CoinMarketCap Popup Hack Exposes Third-Party Crypto Risks

Crypto Threats Rising: CMC Witnessed Popup Scam

The recent news of a malicious popup on the site of CoinMarketCap raises concerns about the security even on the well known sites. The third-part synergies cause this incident when several users received a “Verify Wallet” popup, resulting in harmful codes injected through the animation file.But the thing is that we are actually prepared for this crypto world’s vulnerabilities or the market is ready to provide us a secured atmosphere. 

Recently, the malicious codes have been removed by CMC as per reports,but the catch is, how do the users and their data suffer who already got into this? And at what risks are they when things like that happen?

HOW HACKERS MANIPULATE STOLEN CURRENCIES ?

• Laundering stolen cryptocurrencies: This is the main and most common approach to hackings. Hackers disguise or hide the source of money and make it hard to find their location by converting them into cash through fiats.

• Cross-Chain transfer: Swapping the cryptocurrencies in different blockchain networks (like bitcoin to ethereum, ethereum to solana, etc), creates the multi-root address. The different attributes make them tough to track down.

• Use Privacy protected platforms: Secure the stolen money in the wallets of platforms that provide the privacy features where the personal information and detail of their data is kept undisclosed, for example Monero.

• Decentralized and unregulated exchange: They can use the platforms with the lack of regulations and policies to trade the currency.

• Scattering method: The large and integrated funds may draw attention towards. So, they follow the method of dividing the large amount into small fragments and then store them into multiple wallets.

WHAT CAN HACKERS DO WITH THE STOLEN DATA?

• Digging into credential info: They are after the access keys of one’s login credentials  like their username and passwords of other money related platforms, banking details, e-wallets, any others.

• Identity theft and E-mail spoofing: They can use your social accounts to target others to reveal sensitive information from them too. Pretending to be you and attacking the close one or attached one from your accounts.

• Blackmailing: In some cases, confidential and sensitive data of users, can be used as a source of blackmailing and extortion.

In the recent case we have seen that CMC has responded to the matter in a swift way that scales down the exposure of more users and opportunities for hackers. But this reminds the measures to be taken by service providers to phase out these kinds of problems.

WHAT THE SERVICE PROVIDER CAN DO

• Check for Third-Party Vulnerabilities: Before making any deal with other providers look into their service structures and policies. The threats that cause problems have not to be set aside .

• Implementing security policies:To make the platform more easygoing, the policies may play an important role. Mentioning the procedures that help the customers to understand the possible risks. 

• Technical supporting systems: Authorities should use the technical security approaches like Firewalls,IDPS, DLP, Encryption Methods, etc. to make the network more secure.

• Vigilance: there should be a monitoring team or system which keeps track of every activity and alerts about any suspicious act to alarm on an early basis.

Measures only taken by the service provider’s side are not the right approach to deal with this problem; but it has to be from both sides. Customers are the ones who are likely to experience these threats more. Users also need to take some protective actions to safeguard themselves from any exposures.

WHAT PRECAUTIONS CAN  A USER TAKE

• Avoid connecting wallets to random sites: Do not connect or click your wallets to unknown requests or popups, unless you are certain about the authenticity of the platform.

• Use security Tools: There are many security tools like etherscan token approval, Revoke.cash, which allows to check or annul permissions that any platform asks for.

• Utilize Built-in features: You can use the wallet services that have pre-security features for the users like anti-phishing. Use these features to protect your account.

• Trusted Wallets and network: Avoid the sites that look suspicious or mention alerts in starting or do not have security norms. Wallets like Metamask, Rebby, and networks like Opera crypto, Brave browser, etc. are on the good books, you can use them.

• Storing of sensitive information: Avoid storing your credential or any personal data on cloud storages as they are prone to be exploited in the platform.

• Stay informed: Always follow the developments related to news about scams or safety measures. A well aware person is always on the positive side.

Because this market is still emerging, awareness toward its risks is limited. Some frameworks from both the provider’s and user's side may help to mitigate the concerns. The market of crypto is growing rapidly and drawing attention widely resulting in more investors, more money and more scammers. As risks are everywhere, but little precautions can help to play safe.