facebook messenger pretending to be from our support team. They use clever tricks like using our logo in their profile picture. If you see any suspicious emails or texts, please do let us know so we can have these sites removed as soon as possible.
We will never contact you asking for your username and password. Always log in directly at https://paxful.com not through any links from emails or texts.
This is a tactic that hackers use quite often. Gathering as much personal info about a person as possible and through that gain access to their accounts. People nowadays are so active and vocal on social media, sometimes sharing info that they shouldn’t be, this makes it easy for hackers to get enough info about a person to take over their accounts.
How to avoid this? Be vigilant about what you post on social media and online. Don’t share details of what bitcoin wallet you have or how much cryptocurrencies you own. We wrote about an incident where an account got hacked through a mobile sim takeover following a tweet by Cody Brown. The hacker took $8000 worth of bitcoin at the time and there was nothing Cody could do to stop it. If he had 2-FA set up through an app, he may have escaped this bitcoin hack.
How to keep your bitcoin safe
As bitcoin transactions are irreversible you need to keep in mind these few things.
Never share your passwords with anyone.
Set up 2-FA via an authenticator app
If holding large amounts of bitcoin, it is also recommended to either have it on a paper wallet in a safe place, hardware wallet or on a computer that has never been online.
We make it our mission to keep our platform as safe as possible, however when it comes to someone gaining access to your account by stealing your passwords and login details, there is not much we can do. Please always be suspicious of links and emails sent that appear to be from us and always have 2 factor authentication set up both for logging in and sending bitcoin out from your wallet. Set up 2-FA now