Phishing
Phishing is the practice of tricking a user into using malicious software that is designed to look legitimate. The malicious site may try to harvest credentials, or trick a user into downloading a tampered version of key software. For example, if you are tricked into logging into a malicious website at c0inbase.com, the attacker can then use your username and password to access your Coinbase account.
Phishing is a common practice. Users of desktop wallets like Electrum were attacked with a false upgrade notice, tricking them into downloading a version of the software that steals their Bitcoin.
Mitigation:
    Watch carefully for HTTPS warnings on cryptocurrency sites.
    Always check the URL on cryptocurrency sites.
    Use a multi-signature wallet, which would require the user to be tricked multiple times before fund theft is possible.
    Use a sovereign key storage system that avoids single points of failure.
Last modified 1yr ago
Copy link