Suppose you're one of the increasing numbers of individuals interested in cryptocurrencies. In that case, you might find it interesting to hear that, according to the Federal Trade Commission, almost 7,000 people lost over $80 m between October and March, a 1,000% rise from a year earlier.
The problem is that there is no method for you to secure your accounts against theft. There are no promises in the realm of cryptocurrencies. The Federal Deposit Insurance Corporation, which insures against losses on your account, does not exist in the conventional banking industry. So you have no recourse if your property is stolen.
The Federal Trade Commission reports that between October and March 2021, over 7,000 consumers lost over $80 million, a 1,000% percent rise.
It is imperative to provide safe access to these crypto assets to avoid theft, which by the end of 2020, averaged over $10 million each day, or lockout of one's prospective riches.
But how can you guarantee that users can always access their accounts? That relies on how the accounts are configured, typically involving knowledge-based authentication (KBA) or passwords. Unfortunately, passwords aren't enough for protecting high-value accounts since they may be quickly compromised or stolen through phishing attempts.
Additionally, if you own a less-used crypto wallet, you risk forgetting your password and running into difficulties trying to retrieve it if there is a recovery method. Finally, the loss of memory (what was my favorite activity again? ), the accessibility of "personal" information online (you can locate my mother's maiden name online for a few bucks), and other issues affect KBA.
The frequency of cryptocurrency account takeovers is rising; it doesn't help that there aren't many pre-existing trust connections between the wallet provider or exchange and users and that practically all transactions are completed in a matter of minutes and are difficult to undo.
Sadly, these takeovers employ a strikingly similar tactic that has been used for years in traditional banking: attackers will first attempt to collect and then stuff credentials. Then, if that doesn't work—say let's a user secure their account with an SMS second factor—they'll try some of the more well-known methods for getting around SMS, like SIM swapping.
Even extremely secure tokens or specific authenticator software are susceptible to attacks from a hacker with a strong motivation—and with personal funds on the line, there is no drive shortage.
Additionally, due to the difficulty for users to establish their ownership of the account, users have to wait weeks or even months to recover access to their accounts due to the dramatic increase in bitcoin exchange users and the demand for robust cybersecurity.
Authentication techniques can be useful.
How then can this be resolved? Using standards-based user authentication, which is built into billions of devices globally and accessible to almost everyone using a contemporary browser, has been demonstrated to be resistant to account takeovers and phishing. In addition, the FIDO (Fast IDentity Online) authentication methods ensure that all crypto credentials are saved on a user's device, thwarting even the most sophisticated assaults.
