Making the case for digital asset custody as hacks increase.
In recent times, the hacks that have tricked non-custodial wallet users into emptying their wallets have become increasingly pronounced; small-time hackers, organized state actors, there seems to be no end in sight for those who target the digital world to carry out attempts at making money off the unsuspecting.
Attacks by individual actors
In November of 2021, Scammers, posing as fake customer support staff, tricked MetaMask users on community platform Discord into sharing their screen and scanned the QR codes needed to unlock their wallets.
According to a Checkpoint Research (CPR) report, users of crypto wallets, MetaMask and Phantom, as well as the crypto swap platform PancakeSwap, were targeted in a crypto phishing scam involving at least $500,000 taken out of the different platforms. Hacks were also reported in December of 2021 as well.
At the turn of the new year, non-custodial wallet hacks were reported on a Reddit post where the author claimed to have lost over $120k worth of crypto assets. The hack was significant in that it got assets off hardware wallets too. Like anyone that has ever been hacked, there is a lack of understanding of what could have been done better. The author writes, “I know since it’s self-custody, it’s obviously still my fault. Aside from probably accidentally clicking a malicious link on the internet somewhere, I’m still at a complete loss of what I could have done better.“
Attacks by state actors
The North Korean threat actor group known as ‘BlueNoroff’ has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions. Starting from the mass hacks of November 2021 and some of the recent play-to-earn game hacks have been carried out by the group. Although BlueNoroff has been active for several years, its structure and operation have been shrouded by mystery.
BlueNoroff steals user credentials that can be used for lateral movement and deeper network infiltration, while they also collect configuration files relevant to cryptocurrency software. A Kaspersky’s report on the group reads in part, “In some cases where the attackers realized they had found a prominent target, they carefully monitored the user for weeks or months,” The main trick employed to steal the cryptocurrency assets is to replace the core components of wallet management browser extensions with tampered versions that are dropped on local memory.
There have been increased cases of crypto scams. Hacking has been on the rise in 2021 as the popularity of crypto and blockchain technology has increased. Unlike fiat scammers, crypto hackers don’t discriminate against the size of your wallet, whether it’s large or small, they love to take it all the same. This is why you have to keep your asset safe. We can do a list of ways to stay safe on wallets, however, the way to stay safe is to have digital asset custody. (You can check our other article on the step-by-step guide to secure your crypto assets).
Hacks and risk management are why you need a custodian.
Digital asset custody is in many ways similar to the custody of traditional financial assets; custodians take responsibility for securely storing investors’ assets and typically also offer other services like access to Dapps. The role of custodians in the institutional cryptocurrency ecosystem can’t be underestimated. Digital asset security is notoriously tricky, even for retail investors who are only generally concerned with the most straightforward transactions and approval processes.
Third-party custody of digital assets (like Atato) gives an extra layer of security to anyone holding digital assets. With a custodian, you can set up different approvers, rules for specific amounts or tokens all depending on your internal risk management policies. A digital asset custodian offers you the possibility to manage your crypto assets in a secure and compliant way.
If you are looking at clarity regarding rules, flexibility, and additional security advantages as touching the operations of the digital custodian you pick, you can signup directly online for free for Atato Custody or contact us for more information.