Blog Post: Don’t Let Phishers Destroy Trust in Your Cryptocurrency Wallet Service


Author: John Kirch, Chief Evangelist of Sentinel Protocol

Contrary to popular belief, cryptocurrency wallets do not store any currency as traditional pocket wallets do. Cryptocurrencies, in fact, are not stored in any one physical location, nor do they exist anywhere in the physical form. Only transaction records exist on the blockchain.

A crypto wallet is a software program, or a piece of hardware, that 1) stores your public and private keys, and 2) enables you to interact with the blockchain in order to monitor your balance as well as send and receive digital currencies.

Are Digital Wallets Safe to Use?

While exchanges get hacked the most, people usually store their cryptocurrencies in digital wallets for extra security. However, wallets do provide a false sense of security. Users can still lose money from their wallets due to phishing scams. The level of security in a crypto wallet depends on what kind of wallet it is.

Types of wallets:

● Paper

● Desktop

● Online

● Mobile

● Hardware

All these wallets typically fall under one of the two categories: cold wallets and hot wallets . Cold wallets are more secure, but less convenient to use. These include paper wallets and hardware wallets. Hot wallets, on the other hand, are more convenient and easier to use, but are less secure since they can be connected to the Internet where most of the danger is. Hot wallets include software and mobile wallets, or any wallet that needs to be connected to the Internet in order to function. For example, if users need to access a web-based wallet, phishers can mimic the URL of online wallets to steal private keys from unsuspecting users.

Trust is Fragile

All it takes is one phishing scam. Let’s say one user loses money using a particular wallet. Especially if it’s a lot of money, the user will report the loss to the authorities, post his story on Reddit, complain on social media, and warn others within crypto communities to not use that wallet again. Unfortunately, trust in your wallet service gets destroyed. Here are two recent examples:

1. MyEtherWallet targeted by phishers

A sophisticated attack on web-based wallets to drain the user’s crypto assets by mimicking the interface and stealing users’ credentials. Once the user decrypts their wallet, phishers may automate fund transfers out of their victims’ wallets into their own. MEW users have been urged to exercise caution when visiting the MEW website by paying close attention to the URL’s spelling, or even better, typing in the domain name themselves.

2. Hacker steals $1 million in Electrum wallet phishing attack

A hacker created a fake version of the desktop-based Electrum wallet to fool users into providing password information. Normally, the wallet asks for 2-factor authentication codes when users send their currencies. In this case, the hacker set up the wallet to request 2-factor authentication codes during login. Once users provided their codes or passwords at login, the hacker emptied their wallets.

Defensive Tactics Used by Trusted Wallet Services

It is bad business for wallet services to not immediately address a security breach and assist users in protecting their cryptocurrency assets. MyEtherWallet took immediate action after a major security breach and wallet services can model the steps MEW has taken to mitigate further losses. MEW used the tactic of making a bunch of warnings to users about making sure they’re using the right URL, being cautious about sending to the correct address, among other precautions.

MEW also included a red banner at the top (at time of writing, the banner is still there):

Additionally, MEW created a comprehensive knowledge base to help users detect and report phishers.

However, hackers, scammers, and phishers are constantly refining their tactics, with each attach becoming more sophisticated than the last. Wallet services can also take advantage of a crowdsourced threat intelligence database (TRDB) and the Interactive Cooperation Framework (ICF) API to warn their users of the latest phishing tactics.

The TRDB, ICF API, and Transaction Tracking System

The TRDB is the backbone of Sentinel Protocol and its main task is to collect crowdsourced data about the latest threats, attack vectors, and phishing incidents. Since the database is based on the blockchain, all wallet services and exchanges can access the data in real time. The speed and ease in which wallet services can access the TRDB would help defend against the latest threats and stop ongoing attacks before they do any major damage.

Another product from Sentinel Protocol, the ICF API, is designed to be integrated with financial software applications, including wallet and payment services, to provide a proactive defense against malicious activity. The ICF API queries the TRDB to verify the authenticity of a wallet address, URL, or domain before allowing the transaction to proceed. The TRDB sends a response within milliseconds, either allowing or blocking the transaction.

Wallet services, exchanges, and other financial institutions partnering with Sentinel Protocol can also use the Crypto Transaction Tracking System to track any funds traversing through the crypto space, including stolen funds. This tool includes flow visualization and a proprietary algorithm that uses the TRDB to flag crypto addresses engaged in malicious behavior.

Still, it falls upon users to take responsibility for the security of their own cryptocurrency assets.

Users Need to Empower Themselves

Even with wallet services beefing up their security and the proactive countermeasures using the TRDB and the ICF API, users need to periodically update their security awareness of constantly evolving phishing tactics and to deploy their own countermeasures. They can learn such countermeasures in a Medium post written by MyEtherWallet.

Additionally, users can use the UPPward browser extensions for detecting and reporting suspicious URLs and phishing attempts. Available for Chrome and Firefox browsers, these extensions warn users anytime they visit a fake URL such as a fake MyEtherWallet website.

Even now, a brand-new feature has been included in these UPPward extensions: The Twitter Filter, which uses the Twitter Crawler System to collect indicators of malicious activity on Twitter using pattern-matching algorithms. Using this new feature, phishing links would be blacklisted within an hour, which is as close to real-time as it gets.


While digital wallets are safer to use, services that provide hot wallets to users could strengthen the trust of their user base by being proactive in protecting their crypto assets from phishing scams.

Not only could wallet services leverage knowledge bases, warning alerts, and instructive content to help users secure their assets, they can also interface with the TRDB using the ICF API to stay up to date on the latest threats and phishing attack vectors.

Individual users could significantly benefit by taking greater responsibility for their own security by educating themselves on the latest phishing scams and hacking tactics, by utilizing crypto exchanges and wallets integrated with the ICF API, and by using the UPPward browser extensions ( to ensure that the transactions they are about to make are indeed safe.