PewDiePie incident exposes vulnerabilities in seed phrase printing

There have been hacks in the crypto sphere in the past but none of the hacks have ever managed to take control of any external network so far. Rather, the hackers have stolen cryptocurrencies by indirect methods. Hacking a blockchain network is near impossible due to the cryptographic nature of the data and the distributed network by which the data is stored. Even though an eclipse attack on any blockchain network is theoretically possible, the computing power necessary for this is huge and there is not enough incentive to do such an attack considering the fact that the value of any cryptocurrency depends on the trust in the network. Any coin that is gained will be of zero value. This dilemma has forced hackers to seek bounty from other sources, mainly attacks on wallets and financial institutions which hold large sums of cryptocurrencies. The problem is not with the technology but rather with how people use it

Hacking the user

Most people don’t use a full network node, so they use other software to hold and trade crypto assets. And hackers usually try to exploit the vulnerabilities in the software or hardware to gain access. Once hackers gain access, they take the private key of the user and use it to transfer funds from the user’s account to the hacker’s account. Anonymity and lack of a central authority mean that the funds cannot be retrieved. There are so many ways in which hackers gain access to individual systems such as malicious software, email attachments and remotely taking control of a system. Most novice users are not technically literate to protect themselves from such hacks, and usually many fall a victim to these attacks.

Are big players safe?

Technically speaking, exchanges and other financial institutions are no different from a normal user in the strictest sense, when it comes to how they handle cryptocurrencies. Their funds can also be drained if the private key of their respective accounts is gained. But usually, due to the large size of cryptocurrencies they handle, they adopt more security measures and here hackers have to get more creative to pull a successful heist. The rewards, however, are much greater. And this makes them a prime target for attacks. Even though tough security measures are taken, many exchanges have gotten hacked in the past, especially in South Korea. Sometimes, hackers go to extreme lengths to hack these large firms. For example, recently in South Korea hackers are targeting the employes of cryptocurrency exchanges. Then they gain access to the private networks of the exchange and steal coins.

Securing crypto assets

One of the safest methods to store cryptocurrencies is to use a cold storage, ie, a device that is completely disconnected from the internet which the hacker cannot remotely access it. Most users cannot buy a new computer just to store cryptocurrencies, but there is dedicated hardware just to store cryptocurrencies that cost a bit more, like Trezor and Ledger. Another way to secure cryptocurrencies is to generate a seed phrase, print it, then delete your software. When a need for transaction arises, download the software again and one can regain their account by using the seed phrase. Seed phrases are generally used to recover a lost account. Since the rise in the price of crypto, the stakes are high. Both hackers and security experts are playing catch up game. Once a new security measure is in place hackers somehow figure out a way around it. Then to prevent this, new measures will be implemented and the cycles go on.

PewDiePie incident

On November 27th, TheHackerGiraffe got bored after playing Destiny 2 for four continuous hours, so he decided to hack printers to support PewDiePie, the most subscribed channel on Youtube. What he did was to search for vulnerable printers on Shodan, a search engine for interconnected devices. He selected specific printers running on the same port. Then using a tool called PRET he found online, he gained access to these printers and printed a message supporting PewDiePie. The tool the hacker used, PRET can also be used to access internal files stored in the printer containing past and pending jobs, which at least, in theory, allows the hacker to access user bitcoin wallets if the recovery seed phrase was present in the files. Now the risks are low but this proves the point that anything can be hacked, nothing is safe on the internet and cyber security is continuous yet a constant battle. One must pay utmost care while dealing with crypto even while doing something considered relatively safe like printing a seed phrase. Remember, hackers are smart. It’s up to you to remain one step smarter.

Follow us on Twitter, Facebook, Steemit, and join our Telegram channel for the latest blockchain and cryptocurrency news