- Liz Lindsay
Keyloggers are a threat to Cryptocurrency
Cryptocurrency adoption has risen by close to 900 percent in the past year, making it an attractive target to hackers. The US Federal Trade Commission reported account holders lost more than $80 million in cryptocurrency-related scams between October 2020 and March 2021. As technology advances, so does the threat of cybercrime. Passwords can be easily compromised, either through tricking the victim into divulging their login credentials in a phishing scam, via a keylogger, which is malware that steals everything you type or by purchasing credential pairs that are readily available on the dark web.
Since most cryptocurrency platforms ask users to key in their password and set up two-factor authentication, this information can be silently harvested by the keylogger and sent back to the malicious hacker. The majority of users keep their cryptocurrency on an exchange like CoinBase, Kraken, or others. An exchange is no different than any other website. Your username and password can be easily keylogged each time you log in. This is even more dangerous than your bank credentials being stolen because funds can’t be recovered and the bad guy can’t be caught.
Wallet Recovery Passphrases are Vulnerable When you set up your cryptocurrency wallet, one of the first steps is to save the wallets mnemonic recovery pass phrase (which is just a set of words). This even includes hardware wallets like Ledger or Trezor. This pass phrase can be keylogged
If you store it in your password vault, those credentials can also be keylogged giving the hacker access to your pass phrase. By stealing this pass phrase, the hacker has full access to your wallet. Keyloggers Can Thwart 2FA
Many crypto sites/apps use 2FA (Two Factor Authentication) which can lure you into a false sense of security. Increasingly hackers will use keyloggers to steal your email account’s username and password so they can access the 2FA codes sent to you
Also, it has been demonstrated that more advanced attacks can use keyloggers to circumvent even more hardened 2FA techniques
Keylogger attacks have now become more sophisticated and often go undetected by antivirus software. Keystroke encryption can block keyloggers by encrypting your keystrokes.