Have you ever wondered what the most common crypto scams are and how to avoid them? Our “Hello Crypto Safety” series analyzes trends and shares best practices to stay safe from these attacks.
This episode focuses on hacks, a type of attack that occurs when an individual or group steals information from their victim to gain control over their wallet (private key or seed phrase), web-app account (log-in information), or phone to sign transactions on their behalf. For example, a hacker gains control over non-custodian wallets by stealing the seed phrase and over web-based exchange wallets by stealing the account’s log-in information.
What are the different types of hacks?
During a hack, the hacker exploits a vulnerability in a smart contract, protocol, infrastructure, or software or steals information from their victims to gain unauthorized use of their device and transfer funds directly on their behalf.
A Sim Swap occurs when the scammer takes control of the victim’s cell phone to sign transactions on their behalf.
A Contract Exploits vulnerability in a smart contract to steal funds from a wallet. For example, hackers leverage:
A reentrancy attack occurs when a function makes an external call to another untrusted contract. Then the untrusted contract makes a recursive call back to the original function to drain funds.
When the contract fails to update its state before sending funds, the attacker can continuously call the withdraw function to drain the contract’s funds. A famous real-world Reentrancy attack is the DAO attack which caused a loss of 60 million US dollars.
Logic bugs occur when hackers exploit logic vulnerability in the code that enables them to exploiting do something different from what the app developer intended.
Access control attacks
Access control attacks occur when scammers exploit a vulnerability to circumvent or bypass access control methods to steal data or user credentials to log in on their behalf and transfer funds.
A Protocol Attack occurs when the scammer exploits a vulnerability in protocol - such as governance, to steal funds from them.
Man in the middle attack
A Man in middle attack occurs when the scammer exploits a vulnerability in a communication network to intercept information and access log-in information or private wallet keys.
During a DNS hijacking, hackers manipulate DNS queries to redirect users to malicious sites.