This is how hackers attack your Bitcoin wallet online
For years, researchers have warned of serious problems with Signaling System 7 (SS7) - a set of phone protocols that can allow hackers to listen to personal phone calls and read text messages. Large-scale version, despite the most advanced encryption used by mobile networks.
Created in the 1980s, SS7 is a collection of telephone protocols that accommodates more than 800 telecom operators around the world, including AT&T and Verizon to connect and exchange data, such as Routing calls and texts together, enabling roaming and many other services.
Although many fixes have been released, global mobile networks have always ignored this issue and argue that the exploitation of SS7's weaknesses requires a large technical and financial investment, so user risk is extremely low.
- Ransomware 'Your Windows has been banned' extorting users with a face value of 50 USD Bitcoin
- Guide to digging Bitcoin for beginners
- Are you curious what inside the vast Bitcoin Iceland digging plant looks like?
However, earlier this year, we saw a real attack, the hacker used the design flaw in SS7 to extract the victim's bank account by blocking two-factor authentication codes. (disposable password or OTP authentication code) sent to customers and redirected them to hackers.
The white-hat hackers of Positive Technologies have proven that cyber criminals can exploit the SS7 vulnerability to control online Bitcoin wallets to steal victims' money.
This is how hackers attack Bitcoin wallets and steal money
">
To demonstrate the attack, Positive researchers obtained the Gmail address and phone number of the target, then requested to reset the password for the account, including sending the authorized token once to send to the number. Phone of the target.
Just like in previous SS7 hacks, researchers blocked SMS messages containing 2FA code by exploiting a known design flaw in SS7 and accessing Gmail mailboxes.
Since then, researchers accessing straight to Coinbase accounts have been registered with the compromised Gmail account and created another password for the victim's Coinbase wallet. After that, they logged into their wallets and took all the money in it.
Fortunately, this attack is done by security researchers, not cyber criminals, so there is no damage to the Bitcoin encryption system.
The above is just an example of an SS7 vulnerability attack, however, they are not limited to cryptocurrency wallets. Any service, such as Facebook and Gmail, is based on two-factor authentication.
We need to avoid using 2-factor authentication via SMS messages to receive OTP codes. Instead, it is recommended to rely on encryption keys based on encryption as a second authentication factor.
You should read it
- Hackers are targeting Bitcoin virtual money
- Hacker attacks a US city demanding $ 100,000 ransom with Bitcoin
- How to dig bitcoin without wasting electricity
- Discovering the new serious security vulnerability of Bitcoin can cause the whole system to crash
- What is Bitcoin faucet? What is Bitcoin faucet?
- What is Bitcoin? Why is Bitcoin not 'virtual money'?
- What do you need to know when buying Bitcoin or selling Bitcoin?
- Guide to digging Bitcoin for beginners
- Today's Bitcoin price, Bitcoin price update every minute
- How to dig Bitcoin on Android and iOS phones
- The world only has 20% Bitcoin to 'dig'
- 10 facts about Bitcoin
Maybe you are interested
Inside the Nuclear Shelter That Stores Over $100 Million in Bitcoin
Bitcoin price today August 1: Adjusted to 64,300 USD
The future of the virtual currency and bitcoin industry will be more favorable if Former President Donald Trump is re-elected
Bitcoin price today July 19: Adjusted to 63,600 USD
Bitcoin price today July 18: Adjusted to 64,600 USD
Analyst Justin Bennett: Bitcoin Could Fall to $52,000