• Home
  • /Learn
  • /Protecting Cryptocurrency Wallets or Hot Wallets From Cryware
background image


Protecting Cryptocurrency Wallets or Hot Wallets From Cryware


Hackers have been targeting non-custodial bitcoin wallets using cryware, a form of malware containing a hollow shell. Cryware is a thief that steals data from non-custodial bitcoin wallets, also known as hot wallets. Hot wallets are on hackers' radar as they, unlike custodial wallets, are stored locally on a device, giving easy access to cryptographic keys required to execute transactions.  

Cryware represents a shift in the usage of cryptocurrencies in attacks. Before cryware, the role of cryptocurrencies in an attack varied depending on the attacker's overall aim. Some ransomware campaigns, for example, prefer cryptocurrencies as ransom. However, the target user must perform the transfer manually. Meanwhile, cryptojackers, a common type of cryptocurrency-related malware, attempt to mine cryptocurrencies on their own. This method is highly reliant on the target device's resources and skills.   

Blockchain transactions are permanent

Using hot wallet data, hackers can quickly move the target's cryptocurrency into their wallets using cryware. Users cannot reverse the effect since blockchain transactions are permanent. In addition, there are currently no established methods for changing or protecting fraudulent cryptocurrency transactions, unlike credit cards and other financial transactions. 

How it works

Attackers may use regexes to discover valuable data, including private keys, seed phrases, and wallet addresses. Regexes follow patterns of words or characters. Cryware then automates the process by implementing these patterns. The attack types and strategies to obtain wallet information include clipping and switching, memory dumps, phishing, and scams. 

Awareness of techniques and preparedness to meet challenges with security solutions such as Microsoft Defender Antivirus, which detects and blocks cryware and other harmful files, have become imperative.

Attack surfaces targeting hot wallets 

With the introduction and growth of cryptocurrency, existing threats have evolved to target cryptocurrency tokens. Among the current threats leveraging cryptocurrency are: 

  • Cryptojackers:

    Cryptojackers are malicious software that accesses and uses device resources to its advantage without the target's consent. These threats have emerged and thrived with cryptocurrencies.  

  • Ransomware:

    Ransomware attackers often demand payments in cryptocurrency. The reason is simple: it provides anonymity, reducing the risk of identification.  

  • Password and information thieves:

    A growing number of information thieves find and steal hot wallet data in addition to sign-in credentials, system information, and keystrokes. 

  • ClipBanker trojans:

    The Clipboard Stealer tries to collect the user's clipboard and copies sensitive data such as banking information. In addition, cryptocurrency addresses are now being scanned by ClipBanker trojans. 


Protecting your assets against cryware 

Cryptocurrency trading can be exciting and profitable, but users and businesses need to stay vigilant because of the diverse attack surfaces. Security solutions should incorporate machine learning-based protection and several levels of dynamic protection.

Here are some preventative measures: 

  • Lock your hot wallet when you are not actively trading. There is usually a feature in wallet software that prevents transactions from being initiated without the user's knowledge

  • Disconnect yourself from all wallet-related sites. With a hot wallet, users can disconnect their wallet from the website or app when they aren't actively transacting on the decentralized finance (DeFi) platform

  • Be cautious of links to wallet websites and apps: Phishing websites frequently go to great lengths to appear legitimate.

  • When clicking links in emails and messaging apps, consider manually typing or searching for the website, and make sure their domains are accurately written to avoid phishing sites that use typo squatting and sound squatting

  • Check hot wallet transactions and approvals twice; check that the contract that requires permission is the one that was initiated

  • Never share private keys and seed phrases. These forms of sensitive information will never be required by a third party or even the wallet app creators 


Taking preventative measures to protect yourself from threats like cryware is essential in the cryptocurrency world. Stay vigilant and be prepared to implement security solutions to keep your assets safe.