Security Takes a Backseat to Growth: New McAfee Report Reveals Weaknesses in Crypto World


by Coin AIO 1068 views 237

Security Takes a Backseat to Growth: New McAfee Report Reveals Weaknesses in Crypto World

The latest McAfee report on blockchain security points out the most common threats against blockchain users and owners of digital assets. Those include phishing and malware as the leading cause of troubles.

“Bad actors have already targeted many blockchain implementations using social engineering, malware, and exploits,” states the report.

Phishing scams are the most common attack to steal private seeds. The McAfee report points out that a site generating IOTA seeds managed to fool customers by providing tainted wallet seeds. In 2018, there is a marked uptrend in mining malware, outpacing previous years and expanding to millions of computers.

“In the past six months, many malware developers appear to have migrated from ransomware to cryptocurrency mining, according to McAfee® Global Threat Intelligence data that show ransomware attacks declining 32% in Q1 2018 from Q4 2017 while coin mining increased by 1,189%,” discovered the latest report.

Mining malware is using more sophisticated techniques for infection, often targeting gaming communities, or using other approaches to make users download the miner, believing it is another type of software.

51% attacks were also among the chief risks, and were performed against prominent coins, including Verge (XVG), as well as Bitcoin Gold (BTG) and ZenCash (ZEN).

As for the protection of a complex hash function, even that may not be enough and expose users to a Dictionary Attack, or attempts to guess familiar phrases and words that produce the hash. But those attacks are comparably more rare than tainted wallets and other ways to gain control of private keys.

Other attacks and vulnerabilities include smart contracts, as well as various exploits of blockchain technology itself. Client-side security remains important, and a lot of the attacks are due to human error, especially when it comes to stolen exchange accounts by impersonating a site.

Other threats include requirements to use the private key - a move that should be rare and only performed with verified services. The latest threat has been seen around the EOS voting process, where there are suspicions of tainted third-party voting services.

This article appeared first on Cryptovest