1. Phishing

In this type of attack, the attacker tries to deceive the targeted user with various imitation methods. These imitation types might involve a fake e-mail account or web site. Via this method, data of the targeted user is stolen and serious harm is done. Such imitations generally occur via imitation of well-known and confiding companies. For instance, the attacker might imitate the e-mail address of a bank or exchange and redirect you to a fake web site. When you enter the fake web site, the ‘user name’ and ‘password’ information you will type to access your account will be directly captured by the attacker. In such fake web sites, the web site name might also be very similar with the original one. Let’s say the name of the web site you will enter is “www.ethereum.com.” The attacker might open a web site with a similar name such as “www.etheryum.com”, use your negligence in her/his favor and steal your data. You should also be careful about such web sites while searching in search engines such as Google. Because the attackers might advertise in Google and be priorly shown above the original web site in the Google search results.

2. Scareware

This method is actually similar to phishing, but it is typically different. The attacker aims to deceive the targeted user through fake e-mail account or web site but uses fear and panic.

In such fake e-mails and web sites, it is generally aimed to cause panic and redirect the selected person(s) to the fake addresses created by the attacker via texts such as “YOUR ACCOUNT IS IN DANGER !!!!”. The data that you will provide in the addresses you navigate without checking, which are almost the same with the original web site, will be captured by the attacker. It should be noted that none of the exchanges or digital wallet web sites will send you e-mails requesting your password or private data.

3. Baiting

This method triggers the user’s instinct of earning easy money. The attacker promises various campaigns and prizes to the targeted user. When the user clicks on this link, she/he might be directly exposed to the harmful software and these links might redirect the user to fake web sites. Redirected web site requests user data to give the prize or include you in the campaign. When the data is entered, the attacker achieves her/his goal.

In Which Platforms Can We Encounter Such Attacks?

We can say that the most widely used application stores are “Google Play” and “App Store.” Although these stores perform various controls on the applications they publish, some of the fraud applications can still pass muster.

1. Exchange Applications

Fake exchange applications are the applications designed in a similar way with the exchange web sites to deceive the exchange users. When you try to access your account through these applications, your data is stolen and your account security is lost.

• It is harder to understand if the application is a fake one while using it. Instead of this, checking the score of the application and reading the user comments before downloading will help. A fake application will have a low score and negative comments. However, the score and the comments can still be manipulated. Therefore, in order to make sure that the application is not a fake one, do not forget to check which company developed the application and whether the contact information redirects you to the exchange.
• In some cases, the attackers can publish apps before the exchange does. Therefore, the best way is to check through the web site whether the exchange you use has an application. If the exchange has an application, the web site should include an information and a link. If you cannot see such a link but see that the exchange has an application, you should contact your exchange and obtain information.

2. Wallet Applications

Similar to the fake exchange applications, there are also fake the wallet service applications used to store the cryptocurrency. You might be exposed to various attacks through these applications.

• As in all wallet applications, when you want to create a new wallet in one of these applications, you get a special key (for account access) and a general key (IBAN or similar). However, since it is a fake application, provided keys will also be fake ones. This means, there might be no wallets created at all. Therefore, the cryptocurrency you transfer to the fake wallet will be directly sent to the attacker’s account.
• And some of the wallet applications create a real wallet and provide you with a real general key. This way, you can check your wallet in the internet. However, these applications provide you with a fake private key and hold the control of the wallet. Therefore, the cryptocurrency you will send to the wallet will be under the attacker’s control.
• To avoid such applications, all measures mentioned in “Exchange Applications” section can be used.
• In addition to these measures, you need to check whether the wallet application you use provides you with real keys. You can check your general key from www.etherscan.io or www.blockchain.com. For checking your private key, you need to log in to your wallet through the wallet service you use.

3. Mining Applications and Cryptojacking

The attackers, who would like to earn money via cryptocurrency mining, aim to obtain the processor power they need through your computer or mobile phone. This way, your device runs the applications in the background without your notice and serves for attacker’s mining operations.

• This type of attack is called cryptojacking and can reach you via any application downloaded to your device. The application is not necessarily related to cryptocurrency. Any application can lead to such attack.
• Among the applications, there are services that indeed allow you to mine with the processor power of your computer or your mobile phone. However, the attackers might imitate such applications. When you use the imitated application, although you can see your mining income on your screen, this income is under the control of the attacker, not yours.
• Therefore, it is important that you review the applications you will download to your mobile phone or computer as specified in the “Exchange Applications” section.
• Apart from these measures, applications carrying out cryptojacking attacks generally cause your device to overrun and heats your device. For this reason, if your device experiences constant heating or decreased battery life after downloading an application, you might be under a cryptojacking attack.
• But some of the applications take measures against this and run in low power. Therefore, they continue to mine for the attacker in the background and no heating problem occurs. For that reason, for preventing cryptojacking attacks, the security process you need to follow while downloading applications is of higher importance.

4. Address Change

Since cryptocurrency transfers cannot be withdrawn, they are risky. Therefore, you need to make sure that your cryptocurrency is not transferred to a wrong address.

In addition to the fake applications mentioned above, certain software can change the receiver address while transferring the cryptocurrency. For this reason, for eliminating the typing errors and possibility of having a device infected with such harmful software while transferring cryptocurrency, it is recommended to check the receiver address at every stage and at least twice.

5. SMS and 2FA Attacks

In general, exchanges use SMS and 2FA features for security of your account and make it difficult for others to capture your account. However, there are certain points to pay attention while using these methods.

• If you are using the SMS feature, you need to pay great attention not to share your phone number on the internet. Attackers can reach your phone number through various ways. Especially the attacks we review under “Popular Attack Types” title are the ideal ways used by the attackers to capture your phone number or e-mail address.
• When the attackers have your phone number, they can access the verification code to be sent by the exchange before you. They can even position in between exchange and the user and send you a fake verification code. In this case, the login codes you use to access to your bank account can also be at risk.
• Since the phone number is shared with everyone for communication, it is hard to protect it. Therefore, 2FA method is more secure. You can access your account by using the 2FA applications recommended by the exchange and having a valid short-term password when you want to login to the exchange.
• Although the passwords obtained with 2FA method are more secure, do not share the passwords you obtained through this application with anyone. These codes are specific to you. If you share them with others and attackers capture them, your 2FA service could also be hacked.
• Especially in certain exchanges, in order to create an account, you need to have a phone number from that country; there are people who rent phone numbers for creating crypto exchange account from SMS renting services and go beyond this. Never use the phone number you got from the web sites providing SMS service to create account in crypto exchanges.

6. Wifi Dangers

Although the free wifi services provided in public places such as airport, restaurant, coffee shop are very useful, they pose many risks. Using these networks, attackers can obtain your data through various ways. Therefore, it is recommended not to login to any account while being connected to these networks.

• Since the number of users connected to the public wifi networks is high, they have the ideal environment for the attackers. For this reason, when you connect to these networks, you can become a direct target to malicious persons and software.
• By creating a bridge between the modem providing the wifi network and your device, the attacker can monitor your data flow, direct you to fake web sites and steal your data.
• Besides, the attackers can directly route you to their own wifi networks. For doing this, they imitate the name of the wifi network in your region. Let’s assume you are in a coffee shop. And let’s say the name of the wifi network in this shop is ‘AA coffee shop.’ For deceiving you, the attacker can create a new wifi network and name it as ‘AA cafe shop.’ When you connect to the network created by the attacker, the attacker takes the whole control.
• Due to such dangers, it is better not to access the web sites which pose a serious potential of financial harm, such as bank account, cryptocurrency exchange, wallet platforms, through wifi.
• Such free networks are generally password-free. This way, your device can automatically connect to these networks against your will. Therefore, you should disable the feature of automatic connection to password-free networks on your device. In this way, your device will not be able to connect to a wifi network against your will.
• If you do not use the file sharing features such as airdrop and wifi feature, keep them closed.
• Logout from the unused web sites and close them. For example, if you are not using Gmail, log out from your account and close the tab.
• By avoiding logging in to your exchange and bank accounts except for the emergency cases, you can minimize the risk level in such public networks.

We reviewed the types of attacks and the possible environments where we can encounter these attacks under 6 items. In general, to protect from such attacks and risks, it is recommended that you use a separate e-mail address for each exchange and each of your wallet accounts. If you create e-mail addresses specifically for each account and do not use them anywhere else, you will not receive e-mails from undesired addresses and have a straightforward, reliable communication. For this reason, you should not sign up to forums, social media networks etc. with the e-mail you signed up to exchange or wallet web sites. Having unique passwords for these web sites will also increase your security level.

After providing a general information regarding the dangers and measures, we will detail these processes separately for exchanges and wallets.

EXCHANGES

Cryptocurrency exchanges are the places where the majority of the cryptocurrency in cryptocurrency economy is collected. We can describe these companies as a sort of junction point. If you are making any transactions related to cryptocurrency, you will contact with the exchange directly or indirectly. For this reason, it will be advantageous to review the points that you need to pay attention while using the exchanges.

• While selecting the exchange you will use, it is necessary to pay attention to the security measures. Reliable exchanges provide more than one security service for you to login to your account, a separate password is requested for your withdraw requests. They do not allow you to connect your account with more than 1 e-mail address.
• Apart from these, they allow you to make a secure address list. No cryptocurrency is transferred to the addresses other than the ones you write to the list.
• We see that the exchanges with high transaction volume generally have more strict measures. For this reason, if an exchange has high volume, it is a positive feature. However, some of the exchanges can create an artificial volume with various methods. Therefore, it will be beneficial for you to search whether the exchange’s volume is real. For doing this, you can use the web sites such as https://www.bti.live/exchanges/.
• The amount you deposit to the exchange is in the wallet and control of the exchange until you withdraw. Therefore, as a measure to avoid a possible hacking, reliable exchanges store the majority of their capital in cold wallets. The exchanges storing the majority of their capital in hot wallets are more open to hacks and can face various risks. For this reason, the exchanges storing the majority of their capital in cold wallets should be preferred.
• If you have high amounts of cryptocurrency, it will be the most secure choice to distribute your money among the exchanges you trust. No matter how high the security measures of the exchange you use are, for reducing your risk, it is recommended to carry out your transactions in more than one exchange instead of trusting only one of them. In this way, you are placing your eggs in different crates.

Finally, the legal regulations covering the cryptocurrency exchanges are developing day by day and becoming more secure. However, in case of any aggrievement and loss of right in international cryptocurrency exchanges, you may still not be able to claim your rights by applying to the court. Since exchanges do not offer any insurance service, in case of possible aggrievements, you are the sole responsible. Because of all these reasons, it is recommended to select the exchange you use taking the above-mentioned matters into account.

WALLETS

There are two types of wallets: online and offline (cold) wallets. The wallets that are directly connected or were previously connected to the web are called online wallets. These wallets can be created through a web site or mobile application, and your hardware wallets, which you connect to the web, also become online wallets.

Offline wallets are not connected to web and work with a multiple verification system. Offline wallets offer a higher security service comparing to the online wallets.

The wallets generally have 2 keys. One of them is a secret key special for you and allow you to login to your account. And the other one is the general key. The general key act as IBAN and allows you to share your wallet address with others.

Since they provide high security, offline wallets cost more. Cold wallets of the exchanges are an example of offline wallets. For transferring money from these wallets to another wallet, multiple verification is required. Let’s review a wallet requiring 2 verifications as an example. One of these verifications is required to be performed through a computer which has not connected to the internet before. The user takes the verification from the wallet application installed on this computer and transfers it via USB to a second computer with internet connection. Then the required second verification can be performed in the online environment. After getting 2 verifications, it is possible to perform the transfer from this wallet to another wallet. This way, even if the attacker hacks the computer connected to the internet and captures the wallet information, she/he cannot access the balance in the wallet. To steal the balance in the wallet, the attacker also needs the verification on the other computer, which is not connected to the internet.

Similarly the hardware wallets and the paper wallets, where the wallet information is printed on the paper and kept in physical environment, have an offline characteristic until connecting to the internet.

After above information, we can continue with the possible dangers and measures.

• First of all, the principle of not placing all the eggs in the same crate is valid for the wallets as well. To experience minimum impact of the problems originating from the wallet service you use, it is recommended that you distribute your cryptocurrency among wallets.
• Wallets support certain cryptocurrencies. Not all wallets support each cryptocurrency. Therefore, you should definitely search which coins are supported by the wallet you will use.
• It is recommended that you keep the secret key provided to you when you create your wallet in different locations. For the security of your wallet, without this key, you are not allowed to access your wallet. For this reason, it is extremely risky to keep the key information in a single place. In case the device, in which you keep your secret key, breaks down and you lose your key, you cannot access your cryptocurrency again.
• In addition to the key, there are words placed in specific orders. These words also act as password to provide security of your wallet in an emergency case. If you note these words and their order, you can decrease the risk of not being able to access your wallet.
• Never use second hand hardware wallets. These wallets should only belong to the first user. Otherwise, even if you do not make any mistake, your wallet might be accessed by the previous owner or due to the security gap caused by this person. Therefore, second hand wallets have an extremely low security.
• The dealers in web sites such as Amazon sell the hardware wallets as original or second hand. For this reason, while purchasing your hardware wallet, make sure that you are using only the web site of the wallet or the official distributors instead of other dealers.
• Access your wallet only when it is necessary. Extending the active time of your wallet increases your risk. For example, if you are waiting for a transfer to your wallet, you can check the balance of your wallet using the general address of your wallet through www.etherscan.io or www.blockchain.com addresses. This way, you will not need to activate your wallet.
• Search for the customer services scope of the wallet service you use. This way, you can reduce the possibility of being exposed to the types of attacks we mentioned at the beginning of our article. For example, if your wallet provider serves only via e-mail, the SMS sent with the name of your wallet provider is probably fake. This way, you will not encounter events of fraud or stolen data.

BV CRYPTO

Even if the investor, who would like to invest on cryptocurrencies, is experienced, she/he encounters many security risks. As mentioned above, as a result of several dangers and scenarios, many losses were experienced in the past and are being experienced now. And it is highly possible that these dangers diversify and develop. Besides the above technical dangers, the project/company preference of the investors is also very important. Because another danger is the fraud projects/companies. This type of danger poses a great risk especially for the inexperienced investors that are new in the market.

To determine the projects that are technologically advanced, reliable and have return potential among more than 5.000 cryptocurrencies, position properly against high volatility and minimize risks; a certain investment experience and research is required.

With the cooperation of Boğaziçi Ventures and Bosphorist Venture Capital, BV Crypto broke a new ground in our geography and was established to solve the problems experienced by the cryptocurrency investors with a “corporate” approach, and to offer different products to the crypto investors in different risk groups with “maximum security and optimum distribution” approach. For allowing the investors in different risk groups and with different return expectations to easily invest on cryptocurrencies, store these investments securely, position correctly against the varying market dynamics and earn optimum income in concordance with the risk group, BV Crypto offers 7 digital asset packages. In addition to above, BV Crypto allows its investors to instantly monitor their portfolios and monitor their performance in the selected periods with the BV Crypto application.

• BV TOP 30

The investment target is to provide maximum return with minimum risk within 12 months. Investment is made on the projects/companies selected by BV Crypto Investment Committee among the biggest 30 cryptocurrencies in terms of market size. To provide a balanced return, trade is carried out with 10% of the portfolio.

• BTC PLUS

Offers the service of constant return to the users, who would like to invest only on BTC for 3–12 months periods. Since it contains constant return, it is a fund with low risk ratio.

• BV CRYPTO AI

Aims to make transactions actively with the successful and secure algorithms developed by the international partners and BV Crypto in the multiple exchange environment of the crypto world and maximize the income. Comparing to other funds, it has a low risk ratio.

• BV SPOT

Aiming the maximum return, this fund focuses on the projects/companies specified by BV Crypto Investment Committee, which have relatively low market size.

• SINGLE LP BTC

The fund was established to store the Bitcoin investments of the users. As mentioned in our article, in this market having several dangers; with Single LP BTC, you can store your Bitcoin investments within BV Crypto with high security.

• SINGLE LP

The fund was established to store the crypto and digital assets of users, exclusive of Bitcoin. Your cryptocurrencies and digital assets are stored within BV Crypto with high security.

Besides the products it offers, its innovative approach and its application that allows monitoring; BV Crypto aims to keep its users and those that are interested in cryptocurrency up-to-date by preparing short-medium-long term analyzes and researches regarding the cryptocurrency market. In addition to above, by bringing together the people and organizations, which work/operate in blockchain and cryptocurrency and/or which are interested in these fields, with the events it organizes; BV Crypto aims to develop the cryptocurrency ecosystem in Turkey with these reliable and elucidative contents and meet-ups.