How to Protect Your Crypto From Cyber Attacks During COVID-19

At-home working opens up security issues for crypto. Oxford University researcher (and Consensus speaker) David Shrier outlines ways to mitigate the risk.

By David ShrierLayer 2
AccessTimeIconMay 9, 2020 at 6:44 p.m. UTCUpdated Sep 14, 2021 at 8:39 a.m. UTC
By David ShrierLayer 2
AccessTimeIconMay 9, 2020 at 6:44 p.m. UTCUpdated Sep 14, 2021 at 8:39 a.m. UTC

The 1997 indie horror movie "Cube" posited a dystopic future where unwilling prisoners are systematically dismembered by a high-tech prison. The SARS-CoV-2 pandemic has created an environment for a similar virtualized dismemberment of our digital assets and our personal data security.

Unscrupulous hackers are socially engineering their way into financial systems and financial accounts. Well intentioned efforts to promote public safety are fostering prospective abrogation of personal data privacy.  At the same time, there are new areas of business opportunity for distributed ledger companies emerging from the crisis.  

The EventBot trojan is the latest malware to target financial accounts and wallets. Posing as an innocent-seeming app download, such as Microsoft Word, it will take over your phone’s data streams, keylogging passwords and even grabbing SMS messages used in two-factor authentication. 

Malware and phishing are on the rise in the pandemic, as hackers take advantage of heightened anxiety and unprecedented numbers of people working from home outside normal corporate security protocols. For example, one attack vector is to send a phishing email that simulates a health alert from an individual’s organization. Another is to engage in synthetic identity theft on LinkedIn with fake profiles of real people that then send internal LinkedIn messages containing links asking people to look at a file or app. The next-level LinkedIn hack is account takeover of a legitimate profile, and I have personally seen this happen with at least two colleagues in the last six weeks.

David Shrier is a speaker at Consensus: Distributed, CoinDesk's free virtual convention running May 11-15. Register here.

Meanwhile, new data security risks are emerging as unintended consequences of the massive effort to track, trace and remediate the virus. Large-scale health data pools are being assembled, with multiple copies of sensitive health, financial, and telecom data being created at disparate locations. The audit trail of who has accessed this data is poor.  Distributed ledger solutions around data governance, data security, and personal data management could help. For example, BurstIQ has announced the Research Foundry to facilitate secure collaboration around health data.  

CoinDesk - Unknown

From the 1997 movie "Cube"

Synthetic identity theft is another cyber security issue that’s accelerating in recent months. Hackers will take elements of data about real people, such as their name and social security number, and combine it with fake information such as a fingerprint image, a new email address, and street address, to create a convincing simulacrum of a real person that can be used to open credit lines, divert funds from financial accounts, and other forms of fraud or theft. Distributed ledgers offer possible solutions on synthetic identity theft, with the potential for distributed digital identity creating a trusted substrate for identity verification, validation, and authentication. Essential data attributes can be linked immutably to each other, and the blockchain trust authority can offer assertions around authentication and transactions tied to this immutable identity without revealing underlying personal data.  

Cyber unicorns will be founded in the next few years as we see ever-increasing demand for better security solutions.

To secure your crypto wallets and other accounts, here are a few steps you can take:

1. Enable multi-factor authentication. According to Microsoft, 99.9% of compromised accounts did not have multi-factor authentication activated.

2. Use a different password for every single account you have. Many people re-use the same five passwords (notwithstanding the fact that the average business user has over 190 logins to track). 

3. Use good password hygiene: the world’s most common passwords last year included “12345” and “password,” with 83% of Americans using weak passwords.

4. Make sure your virus software is up to date, including installing protection on your phone. Android represents 98% of mobile phone attacks, mostly in the form of malware downloaded to the device.

5. Practice good cyber hygiene. Only download apps from credible repositories, like the Android Marketplace, and verify sources before clicking on any link you receive in an email, text, or LinkedIN message.

Escape the “Cube,” and explore the cyber opportunity that has also arisen as a result of the pandemic. Cyber unicorns will be founded in the next few years as we see ever-increasing demand for better security solutions.

Read more about


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.


CoinDesk - Unknown
Bank of England Committee Calls for Enhanced Crypto Regulation to Limit Contagion

The loss of $2 trillion of crypto market cap over a period of months has “underscored the need for enhanced regulation,” the Bank of England’s Financial Policy Committee said.

CoinDesk - Unknown
CoinDesk - Unknown
Nexo Signs Term Sheet With Vauld for Potential Acquisition

Nexo said it has a 60-day exclusive due diligence period in which to decide if it will acquire up to 100% of Singapore-based Vauld.

CoinDesk - Unknown
CoinDesk - Unknown
UK Government Seeks Views on DeFi Taxation

Those wishing to submit evidence have until Aug. 31 to do so.

CoinDesk - Unknown
CoinDesk - Unknown
Former JPMorgan Banker Samir Shah Becomes COO at Pantera Capital

Shah joins Pantera after 12 years at JPMorgan spanning roles in sales, strategy and digital.

CoinDesk - Unknown