During the last several days there was a series of hacks on stock exchange accounts on a massive scale. The vast majority of cases resulted from lack of 2-level 2FA authentication. During the last few days there was a series of hacks on stock exchange accounts on a mass scale. The vast majority of cases are the result of lack of 2-level 2FA authentication. What is 2FA and why do I need it? When using online banking, you enter your login and password to log in to your account, but when you make a transfer, the bank requires additional authentication in the form of an sms code, a one-time password from a password list, or a hardware token. Thanks to this, even if your password falls into the wrong hands, a third party will not be able to make a transfer without the one-time password. This is the two-level authentication. In banks it is mandatory, but for exchanges it is unfortunately still an option that many people do not use! In December 2017, the world circulated information about the leak of 1.4 billion passwords to mailboxes. The list includes 10 million Polish mailboxes! If an unauthorized person who has a database of emails with passwords will enter our mailbox and from the emails will deduce that we use cryptocurrency exchanges, without any problem will be able to use the function to recover the password on the exchange via email (of course, unless you use double authentication). In a situation where we do not have 2FA enabled, a hacker with access to our mailbox also has access to our funds on the exchange! Manually browsing through 10 million mailboxes for hackers would be time consuming, but they can use bots that automatically log into mailboxes and browse emails for phrases with the name of known exchanges. Anyone who uses the exchanges has emails from these exchanges, e.g. when registering or requesting a transfer confirmation. The identification of users of the exchanges is therefore trivial. With the help of bots, hackers at a certain time will have a list of users and the emails from the list assigned to them. Perhaps you are also on this list! Enable 2FA immediately! Also, remember to NEVER use the same password on different services, and certainly not on those on which the fate of your money depends! Often a database with emails and passwords leaks from many services. If you use the same password in different places, sooner or later a tragedy will happen. If not the fault of the exchange itself, then it is the fault of the service where you used the same password. If you use the exchange password on another site CHANGE IT NOW! How to create 2FA At the moment most exchanges in the world (if not all) have the option of additional 2FA security. Mostly through the Google Authenticator app, which generates one-time temporary codes that are valid for one minute. Download the mobile application to your phone/smartphone (the safest is an old smartphone restored to factory settings - for security geeks). After downloading the application, scan the QRCode that the exchange will give us. You should also remember to write down (preferably on a piece of paper) your private key in case you lose your phone. From now on, when logging in to the exchange, it will additionally ask for a 6-digit one-time code generated by the application on the mobile device. Even if a hacker breaks into your mailbox and uses the password recovery feature, without the one-time code, you won't be able to do anything. Hacked mailboxes are not the only culprits. We can also have a trojan/keylogger on our computer, which can intercept our password. However, having 2FA, the hacker will not be able to use the password (unless we also have a virus in the phone, which is less likely). If you made it to the end of the article and you don't have 2FA on the exchange(s), check now if you still have funds on them. If you do, fate is very kind to you, but don't tempt it and dutifully set up a 2FA right now! If your mailbox has a 2FA option, take advantage of that as well. If you'd like, you can check for leaked passwords for your email here: haveibeenpwned.com, but be aware that the list may be incomplete/outdated. Tags 2FA security exchange hacker Trojan, virus, hack
No comments:
Post a Comment