Skip to main content

New Threats Are Emerging Targeting Crypto Wallets

A new threat has emerged within the cryptocurrency community. The  exploitation, named “cryware,” targets hot wallets connected to websites and other internet based applications, intercepting their data and changing the destination of their transactions. This allows adversaries to send tokens to their own crypto wallets without any detection from the victim.

“Cryware signifies a shift in the use of cryptocurrencies in attacks: no longer as a means to an end but the end itself,” said the Microsoft 365 Defender Research Team in a recent article.

Cryware utilizes the following techniques to carry out its attacks:

  • Cryptojackers: Mining malware that hijacks and consumes a target’s device resources.
  • Ransomeware: Provides transaction anonymity, reducing chances of being discovered.
  • Information Stealers: Steal and record sign-in credentials, system information, and keystrokes.
  • ClipBanker Trojans: Steals information off of the user’s clipboard.

Through these methods, the hacker attempts to steal information such as private keys, seed phrases, and wallet addresses which later will be used to initiate rogue transactions.

One way that cryware attacks is through clipping and switching. This technique involves hackers intercepting an individuals copy/paste function and change what is present on their clipboard. When an unsuspecting individual thinks they are pasting the desired wallet address into the transaction, they are actually pasting the address of the adversary. Additionally, if seed phrases or other private information are copied onto the user’s clipboard, adversaries can access that information and use it to extract funds from the victims wallet.

Experts recommend that in order to reduce your risk of being a victim of cryware exploits, individuals lock their hot wallets when not trading, disconnect sites connected to their wallets, and avoid storing private keys in plain text.

CryptoArmor aims to mitigate attacks and exploits just like cryware. Our code is specifically tailored for cryptocurrency and NFT enterprises. Using our endpoint detection software, we are able to closely monitor our client’s information, detecting and preventing attacks 24/7.

Contact CryptoArmor here to learn more.