Crypto Exchanges Promote Use of YubiKey and Passkeys Amid Rise in Phishing Scams
Summary:
With phishing scams escalating, authorities urge crypto users bolster their account security. Reports by the UK's National Cyber Security Centre and blockchain security platform Scam Sniffer suggest a significant rise in such scams. To address this, cryptocurrency exchanges like Coinbase and Binance have started recommending usage of YubiKey and other specific devices for two-factor authentication (2FA). More recent technologies like “passkeys” are also becoming popular for enhanced security. However, it is crucial to note that while these devices protect against phishing attacks, they don't safeguard against cryptocurrency exchange hacks. For extreme safety, keeping funds on a hardware wallet is advised.
Online schemes known as phishing scams are becoming increasingly rampant, with scammers using various platforms like emails, text messages, and phone calls to trick the unsuspected victims into giving them their personal information. The National Cyber Security Centre, based in the UK, reports that since early 2024, 29 million such scams have been surfaced. Moreover, Scam Sniffer, a blockchain security platform, states that more than 324,000 crypto consumers became victims in 2023. The report, “2023 Wallet Drainers Report,” highlighted an alarming loss of roughly $295 million worth of digital assets to such scams in 2023. Consequently, seeing the rise in phishing scams, some cryptocurrency exchanges started advising their users to apply certain devices to keep their funds safe.
Jacob Klein, the director and head of trust and safety at Coinbase, says that Coinbase was an early adopter of offering YubiKey compatibility. Yubico had launched YubiKey devices in 2008, and some crypto exchanges started offering their use after the first noteworthy bull run in 2019. To Klein, YubiKey devices offer the highest security level of authentication. As per Klein, YubiKey devices act as a second-factor authentication (2FA), a form required by Coinbase.
Given the current state of phishing scams, users must ask themselves how they can prevent getting hacked, and YubiKey could be a plausible solution to ensure the safety of crypto assets. Binance, another cryptocurrency exchange, also introduced the use of YubiKey devices to its users in 2019. The chief security officer at Binance, Jimmy Su, suggests that the need for physical access to YubiKey makes it the most secure 2FA method and is comparatively less susceptible to phishing attacks than receiving a one-time-password code via SMS or email.
However, along with YubiKey devices, crypto exchanges have recently started supporting other potential solutions. For instance, Coinbase now offers a new form called "passkeys," a cryptographic technique linked to a user's device like their smartphone. Similarly, Gemini, another cryptocurrency exchange, also recently enabled support for passkeys.
Tom D'Eletto, the head of product at the crypto security platform Arculus, says that while software passkeys are a step towards securing users, a hardware-bound passkey, such as a USB dongle or an NFC-enabled card, ensures optimal security. Arculus has implemented its own FIDO2-certified keys that are like a metal credit card and offer users a familiar experience as using an ATM card.
However, it's crucial to understand that YubiKey and similar devices do not store a user's wallet or private key, suggests Shahar Madar, the vice president of security and trust products at Fireblocks. While such devices can shield users from phishing attacks, they cannot guarantee protection against a cryptocurrency exchange hack. Therefore, the users might want to consider keeping funds on a hardware wallet, which also recommended by Singapore authorities. But again, hardware wallets also come with their own risks. If the user misplaces their private keys, their crypto assets could be lost forever. On the contrary, Klein notes that, in such a scenario, a situation where the user loses their Yubikey, regaining access to their Coinbase accounts can be easily made possible.
Published At
4/5/2024 4:19:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.