How hackers hack kriptopolis on the exchanges and steal our money. The most popular ways

Kriptonyte attracts millions of customers and thousands of scams. Unregulated “Wild West” this modern financial sector includes the crazy volatility and round the clock trading and anonymous transactions, hidden from governments and regulators. Hackers are always ready to steal millions of dollars in the crypt of the inexperienced holders of tokens. Fraudsters use a variety of schemes – from traditional phishing to hacking the clipboard to replace the addresses of the wallets.

One modern approach is associated with the manipulation of cryptonote and API. Fraudsters may compromise automated trading software on the stock exchanges and to place any order or to access sensitive user data. If you are thinking about using bots, don’t forget to read about their characteristics, vulnerabilities and security measures.

The contents

The basics of cryptonote

Cryptocurrency trading bots are software programs that analyze the markets and automatically place orders. Given the high volatility and constant changes of cryptomeria, bots convenient, as it can monitor market 24/7/365. They can also regularly place orders to buy/sell and make more profit.

Sounds wonderful, isn’t it? However, shopping bots are not flawless. This is a relatively complex system, strictly following the user defined parameters, and therefore require careful configuration. In addition, advanced programs may have a monthly fee. This means that you can easily lose money if you do not know how to use this tool. Before you order or create a bot, it is best to remember the General features IN the premium:

  • reliability;
  • transparency;
  • profitability;
  • ease of use;
  • security.

Perhaps the last paragraph is the most important because it is closely linked to the security of your money. Every bot is a gold mine for hackers or phishers, so pay special attention to the protection used trading software or platform. Before starting any activity, check security measures in all of the exchanges listed on the Problem.wtf.

Disadvantages of automated trading

Source: Unsplash

Cryptonote comply with the order, interacting with application programming interfaces (API) exchanges. As a result, we have a scenario where two cars interact without manual control.

The problem is the centralized nature of the trading bots and platforms. Since hackers are unable to access blockchain systems because of their almost perfect security, they focus on traditional systems with a Central server, which rely on personal data such as passwords, e-wallets or keys. And hack machines that run independently, even easier. Thus, bots and APIs have three major drawbacks. Their consequences could be next.

  • Unprofitable transactions. If hackers get access to the first level of the trading interface, you will only be able to place bids. Of course, they will make deals profitable for them, not you.
  • Theft of money. The second level gives you the opportunity to withdraw money. It is obvious that hackers will do this after placing a few bids and generate sufficient profit.
  • Obtaining access to confidential data. In addition to transactions of purchase/sale, scammers can access personal information on the type of keys cryptocell attached to the bot.

Hackers and their tools

Hackers can hack the system and change the code to set bots with new algorithms. The owners may not even notice these changes and continue to use their trading software. There are other ways of hacking bots, trading programs or APIs.

The following are examples of different technical approaches to hacking kriptopolis.

API

As already mentioned, the bots interact with the exchanges API – specific interfaces to automatically place bids. Typically, these systems have several levels of permissions, is protected by the unique keys. Using the schema phishing attacks, hackers can gain access to these keys and crack the system.

Among the most striking examples of fraudulent use of API – in the case of Binance. API this exchange has three types of permissions: read, trade and output. In July 2018 gogda hackers got access to the first two levels, artificially inflated the price of the coin SYS and transferred huge sums to the accounts and a conclusion, which they controlled. The result Binance closed temporarily, ‘ve reset all keys and ran a full test of the security system.

What is the problem? Binance platform with a high level of security, but centralized. Professional hackers can easily steal the keys and gain control over the trade bots or API.

Application

This example is simple and partly refers to the previous one. Shopping app for PCs or smartphones, which allow easy and convenient to place orders. These programs are not bots, as they require manual control, but they are also based on the API that makes them vulnerable.

We can recall for example the fake Poloniex applicationcreated by fraudsters for Android. They can be free to download in Google Play, so users just provided the hackers with your personal information and details of their accounts. Fake stock program is a form of phishing is used by criminals to gain access to user wallets or accounts. So be careful and always use two factor authentication.

Extensions

Some shopping bots can be an extension for browsers. They seem to be very convenient because they allow you to trade faster and to always control the process. However, we suggest at any cost to avoid such extensions, as they are usually malicious. Plugins and extensions for browsers can compromise your hardware or simply copy everything you type, including keys and passwords.

Bots in Slack

Cryptomathic also use a variety of programs and channels in Slack. In 2017, it was reported about the attacks of cybercriminals for developers on blockchain projects through bots in Slack. Hackers use phishing schemes, notifying the users about potentially beneficial transactions and providing a link to a fraudulent website which asks you to enter personal information or sign in to wallet.

How to protect against break-ins

In conclusion, some information about the security measures that should be taken when interacting with the cryptocurrency trading software, applications, or interfaces. Here are the most valuable clues.

  • Store API keys in a safe place. With no one to share your personal data according to the type of keys, bots, private addresses crypto-currency wallets and passwords.
  • Disable automatic withdrawal. Better to spend the time to do it manually. In this case, hackers will potentially be able to make bad deals, but they can’t steal your money.
  • Learn as much information as possible. Bots sophisticated enough tools, so don’t be lazy and read about trading strategies, parameters and measures of protection.

In General, rely on the proven software and don’t forget about “the hygiene on the Internet”. Bots might be useful and profitable, but they are machines that can be hacked like any other computer device. More data look at cryptodata.

Subscribe to our channel in the Telegram. Or store cryptocurrency exchanges!

Leave a Reply

Your email address will not be published. Required fields are marked *