Google Security Expert: Crypto is Like Catnip for Cyber Criminals

In response to increasing security concerns around SMS-based two-factor authentication (2FA) and the prominence of SIM-swapping schemes targeting crypto investors, Google last year released the Titan Security Key. The Titan Security Key enables advanced 2FA without the need to send a text message that could be intercepted by cyber criminals.

Google’s Head of Account Security Mark Risher, who helped develop the Titan Security Key, believes that crypto is like “catnip” for cyber criminals, and explains why the emerging asset class has become such a “hot target.”

Crypto Is a “Hot Target” For Cyber Criminals, Says Google Head of Security

2018 smashed all previous records for crypto-related thefts. While the bulk of the stolen cryptocurrencies are attributed to some prominent cryptocurrency exchange hacks, the rest of the stolen crypto resulted from phishing schemes, crypto giveaways scams, and a new issue involving attackers gaining access to a user’s mobile phone through SIM-card swapping.

One high-profile case involving early Bitcoin investor Michael Terpin filing a lawsuit against telecom company AT&T for their gross negligence that led to $224 million in crypto being stolen from Terpin. Cyber criminals impersonated Terpin to gain access to a SIM-card tied to his phone number, which was then used to send a text-message containing sensitive account information that led to the criminals gaining access to Terpin’s crypto wallets.

Related Reading | Pro League of Legends Gamer Robbed of $200K in Crypto in Sim-Hack

Terpin’s example proves that new methods – such as Google’s Authenticator App, Authy, or Google’s new Titan Security Key – are necessary to fight the growing problem.

But why target crypto investors? Google’s Head of Account Security Mark Risher, whose primary focus is around spam, phishing, and account security, says that “the instantaneous nature of it, the very, very low transaction fees, the frictionless nature of money moving around,” and “the pseudonymity” are key reasons that cyber criminals are targeting crypto investors in a big way.

“Cryptocurrency is like catnip for these attackers,” Risher added. He continued, explaining that cryptocurrency’s notorious price volatility could lead to its value doubling overnight, making investors in the new financial technology a “very hot target.”

How Can Crypto Users Protect Themselves From SIM-Swapping?

It has become increasingly clear that SMS-based 2FA solutions that protect most accounts are ineffective against preventing all attacks. And while as long as there is potential for human error, and no solutions will ever be 100% effective, cryptocurrency investors can take some key steps to protect themselves.

For one, never use SMS-based 2FA for securing cryptocurrency wallets or exchange accounts, or anything that has access to private keys or assets. Instead, use Google’s Authenticator app or Authy, which refreshes 2FA codes that can only be viewed in-app at regular intervals. Be sure to make backups of all of the QR codes to the accounts you have synced with Google Authenticator or there is risk of being permanently locked out of your own accounts.

Related Reading | Silicon Valley Execs Targeted in ‘SIM Swap’ Hacking, $1 Million in Crypto Stolen

Another commonly overlooked but highly recommended tip is to never publicly, or even privately, disclose your crypto holdings or that you are holding cryptocurrencies at all. Doing so could make you a target.

Finally, one could consider Google’s Titan Security Key. Risher says that having a Titan Key “physically present makes SMS a non-threat.”

“There’s no code that sends over the airwaves, nothing is sent to the telcos,” he added. “If your phone number has changed, we won’t even know as part of this flow, and if someone else has grabbed your phone number, they won’t have any higher credibility than a complete stranger.”


SanFair Newsletter

The latest on what’s moving world – delivered straight to your inbox