Skip to content
Join our Newsletter

Guard cryptocurrency, cyberwallets carefully: security pro

People using cryptocurrency and cyberwallets need to be alert to the scams as cybercrooks continue to become more and more sophisticated
If you're going to use cryptocurrency or cyberwallets, be aware of scams.

If you’re going to use cryptocurrency or cyberwallets, guard them and your personal information carefully, warns a Vancouver cyberdetective.

“Cryptocurrency has surged in value in the past couple of years. This popularity extends to cybercriminals,” said Derek Manky, chief of security insights and global threat alliance for FortiGuard Labs, a California-based company with a research and development centre in Burnaby.

Manky explained that nowadays, most ransomware attackers demand payments via some form of cryptocurrency.

He said cryptocurrency scams make it a lot harder to identify who the actual person behind the keyboard is and it doesn’t leave much of a paper trail. It's also faster, with payments made almost instantly.

“Bad actors are also undoubtedly able to leverage fear, uncertainty and doubt when it comes to cryptocurrency, too. It’s such a comparatively new technology that many people still don’t fully understand it,” Manky said.

For example, in the lead-up to the holiday shopping season and where cryptocurrency was in play for nefarious reasons, FortiGuard unearthed a new scam. A malicious file was found on a publicly available file repository site where cybercriminals were likely advertising to potential victims as a free Amazon gift card generator.

“Obviously, a tool that provides free gift cards does not exist, but the hope of getting something for nothing can be hugely attractive to many people,” Manky said.

Once the victim executes a fake gift card generator, it drops and executes a malicious file that monitors the victim’s computer clipboard.

“The purpose of the malware is simple,” Manky said. “If the victim tries to add money to their anon-bitcoin wallet by copying and pasting the wallet address, the malware overwrites the victim’s wallet address on the clipboard with its own, resulting in the money potentially going to the attacker.”

Manky called it a workaround for the attacker.

“It’s a relatively new thing we’re going to see a lot more of.”

The expert predicts cybercrooks are going to become more and more aggressive.

“Pay attention to everything you do,” Manky said. “This is going to continue to happen.”