Phishing

Phishing is the practice of tricking a user into using malicious software that is designed to look legitimate. The malicious site may try to harvest credentials, or trick a user into downloading a tampered version of key software. For example, if you are tricked into logging into a malicious website at c0inbase.com, the attacker can then use your username and password to access your Coinbase account.

Phishing is a common practice. Users of desktop wallets like Electrum were attacked with a false upgrade notice, tricking them into downloading a version of the software that steals their Bitcoin.

Mitigation:

  • Watch carefully for HTTPS warnings on cryptocurrency sites.

  • Always check the URL on cryptocurrency sites.

  • Use a multi-signature wallet, which would require the user to be tricked multiple times before fund theft is possible.

  • Use a sovereign key storage system that avoids single points of failure.