Most Common Hacks on DeFi to Look Out For
DeFi gave cryptocurrency the needed versatility and added utility to increase its adoption metric. This is clearly seen in the positive correlation between the Total Value Locked in smart contracts of DeFi protocols and the adoption index of crypto. Therefore, it can be inferred that crippling the DeFi space will, in turn, hurt the growing cryptocurrency adoption index of 880%.
The story of the DeFi space this past year has been that of a seedling growing into an orange tree with beautiful and healthy-looking plush fruits, with a few of them tasting weird. If the orange you had caused you to shut your eyes, that’d be your perception of the other fruits. And that’s how it has been for some members of the public: their first taste of the wonders of blockchain technology was either soured by a rug pull or phishing attack.
To lessen the chances of users running into fraudulent schemes and being hacked, Lossless was founded. Lossless is the foremost DeFi hack preventive protocol for token creators. We run a network of security experts and white-hat hackers adept at sniffing out fraudulent transactions.
If the tokens in question are integrated with our Lossless Protocol, we freeze the defaulting wallet address and return the stolen tokens to the original owner. If not, we utilize our network of security gatekeepers to track and prevent the scanner from utilizing them in any way or form.
We understand that technicalities are not enough to discourage fraudsters and hackers, especially as they have devised more ingenious means like social engineering to gain remote access to users’ crypto wallets. This is why we are committed to writing expository reports of some of the methods malicious actors employ. Here are a few techniques hackers use to access crypto wallets.
Phishing attacks occur when a hacker impersonates a reputable firm or authority with the hopes of getting you to trust them enough to divulge your details. They may ask you to provide your seed phrase, password, credit card details, etcetera in return for some reward.
Despite it being a common trick, it rose in frequency during the pandemic because of the large online presence at the time. We classify this attack within the borders of social engineering as it needs your trust for its success.
According to Verizon’s 2021 report, 96 percent of phishing attacks arrive by email. These emails intend to get you to “reset your password,” “confirm your order,” or “enter your seed phrase.” This may seem like easy spotting for you, but the websites for these actions closely mirror the original in design and domain name. For example, Binance.co instead of Binance.com.
Also, be very careful to see if the letters are accentuated. E.g. Binance.com
You can guard yourself against phishing by:
- Double-checking domain names for accentuations in letters. Ensure that the .com variant is correct and the “HTTP” portion of the URL is HTTPS (the more secure form).
- Investigating the content of the email. Copy and paste a portion of the body of the email on a search engine to check for a similar story or query on forums. Sometimes, searching the sender’s email address suffices.
- Safeguarding your private keys and seed phrases
Fake Hardware Wallets
There have been scenarios where users received free hardware wallets in their mails with messages explaining the need to use the new wallet to secure their assets better.
This was rampant when hardware wallet manufacturer, Ledger, experienced a data breach. The fake hardware ledger doubled as a flash drive built to remotely access users’ accounts and collect information when plugged into their computer. This route can be likened to a spy who poses as your friend and duplicates your keys when you’re not looking.
To prevent having your info stolen, you must:
- Beware of free hardware wallets that show up at your front door
- Check your delivery package to ensure it wasn’t tampered with
- Keep yourself informed about your hardware wallet manufacturer
SMS 2FA Verification Exploits
Over 80 percent of all hacking attacks are caused by compromised and weak passwords or associated credentials. That is why you must activate 2FA. Despite 2FA saving you from being vulnerable to 99 percent attacks, it can also be exploited.
There are many 2FA verification methods, and of them, the SMS and voice call options are the least secure because of how easy it is to access information stored on your phone. Hackers can access your mobile device by either using the reverse proxy technique, installing compromised apps on your behalf, or SIM-swap ploys.
The reverse proxy technique intercepts the signals between your device and the service you intend to access. For compromised app installs, malicious actors try to gain control of your Google Play account and remotely install a trojan app. They then try to convince you to enable permissions for the app to function “properly.” Hackers also impersonate telecom employees to deceive you into swapping your SIM and hand over the control to them. This way, they can intercept your messages and listen in on your calls.
Ways you can avoid falling prey to 2FA verification exploits include:
- Choose a more secure 2FA verification method. Use either a reputable Authenticator mobile app or use the email option.
- Be suspicious of every call from telecom companies until proven otherwise
- Do not let strangers and people you do not trust handle your devices.
Malware is simply the shortened version of “malicious software.” It’s software that‘s designed to cause your computers to malfunction. Malware is all over the internet and takes the most obscure forms; they can be in your downloaded files or on a website with spammy and poorly regulated content.
For this scope, spyware and ransomware are the most economically important. Spyware runs discreetly within computer systems and reports back to a remote user. Some are programmed to detect your copied cryptocurrency addresses and automatically swap them for the hacker’s. This way, you credit their wallet address in the hopes that it is yours.
On the other hand, ransomware encrypts and renders inaccessible sensitive information on your computer until you pay a ransom.
Malware is ubiquitous and near unavoidable. As a result, ensure that your PC’s antivirus is up to date and avoid visiting spammy websites.
DeFi attacks, however simple, are intricately woven to fool even the most intelligent. While we are doing everything possible to cover the back-end of smart contracts and tokens, you must do your part by being suspicious of every email, call, or app until proven otherwise. Read through our blog to get better acquainted with the latest DeFi security, and join our Telegram community to get first-hand information about our partnerships and other news.
Lossless is the world’s first DeFi hack mitigation tool for token creators. Apart from our known cyber security solutions and renowned professionals, the community also plays a role. With a tangible reward system, community members are also encouraged to explore new ways to detect hacks and fraudulent transactions.
Our protocol halts counterfeit transactions through various methods of fraud identification and automatically reverses any stolen tokens back to the original owner. Our solutions to the impending problems of cyber theft within the blockchain space are thorough and applicable within many protocols.