The crypto industry is one of the most challenged digital environments because while it ensures security and decentralization, it is the target of illicit actions. Indeed, blockchains are not easy to hack due to encryption and a distributed ledger where records are interconnected. However, they’re not indestructible.
Since the beginning of Bitcoin, hackers have hit cryptocurrency only a few years after its deployment. For instance, Mt. Gox, a well-known and significant exchange, experienced hacking until 2014, when it also ceased operations. More than 750,000 BTC were stolen, and it has been found that the problem lies in the company’s hot wallet.
Other hacks happened through the years, with the latest being one of the most disastrous. The FTX collapse led to over $600 million worth of crypto stolen from people’s wallets. Of course, after this shock, investors are now more careful with exchanges, wallets, and devices.
But there’s another challenge arising for cryptocurrency: the Lazarus Group.
Table of Contents
The Lazarus Group is a threat to all crypto investors
The Lazarus Group is a team of individuals from North Korea who specialize in cybercrime. There isn’t much information about the organization yet, but the FBI has gathered clear evidence of the group’s links with attacks like the WannaCry ransomware that targeted healthcare and government institutions.
Experts believe the group has been active since 2010, during which it started “Operation Troy”, targeting South Korea with DDoS attacks. But they haven’t stopped here, and it’s supposed that the organization stole $12 million from Ecuador, $60 million from Taiwan, and so much more through the years.
In 2023, the Lazarus Group targeted exchanges and wallets, affecting millions of users. Considering how serious the situation is and the organization’s tactics, can regular users protect their portfolios?
What to do to protect your crypto assets
While you may not be able to secure your assets 100%, there are ways to minimize risks. First, you must choose hardware wallets instead of software ones, especially if you plan to invest for the long term. These wallets are not exposed to phishing or malware since they’re not internet-connected. At the same time, they ensure the private keys are offline and can’t be hacked.
You can hold as many cryptocurrencies as you like in the cold wallet. And since you can encrypt them with PIN protection and biometric logins, you increase the security level. Be wary that it’s essential to activate multiple-factor authentication on your devices and crypto exchanges because that one-time code generated on the spot can prevent numerous unpleasant situations from occurring.
But what’s most important in keeping you safe is avoiding scams. This is one of the most used ways for scammers to access people’s portfolios and wallets because they lure them with offers and giveaways. New users might be prone to getting scammed more quickly because adding more coins to a portfolio takes some time. What’s sure is that experienced investors know that no one will give you free bitcoins or other currencies, so avoid falling into these traps because they’re getting more sophisticated in time.
Other ways to minimize considerable losses
Short-term investors might not face the same difficulties because they’ll mainly sell crypto or withdraw it as soon as they make a considerable sum of money. This type of investor is only dealing with volatility concerns since the price of a digital coin can change daily.
However, long-term investors might be more vulnerable to these attacks because they’ve gathered a lot of money over the past few years. Therefore, if they’re the target of a hack, all the assets will disappear, along with the work behind the investment.
So, one way to counteract this risk is to open accounts on more wallets and exchanges to minimize the possibility of remaining without assets. Of course, this increases the workload in time, and all wallets must be checked regularly to ensure they’re in good condition. But if something happens, you’ll at least be left with one investment portfolio that can be further developed.
Moreover, diversifying your assets will protect you from both volatility and hacks. That’s because not all coins have the same value. So, when Bitcoin falls, the altcoins you’ve invested in will save the portfolio, but if you only have Bitcoin and Ethereum in your wallet, your portfolio can lose value quickly.
Investors turning to self-custody wallets
What’s interesting about the Lazarus Group is they use third-party tools to gain access to specific systems. These third-party companies are also connected with crypto exchanges and software, an aspect that contributed to the FTX collapse and previous hacks.
Many investors turned to self-custody crypto wallets because they store private keys corresponding to public ones. So, users have access to their funds whenever they want, given the DeFi implication.
There are many types of self-custody wallets, such as the following:
- Mobile wallets are compatible with most iOS and Android systems and are the most convenient.
- Smart contract wallets use the Ethereum blockchain with an accessible interface and are the best option.
- Hardware wallets are the most secure, and you only need a device similar to a drive to access funds.
- Desktop wallets are more complex to install and handle, but they’re also highly secure;
- Paper wallets are also a solution for those who don’t trust technology at all, and they imply you use physical paper for the keys;
Self-custody wallets are currently one of the best solutions for investors because they don’t rely on other companies to keep assets safe. However, they require more attention and care to maintain a certain security level for a portfolio.
Final considerations
The Lazarus Group is a North Korean-based cybercrime group that stole a considerable number of bitcoins over the years, worth millions of dollars. Recently, the FBI confirmed the group is more than an assumption and linked to previous attacks. While it doesn’t use sophisticated methods, the group constantly targets different institutions and users. Luckily, there are some simple steps to protect one’s assets from this powerful group.
