Crypto Is Soaring, But So Are Threats: Here’s How To Keep Your Wallet Safe

Digital Security

As detections of cryptostealers surge crossed Windows, Android and macOS, it's clip for a refresher connected really to support your bitcoin aliases different crypto safe

09 Jan 2025  •  , 5 min. read

Bitcoin is connected a tear. For nan first clip successful its history, nan integer rate surpassed $100,000 successful early December, having surged much than 30% since predetermination nighttime successful nan US. Whether aliases not nan optimism astir President-elect Donald Trump’s pro-crypto rhetoric connected nan run way is beryllium realized, nan worth of virtual coins continues to tick up. But truthful excessively do scams and malware designed to steal your crypto.

ESET’s latest Threat Report reveals that detections of cryptostealers roseate by 56 percent from H1 to H2 2024 – crossed Windows, Android and macOS. It’s clip to return a look astatine nan latest threats to your integer currency, and really to support it safe.

Why crypto is truthful charismatic to cybercriminals

The FBI says it received complete 69,000 nationalist complaints astir financial fraud relating to cryptocurrency specified arsenic bitcoin, ether aliases tether successful 2023. And though these comprised conscionable 10% of nan full number of financial fraud complaints to nan Bureau, they accounted for almost half of full losses, aliases $5.6 cardinal for nan year.

That’s a 43% yearly increase, pinch cryptocurrency stolen crossed each nan awesome cybercrime types tracked by nan FBI, from malware and personality theft, to ransomware, phishing and romance scams. However, nan mostly of cryptocurrency losses successful 2023 came from finance fraud (71%) and telephone halfway fraud, including tech/customer support scams and authorities impersonation scams (10%).

The maturation successful specified crime is simply a reflection of nan increasing domiciled cryptocurrency plays successful world finance. But it’s besides favored for circumstantial reasons, according to nan FBI. The decentralized quality of virtual currency, nan velocity of irreversible transactions, and nan expertise to transportation it astir nan globe make it celebrated among cybercriminals, and difficult for victims to recover erstwhile stolen.

Crypto threats to beware of

So wherever was criminal activity successful 2024 focused? The latest ESET Threat Report reveals immoderate intriguing findings:

• On nan macOS platform, Password Stealing Ware (PSW), which often takes purpose astatine credentials related to cryptocurrency wallets, changeable up by 127%. This was partially driven by a malware arsenic a work instrumentality sold connected Telegram called AMOS (also known arsenic Atomic Stealer), on pinch its galore versions and imitators. Attackers dispersed this malware via seemingly genuine but malicious ads connected Google’s advertisement network, luring group to a tract that prompts them to download malware posing arsenic morganatic software.
• PSW threats were besides down nan maturation of cryptostealers that target nan Windows platform. A ample conception of this activity was fuelled by a version of nan infamous malware-as-a-service Lumma Stealer.
• Many Android banking trojans now incorporate cryptostealer functionality alongside accepted features – truthful overmuch truthful that we now incorporated some threat types successful its “Android Financial threats” category. This people of threats roseate by 20 percent wide successful H2 2024.

ESET’s Threat Report for nan first half of 2024  also has immoderate absorbing insights:

• Novel GoldPickaxe malware targeting owners of cryptocurrency wallets and south-east Asian financial services customers. This blase trojan has nan expertise to bargain facial biometric information and usage it to nutrient deepfake videos of victims, to thief bypass authentication checks.
• The improvement of a long-running botnet (Ebury) to bargain cryptocurrency wallets hosted connected targeted servers. It does this by conducting adversary-in-the-middle attacks, redirecting web postulation to a strategy nether nan threat actors’ power truthful they tin seizure SSH credentials and tally scripts to exfiltrate nan applicable crypto-wallet data.
• An uptick successful activity centered astir nan Vidar infostealer, which is designed to harvest credentials stored by browsers and information from crypto-wallets. It’s delivered by a malicious installer dispersed via Facebook ads, Telegram groups and acheronian web forums.
• Targeting of gamers via crypto- and infostealing malware hidden wrong cracked games and cheating devices offered connected Discord servers and torrent sites. These see Red Line Stealer and Lumma Stealer. Detections of nan cryptowallet-focused Lumma were declining successful nan period, but ESET discovered a caller variant, Win/Spy.Agent.QLD, that’s connected nan rise.
• The persistent threat of phishing arsenic a intends to entree crypto-assets, by tricking users into handing complete their logins. For example, cryptocurrency-related phishing sites accounted for 8% of each those observed successful H1 2024 by ESET. That places it successful nan apical 5 categories for nan period.

It’s not conscionable phishing and malware that you request to beryllium alert of erstwhile it comes to cryptocurrency theft. As is clear from nan FBI’s figures, fraudsters person designed a scope of scams intended to portion you pinch your virtual currency. According to a Chainalysis study successful August: “With respective cardinal successful inflows, scams pinch a crypto nexus are mounting successful 2024 and are 1 of nan largest areas of illicit activity YTD.”

It highlights pig butchering, which typically blends romance scams pinch finance fraud, arsenic 1 of nan astir communal intends of crypto theft.

How to support your crypto safe

All of which puts other unit connected you to support that cryptocurrency safe. There are various measures you tin return to mitigate nan threat from phishing, info-stealing/cryptostealing malware, scams and more. Consider nan following:

• Don’t put each of your costs successful 1 crypto wallet. Spread nan risk, and see putting astatine slightest astir of your costs successful acold (hardware) wallets that aren’t connected to nan internet, and are truthful amended insulated from integer threats. Choose your wallet providers cautiously based connected reviews and beryllium judge to support internet-connected (aka hot) wallets MFA-protected arsenic good arsenic acold wallets nether fastener and key.
• Turn connected two-factor authentication (2FA) for immoderate crypto app you own, mitigating nan consequence of phishers obtaining your passwords.
• Don’t usage nationalist Wi-Fi erstwhile retired and about, and surely don’t entree your crypto accounts while using, successful lawsuit location are integer eavesdroppers about.
• Always support your devices and laptops/PCs up to date pinch patches and information software, to mitigate nan effect of info/cryptostealers.
• Use a VPN from a reputable provider for an other furniture of information to defender against phishing, malware and different threats.
• Only download package from trusted sources and charismatic websites, checking personification reviews and developer ratings beforehand.
• Minimize your consequence vulnerability by limiting really overmuch package you download. Periodically region unused extensions/software pinch this successful mind.
• Check regularly for immoderate imaginable different activity successful your crypto accounts.
• Be alert to scams. That intends phishing messages, finance opportunities that look excessively bully to beryllium true, and romanticist encounters pinch individuals who garbage to meet aliases video call.

The truth that nan FBI now has its ain dedicated cryptocurrency crime study indicates nan standard of nan problem. Stay alert, and don’t fto anyone get their hands connected your integer assets.