Panda attacks on crypto wallets

I’m not talking about attacks by a cuddly black and white bear from China, but instead a series of new ransomware attacks. The ‘Panda’ malware has been targeting cryptocurrency wallets, “along with account credentials from other applications such as NordVPN, Telegram, Discord and Steam,” according to a Coindesk report.

Trend Micro, a cybersecurity company, discovered the malware that steals information and dubbed it ‘Panda Stealer’. The malware has been found targeting individuals across countries including the US, Australia, Japan, and Germany.

The malware begins its infection chain through phishing emails that pretend to be business quote requests.

According to ZDNet, two methods have been linked to the campaign: the first uses attached .XLSM documents that require victims to enable malicious macros.If macros are permitted, a loader then downloads and executes the main stealer. 

In the second method, “an attached .XLS file contains an Excel formula that hides a PowerShell command. This command attempts to access a paste.ee URL to pull a PowerShell script to the victim’s system and to then grab a fileless payload.”

Once downloaded, Panda Stealer will attempt to detect keys and addresses associated with cryptocurrency wallets holding funds including Ethereum (ETH), Litecoin (LTC), Bytecoin (BCN), and Dash (DASH).

Trend Micro researchers who discovered the attack said, “Crypto wallets are now as big of a target for online theft as banking accounts are. With more people getting into cryptocurrencies and the values of said cryptocurrencies still increasing, this will only become a greater threat moving forward.”

They also pointed out that there is more risk here as unlike theft via a bank or a credit card, there may not be a central authority that can undo malicious transactions. Once you lose your money and the transaction goes on the blockchain, it’s likely gone forever.

“None of this is particularly novel in and of itself – malicious Office documents are well known, so is fileless loading,” Trend Micro researchers said. “The main “new” aspect here is the target of the data theft.” For example, attackers are setting their sights on applications like Discord and Telegram – popular communications platforms for cryptocurrency communities. 

Even if this type of attack is new, Trend Micro recommends following standard security practices, such as not opening up attachments sent via email, making sure you don’t click on unknown links, and keeping software up still are basic security measures people can take to avoid malware and other security breaches. They added that the best advice is to secure your cryptocurrency wallets and recommended using strong, unique passwords, and commented, “For investors who are more interested in holding cryptocurrencies for the long term instead of actively trading them, the use of hardware-based/offline wallets may well be safer, if less convenient to add to or sell from.”

Top tips for keeping your cryptocurrency wallet secure

If you’re a newcomer to the crypto space it’s likely you’re excited about it, but at the same time worried about security because you have heard the stories about people losing fortunes just because they lost the password to their crypto wallet. On top of that, you may have searched for reliable information about keeping your wallet secure, but haven’t found it yet. It’s important that you carefully consider the pros and cons of how you ultimately decide to purchase, store and transact with your crypto. After all, if you lose your crypto it is gone forever!

How people lose their crypto

Here are some of the ways in which people have lost their cryptocurrency holdings:

Loss

• Human error

(e.g., you send your funds to the wrong wallet, you forget your password)

• Natural disaster

(e.g., your house burns down with your crypto wallet(s) stored inside it)

• Hardware malfunction/loss

(e.g., your computer hard drive holding your private keys is corrupted)

Theft

• Remote theft

(e.g., you fall victim to scams, an exchange hack, or a personal hack)

• Physical robbery

(e.g., your backpack or purse is stolen with your private keys in it)

• Government seizure

(e.g., law enforcement demands an exchange to freeze your account)

I hope none of these happen to you.

Types of wallets

A wallet is a computer programme that stores crypto. Depending on whether the wallet is connected to the internet, crypto wallets are classified as: “hot” (online) or “cold” (offline).

Hot wallets

Hot storage wallets exist on an internet-connected desktop, laptop, mobile phone or

web browser. These wallets are popular because they can be easily created and used

immediately. This means some safety is sacrificed and they are vulnerable to cyber attacks.

Cold wallets

Cold storage wallets exist on devices or physical media that are not connected to the

Internet. Often they are like a USB flash drive. They are safer than hot wallets because private keys are generated and stored offline where they can’t be accessed by cybercriminals, but they can be stolen from you through a physical robbery. The downside is that funds in a cold wallet aren’t as available for spending as those in a hot wallet. The most reliable exchanges, such as Kraken, Coinbase and Binance use both hot and cold wallets so that some funds are always available for immediate use (in hot wallets) to facilitate day-to-day transactions, while the majority are stored offline for safekeeping (cold wallets). When storing your crypto, you should take your own personal financial situation and risk tolerance into account when you  are considering which one of the following storage strategies to use.

The small investor

If you have less than $10,000 in crypto, the best advice is to keep things simple and use a reputable exchange to store your crypto. Kraken, Coinbase and Binance are the big names, but your choice may depend on where you live.

The medium investor

With $10,000 – $200,000 in crypto, you should use a hardware wallet and place a backup copy in a safety deposit box.

The large investor

If you have over $200,000 in crypto, it is recommended you need a trusted custodian, multi signature wallet technology and/or full nodes. Consulting with a professional about this is recommended.

How Do Wallets Work?

Crypto wallets function is a similar way to traditional bank accounts, in that both an “account

number” and “password” are required to access the funds held in the wallet. When you

creates a wallet, you generate a unique cryptographic key pair – one public and one private –

which allows you to send or receive crypto. The public key is like your bank account number, and the private key acts in a similar way to your banking password. Here is an example of how a wallet operates for a transaction:

Example of a Bitcoin Transaction

1. Alice owes Bob 0.02 bitcoin

2. Bob sends Alice his public wallet address to receive payment

3. Alice uses her own private key to send 0.02 bitcoin associated with one of her wallets

to Bob’s public wallet address

4. The 0.02 bitcoin sent by Alice is received in Bob’s wallet.

And that’s how easy it is.

A last word of advice

Don’t store your assets in desktop wallets, ‘brain’ wallets (i.e., memorized private key), or web wallets (i.e., private key held on a website) as these wallets offer low security. If you are going to buy a hardware or software wallet, buy it from a reputable authorized retailer and not from second-hand stores, such as eBay.

Finally, every crypto owner must have a plan for their crypto when

they pass away. If no plan is put in place, your crypto assets will die along with you.

It’s essential that every crypto owner includes their crypto asset holdings in

their will and teaches one or more trusted individuals (i.e. family members) how to access

their crypto funds in the case of severe injury or death.

CBDCs: Is privacy important to the people?

According to a public consultation on the possibility of a digital euro conducted by the European Central Bank (ECB), the responses of over 8,000 individuals and businesses suggested that privacy was the number one concern for 43% of them, when talking about the issuance of a central bank digital currency.

Fabio Panetta, an ECB board member, declared that the digital euro could meet those requirements without relaxing security standards. The survey also revealed that 18% wanted any CBDC to provide secure payments, while 11% focused on cross-border payments within the European Union. Panetta said, “As I have already mentioned, privacy emerges as the most important feature of a digital euro. Protecting users’ personal data and ensuring a high level of confidentiality will therefore be a priority in our work.”

Cointelegraph reports that the ECB has been exploring privacy enhancing techniques, even before the concept of a digital euro emerged and its research indicated “that a digital system could still be monitored for illicit activity, while still allowing for transparency and privacy.”

A decentralized CBDC is preferable, but unlikely

However, while the ECB may be working on privacy for its CBDC, Anne Fauvre-Willis, chief operating officer at Oasis Labs, thinks that even though the EU has supported the concept of consumer privacy in the past, “that won’t count for much if the digital euro is issued on a centralized system.”

She asked, “Instead of enabling this via a centralized bank, why not empower a decentralized protocol to do this instead?” The obvious answer would be to use the Ethereum blockchain for a digital Euro, so that it would have the same level of decentralization and autonomy as ETH. But if she is right, it appears there is little chance of a central bank allowing all control of its money to be decentralized.

The public will vote for ‘Ease’ over privacy

However she points out that the public’s behaviour may simply go for whatever is easiest, rather than worry about privacy. “In regards to people adopting the digital euro, unfortunately I think ease will win over privacy alone,” said Fauvre-Willis. She added, “Privacy is a feature but it’s not enough to drive people on its own to change their behaviour. Instead for those of us who really believe in privacy we have to simultaneously strive to make compelling and life changing products and as we do we need to put privacy at the centre of what we make.”

Currently, the ECB is still in its research stages regarding a digital Euro, with a final decision expected some time during summer 2021. The region is somewhat behind others in the CBDC race, and need to pick up their pace if it is to compete with other nations’ digital versions of the national currency.

Making the case for CBDCs

Crypto purists probably balk at the idea of a Central Bank Digital Currency, if only because it flies in the face of cryptocurrency’s ‘raison d’être’. As Kraken’s CBDC report says, “While the concept of CBDCs was

inspired by cryptocurrencies like bitcoin, the ethos of CBDCs show a stark contrast from the ethos of cryptocurrencies in that they are issued by the state as a centralized form of digital money.”

The growing popularity of bitcoin, as well as Facebook’s proposed venture into digital assets with Dien, spurred governments to consider creating a digital version of their sovereign currency. While most countries are still at the research phase, a few, such as China, are already piloting CBDC programmes. Whilst this may be a slow process, it looks as if the global rise of CBDCs has begun.

How can a CBDC benefit a country?

According to the BIS’s quarterly report,3 retail CBDCs may help overcome the limitations of national payment systems and act as a convenient and affordable payment method of transferring funds across accounts held at different Payment Service Providers (PSPs) while reducing the costs and inefficiencies associated with low interoperability. Another use case is in areas where access to cash is limited, and a CBDC would guarantee access to central bank money.

Why CBDCs are gaining popularity now

The COVID-19 outbreak hat started in early 2020 prompted governments and central banks around the world to start directing their attention to CBDCs as the advantages of having a digital currency that is easily accessible and distributable became apparent. Latin America is one region where cashless methods of payment quickly became popular and it noted a fast decline in cash withdrawals following the emergence of the pandemic, alongside an expansion of mobile, phone and internet banking use.

What else are CBDCs good for?

Mass adoption of CBDCs would greatly assist governments and make it far easier for them to track transactions; something they can’t do with fiat money in cash form. This would allow them to have real-time updates about economic activity. It would also allow payment systems to operate more efficiently by offering almost instant settlements at lower costs than present. Both of these have a significant appeal for central banks. The one factor that has less appeal is the possibility that hackers would find it too easy to attack digital wallets, so security is a big issue to be resolved.

Taking all these things into account, it is likely we will see more regulatory discussions around CBDCs, digital wallets and blockchain. Merchants and business too will have to adapt their payment systems to facilitate digital currency transactions.

Every day we are seeing announcements from the different regions of the world as individual countries make their move on CBDCs. Chinese internet, fintech and e-commerce giants are leading the digital yuan vanguard and the Bank of England indicates it is moving ahead with one by posting job ads for seven positions ranging from solution architect to senior manager. South Korea will pilot a CBDC later this year, and the European Central Bank is pursuing the idea of a digital Euro.

But, one thing all central banks will have to over come is there aversion to decentralization, because for CBDCs to succeed, they need to grasp “ the most revolutionary aspect put forth by cryptocurrencies and blockchain tech as a whole,” which is decentralization. Public trust in centralized control of the banks has been eroded, so centralized CBDCs are unlikely to have mass appeal.

As, Sky Guo wrote in Cointelegraph last month: “It stands to reason that there truly does exist a real window of opportunity for the creation of digital currencies that are decentralized in their governance and overall scope of utilization, “ adding “Another point to consider is that centralized blockchains are still relatively slow, thus the use of decentralized solutions, such as distributed ledger technology, stands to make CBDC transactions much faster and far more streamlined.”

It is perhaps too early to make an exact call on the future of CBDCs, but there will be a future for them, and that’s all we need to know right now.