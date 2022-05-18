A 29-year-old businessman from Paraná had about BRL 250,000 in cryptocurrencies diverted from his account at the American brokerage Binance in the last month. A police report has been registered and the case is being investigated by the Civil Police’s cyber crimes department.

According to the businessman, who asked not to have his name published, in the early hours of April 29 he received five notifications via SMS on behalf of the brokerage where he had his cryptocurrency investments. The messages sent verification codes.

Suspicious, since he had not made any request to the company, the businessman accessed his account and noticed that approximately R$ 250 thousand had been withdrawn from it.

“I received these codes because I have two-factor authentication, so it would be necessary for the attacker to have this authorization granted by the password and email and also by the code sent to the cell phone to be able to access my account. I found it very strange because this, until then, was a system that I believed to be safe”, says the businessman.

According to the victim, no other bank or social media accounts were hacked. “I haven’t noticed any other signal abnormality or other cell phone issues that indicate the number was not cloned,” she added.

Upon becoming aware of the problem, the businessman claims to have sought out the brokerage. The answer, according to him, is the company couldn’t do anything.

the report of tilt reached out to Binance, but until the publication of this report, there was no response. The space remains open for demonstration.

Crime has become common

Deputy Thiago Cirino de Moura Chinellato, from the 4th Deic Cyber ​​Crimes Division of São Paulo, says that this type of crime has become common and identifying the criminals is not an easy task.

“With the pandemic, people became more digital and this contributed to the increase in crimes committed in the virtual environment. Allied to this we have the issues of data leaks as well. Today we have people with technical knowledge and equipment aimed at this type of investigation. To identify the author, we look for traces left by them, such as the wallet where the money was sent or some information on the device used”, says the delegate.

Cryptocurrency theft

Earlier this month, two cryptocurrency platforms lost US$90 million (about R$447 million) after cybercriminals attack.

The loss of Saddle Finance and FEI Protocol, which had $10 million and $80 million stolen, respectively, made the blockchain finance sector [sistema de armazenamento e transferência de dados, como se fosse um livro fiscal criptografado] close April with more than US$ 370 million (R$ 1.8 billion) in cryptocurrencies taken by hackers.

The balance sheet belongs to the company CertiK, a cybersecurity specialist in web 3 projects, as the “internet of the future” has been called.

In addition to this attack, the month of April saw 31 cybercriminal actions against crypto or web3 projects, including the companies Beanstalk, Deus Finance and Bored Ape Yacht Club, famous for their NFTs (digital assets with record of authenticity).

According to CertiK, the attacks were of different types, from exploiting data protocols to phishing users – the practice of luring victims with false information to access data.

safety tips

A study by data analysis firm Chainalysis shows that the cryptocurrency market is increasingly in the crosshairs of hackers. In 2021, $11 billion was held in crypto by criminals, up from just over $3 billion in the previous year.

Also according to the study, the most common practice (93% of cases) is the theft of cryptocurrency wallets — when a person steals access data by installing malware or when hackers break into the system of a brokerage of these assets.

“To try to minimize attacks, it is important that investors use multifactor authentication, as it is important to create layers of protection such as security tokens and/or biometrics. Make sure that your device and your installed applications are always up to date”, explains Marcelo Menezes, technology director at Law 360, a company focused on LGPD (General Data Protection Law).

Check out more tips:

Use a “cold” wallet for cryptocurrencies

To help protect your cryptocurrency wallet from hackers, a tip is to store it in a “cold” wallet, keeping what you need for a short term and storing most of your assets offline.

A cold crypto wallet, which is similar in size to a USB stick, contains a private key that can be used to access your funds. It is also important that on these devices, your access credentials are not shared.

Choose your broker carefully

The more information you have about your potential broker and the security system they use, the better.

Look for information such as the company’s suitability, if it has a CNPJ, where its headquarters are located and if there are complaints about it on websites of the category or if it has already been the target of a hacker invasion.

“It is important for the investor to assess the level of security that the Exchange [corretoras de criptoativos] offers, those that adhere to the best security practices, such as requiring multi-factor authentication (MFA), enforcing TLS/SSL encryption, and limits on balance transfer notifications. Another more radical form of protection is the freezing of the account in the imminence of some vulnerability detected to mitigate the damages”, says Menezes.

Take care of the security of your devices

Even if your investment is in a good company, it is essential that you do not neglect the security of your devices, as they are subject to invasion by viruses and cybercriminals.

Keep your phone or computer up to date with the latest software and make sure your device has up-to-date antivirus as well.

Change password frequently

Not using the same password for an extended period helps protect your account and investments. And no more choosing sequential numbers, commemorative dates or personal information, when choosing a password it is important that it is complex and needs to be stored safely.

This goes for your device’s unlock access and finance apps.

Beware of phishing

You’ve probably already received emails or text messages on your cell phone with false warnings from your bank, or even unmissable promotions. This is called phishing, a strategy in which the attacker impersonates a legitimate entity to acquire your confidential information to convince victims.

To avoid it, never log into your cryptocurrency exchange unless you are sure you are on the correct website. It is also important not to trust texts, emails or chats that ask for your personal information.

“Often scammers use links with similar names from banking sites. [Ao logar na plataforma da corretora] try to avoid sending account validation or tokens via SMS. The most advisable thing is to use a token program such as Microsoft Authenticator, Google Authenticator or the financial institution’s own”, adds Menezes.

Keep cryptocurrency separate from personal devices

Ideally, you create a specific email for your cryptocurrency wallet instead of using your personal or professional email, for example. Also, never access your investment portfolio on a work computer or one that most people use frequently.

Do not use public Wi-Fi

Never, ever use a public wi-fi connection to access your cryptocurrency wallet and exchange. This type of connection can introduce security flaws and put your investments at risk.

Keep your investment private

The fewer people who know about your investment, the better. While it is a common practice among many people to trade cryptocurrencies online and even celebrate the results in groups of investors on social media, avoid this practice.

The more you show that you have virtual investments, the more you will attract attackers’ attention.