Phishing scams are on the rise, with criminals using various methods to deceive individuals and obtain their personal information. The National Cyber Security Centre in the UK has reported 29 million phishing scams since the start of 2024. Additionally, Scam Sniffer, a blockchain security platform, found that over 324,000 crypto users fell victim to phishing scams in 2023, resulting in a loss of around $295 million in digital assets.
To combat these scams, some cryptocurrency exchanges are advising users to incorporate specific devices to protect their funds. One such device is the YubiKey, which provides an extra layer of security. Coinbase, one of the first crypto exchanges to offer YubiKey compatibility, considers it the most secure form of authentication. Users must physically use their YubiKey device to access their account, making it difficult for hackers to gain unauthorized entry.
Binance, another cryptocurrency exchange, also introduced YubiKey devices to its users in 2019. This method of two-factor authentication is highly secure, as it requires physical access to the YubiKey, unlike one-time-password codes sent via SMS or email, which are more susceptible to phishing attacks.
While YubiKey devices are effective against phishing, crypto exchanges have introduced newer solutions. Coinbase, for instance, supports a form of multi-factor authentication (MFA) called “passkeys,” which uses cryptographic techniques linked to a user’s device, such as a smartphone. Gemini, another cryptocurrency exchange, has also recently released support for passkeys, which are more convenient than physical YubiKeys.
Although passkeys and YubiKeys are steps in the right direction, a hardware-bound passkey is considered the gold standard for security. Arculus, a crypto security platform, has implemented its own FIDO2-certified keys in the form of a metal credit card. This provides a familiar and secure authentication experience for users.
It’s important to note that while YubiKeys and similar devices protect against phishing attacks, they do not hold a user’s wallet or private key. They are solely used for authentication and authorization of transactions. Therefore, it is recommended to store funds on a hardware wallet for added security, as advised by Singapore authorities. However, hardware wallets come with their own challenges, such as the risk of losing private keys and potentially losing access to crypto funds.
In conclusion, incorporating security measures like YubiKeys and passkeys can help protect against phishing scams, but they cannot fully guard against cryptocurrency exchange hacks. Therefore, it is essential for users to consider additional security measures, such as hardware wallets, to safeguard their funds effectively.