Best Practices for Protecting Against Account Takeover Attacks

In January 2022, NFT God posted a Twitter thread describing an account takeover (ATO) attack. After compromising their machine, the attacker was able to not only steal their digital assets but also take over several accounts for use in phishing attacks.

Inside the Attack

The attack on NFT God began with an attempt to download Open Broadcaster Software (OBS), which is free, widely-used software for recording videos and streaming.  After Googling for OBS, they selected a sponsored link at the top for downloading the software.

However, this download link led to a phishing site rather than the true OBS site.  When launching the installer, nothing appeared to happen.  In the background, the malicious installer installed malware on the system.

Over the next several hours, NFT God discovered that multiple accounts were compromised by the attacker, including blockchain accounts, Twitter, and Substack.  In the end, NFT God lost NFTs and cryptocurrency, and they also had to spend several hours doing damage control, deleting scam messages, and warning people about phishing links sent from their accounts.

Avoiding Account Takeover (ATO) Attacks

NFT God suffered an account takeover attack that was made possible by a malicious download.  

Some security best practices that can help protect against these types of attacks in the future include the following:

• Validate Download Links: The malicious version of OBS was downloaded from a Sponsored Link on Google, which is not necessarily the requested site.  Validate the URL of a site before downloading anything from it.
• Use MFA: The attacker used malware installed on an infected computer to steal account credentials.  If a strong form of multi-factor authentication (MFA) was in place for these accounts, an attacker may not have been able to use the compromised credentials.
• Use a Cold Wallet: In the Twitter thread, NFT God mentioned accidentally setting up their Ledger as a hot wallet rather than a cold one.  Always store high-value crypto assets — cryptocurrency, NFTs, etc. — in a cold wallet.
• Install Endpoint Security: Antivirus and other endpoint security solutions are designed to identify and remediate malware infections like the one used in this attack.  Installing a reputable AV and keeping it up to date can help to protect against Account Takeover attacks.

Keeping Your Crypto Safe

ATO attacks like the one suffered by NFT God are only one of several potential threats to blockchain wallet security.  To learn more about how to secure your digital assets, check out our blog on the Top 10 Ways to Secure Your Crypto Wallet.