Five steps that end-users can take to protect themselves against cryptocurrency losses
There has been quite a bit of chatter around cryptocurrencies and non-fungible tokens (NFTs) of late. As with most topics these days, some of that chatter has been around the topic of security. Specifically, there seems to be quite a bit of interest around how attackers and fraudsters can compromise cryptocurrencies and NFTs. In particular, one topic of keen interest is how attackers and fraudsters can profit from illicit or fraudulent activities around cryptocurrencies. I would like to take a look at that along with the security of cryptocurrencies in this piece.
I should preface all of this by noting the obvious – I am no expert in cryptocurrencies. That being said, when I look at threats to cryptocurrencies, I see a case of what’s old is new again. What do I mean by that? While there is always the possibility that a cryptocurrency itself will be compromised, that is not likely to be where we will see the vast majority of fraud loss and theft. Why is that? Attackers and fraudsters are opportunistic and coin-operated. If they can easily make money targeting weaker links than the cryptocurrencies themselves, they will do so.
To understand this concept a bit better, let’s draw a lesson from the traditional financial world. Most of us are customers of one or more credit card issuers. While card issuers themselves are compromised from time to time, the vast majority of fraud loss comes from compromising end-user devices (e.g., with banking trojans) used to make purchases, compromising card processors, and/or compromising Point-of-Sale terminals (e.g., cash registers). In other words, attackers and fraudsters know that they can make far more money in far less time by going after the end-user, the intermediary, and/or the merchant than they can going after the card issuers.
So how does this translate to the cryptocurrency world? Well, rather than go after the cryptocurrencies themselves, attackers and fraudsters have gone after and will likely continue to go after the end-users and the intermediaries just as they do in the traditional financial world. For cryptocurrencies, this means digital wallets (the end-users’ means of accessing their cryptocurrencies) and exchanges (where cryptocurrencies are bought and sold). To put it another way, although the medium is different, the strategy remains the same. Go after the weakest links – not the cryptocurrencies themselves.
What’s old is indeed new again. If we look over cryptocurrency thefts that have occurred in the recent past, we see that the end-users (specifically their access to the digital wallet) and the intermediaries (the exchanges) are by and large the targets of attackers and fraudsters. Not surprising in the least.
Given this, what are some steps that end-users can take to protect themselves against cryptocurrency losses? While not an exhaustive list, here are five steps end-users can take to protect themselves:
1. Use MFA: Wherever possible, enable multi-factor authentication (MFA). Stolen credentials abound on the darkweb, and some of those credentials likely belong to you. Requiring one or more factors in addition to a username and password can help reduce the risk of attackers and fraudsters gaining unauthorized access to your accounts.
2. Use known, reputable exchanges: Cryptocurrencies are not regulated like national currencies. This includes the exchanges used to buy and sell cryptocurrencies. Thus, it is best to be cautious when choosing an exchange. Choose a reputable, reliable, and respected exchange, preferably one that clearly and openly outlines its security measures.
3. Choose your cryptocurrency wisely: There are many different types of cryptocurrencies, and not all cryptocurrencies are created equal. Each has differing levels of security. Should you choose to purchase cryptocurrency, be sure to invest in one that is reputable.
4. Beware of social engineering: Phishing and other scams are a great way for attackers and fraudsters to steal credentials. Those credentials give them access to what they are after. The easiest way to gain access to the cryptocurrencies of others is to flat out ask them for the usernames and passwords to the resources that hold those assets. Don’t fall victim to it.
5. Guard your wallet: The end-user is likely the weakest link in the cryptocurrency chain. As such, access to the end-user digital wallet is exactly the type of target attackers and fraudsters eagerly pursue. Take steps with your digital wallet provider to ensure that you’ve leveraged their ability to help you lock down your account.
Although cryptocurrencies are relatively new, the strategies used by attackers and fraudsters to profit from them don’t appear to be. By understanding that end-users and intermediaries, rather than the cryptocurrencies themselves are the most likely targets for theft and fraud, end-users can take steps to protect themselves. The time invested in considering the points above and others is sure to pay dividends and help avoid fraud loss.
Related: North Korean Hackers Stole $400 Million Worth of Cryptocurrency in 2021

Joshua Goldfarb (Twitter: @ananalytical) is currently a Fraud Solutions Architect - EMEA and APCJ at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.
More from Joshua Goldfarb
- Staying on Topic in an Off Topic World
- Managing and Securing Distributed Cloud Environments
- 10 Steps to Help Secure Your APIs
- Stay Focused on What’s Important
- External Signs of Narcissism – Raising Awareness to Avoid Collateral Damage
- What Makes an Effective Anti-Bot Solution?
- Application Security Protection for the Masses
- Secrets to a Good Security Webinar or Conference Presentation
Latest News
- MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Tor-Based Drug Marketplace Piilopuoti Shut Down by Law Enforcement
- Staying on Topic in an Off Topic World
- Discern Security Emerges From Stealth Mode With $3 Million in Funding
- DHS Publishes New Recommendations on Cyber Incident Reporting
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
- GitLab Patches Critical Pipeline Execution Vulnerability
