We’ve condensed the webinar Master the Basics of Crypto Cybersecurity | Free Tangem Educational Webinar into this blog post. In this article, you’ll learn the principles of cybersecurity, explore vulnerabilities in hardware wallets, understand risks associated with crypto wallets, and discuss how to stay safe in the crypto space.
About the host: Jacky Chemoula
I’m Jacky Chemoula, an IT and software architecture expert specializing in data security. I have extensive experience across strategic industries, including energy, telecommunications, supply chain, and defense.
I'm thrilled to have been invited by the Tangem team for a cybersecurity webinar on crypto wallets.
I have been involved in crypto for several years through the cybersecurity angle from my cyber defense work. For one year, I provided cybersecurity audits for final users like you and me to help secure crypto and protect user data.
My background includes studies at EPITA in Paris, Technion (Israel Institute of Technology), and Paris Alburn, making him well-qualified to guide users through the complex world of crypto security.
Let’s proceed with the types of cyber attacks crypto users face today.
Types of cyberattacks in the crypto space
There are four primary methods of cyber attacks in the crypto ecosystem:
Ransomware
Phishing
Supply chain attacks
Crypto investment scams
These attacks typically target individual users, while more sophisticated attacks involve session cookies, tokens, and cross-bridge attacks.
The presentation revealed that major cyber attack groups originate primarily from Russia, North Korea, and Iran. This connection between cybersecurity and geopolitics demonstrates how real-world events directly impact the digital security landscape.
From 2016 to 2020, centralized platforms were the primary targets for attackers. However, starting in 2021, the focus shifted dramatically to DeFi (Decentralized Finance) ecosystems. The financial impact has been substantial, with ransomware attacks alone reaching $1.1 billion in stolen funds during 2023.
Role of AI in crypto cyberattacks
The integration of artificial intelligence into cyber attacks has transformed the threat landscape. Here’s a detailed timeline of this evolution:
Pre-2018: AI was primarily used by defense industries to detect anomalies in information security systems.
2019-2020: AI tools became more accessible to attackers, enabling deepfakes, phishing videos, and audio scams.
2021-2022: A surge of automated, sophisticated attacks hit the crypto ecosystem, mainly targeting DeFi platforms with nearly perfect AI-generated phishing emails.
2023: A temporary slowdown occurred as DeFi platforms implemented security measures, but attackers adapted by developing "Ransomware as a Service" (RaaS).
2024: Attacks increased again, reaching approximately 300 incidents and $4 billion in stolen funds
We’ve witnessed several infamous crypto hacks, including Mt. Gox, Coincheck, and FTX. The causes varied from internal corruption to external attacks by groups like Lazarus.
One notable case was Poly Network's $611 million hack by "Mr. White Hat," who returned the funds after demonstrating the platform's security vulnerabilities.
Bybit's $1.5billion hack
The recent Bybit attack from February 21, 2025, remains one of the largest in blockchain history. Executed by North Korea's Lazarus Group, this sophisticated two-step attack compromised multi-signature wallets:
The hackers first infected the multi-signature smart contract behind the signing process.
When wallet owners signed transactions with their cold wallets, they unknowingly authorized transfers to the attackers' wallets.
This "blind signing" occurred because users couldn't see the transaction details on their wallet display.
This case highlighted vulnerabilities in trusted displays and smart contract interfaces—topics I’ll address further.
The principles of cybersecurity
There are five fundamental principles of cybersecurity. These principles ensure that every process and application deployed maintains high security:
Data confidentiality: Ensuring only strictly authorized persons can access information.
Data integrity: Making sure data is not corrupted.
Data availability: Guaranteeing you can access data whenever needed.
Data traceability: Having the ability to audit and analyze data.
Data authentication: Verifying that users have the appropriate level of access authorization.
When applied specifically to crypto wallets, these principles take on practical forms.
Confidentiality—we use systems with private keys and seed phrases;
Integrity—ensuring your digital asset transactions and keys remain unchanged;
Availability—creating reliable backup solutions;
Traceability—auditing and analyzing transactions often through block explorer functionalities;
Authentication— strong verification methods, including multi-factor authentication.
Crypto wallet types and their threat levels
A crypto wallet is an asymmetric cryptographic generator system. It means a crypto wallet generates private and public keys. That's all a crypto wallet should do. There are different types of wallets and their associated security risks:
Software Wallets (Hot Wallets):
Application wallets and decentralized exchange wallets
Web browser extension wallets
Desktop and smartphone wallets
Online wallets (centralized exchanges like Kraken, Coinbase, or Binance)
Hardware Wallets:
USB-based devices (Ledger and Trezor)
Smartcards and wearables (Tangem)
"I ask myself what a crypto wallet should do—it should just keep a private and public key, nothing else. The question is: Can the device be online? If it can be online, it's not cold."
This classification directly relates to security risk levels. Hot wallets carry the highest security risk, while cold wallets offer the lowest risk due to their complete isolation from the internet.
Hardware wallets are non-custodial (you own your private keys). Application wallets like decentralized exchanges are also non-custodial. Hot wallets on centralized exchanges are custodial—your keys are stored on their servers.
Common threats to software wallets include:
Key loggers: Attacks where hackers can read keyboard inputs to capture private data and passwords.
Clipboard hijacking: Attacks that compromise copy-paste functions, replacing copied addresses with hacker-controlled addresses.
Session and cookie hijacking: Sophisticated attacks that steal authentication tokens even after users complete multi-factor authentication.
Malware and ransomware: Malicious software that can compromise wallet security.
Smart contract compromise: Vulnerabilities in the code governing decentralized exchanges
Centralized exchanges' primary risks are platform hacks (like Mt. GOX) and human corruption (as with FTX).
Hardware wallets face different threats:
Supply chain attacks: Where hackers intercept devices between manufacturing and delivery to modify them.
Firmware injection: Malicious code inserted into the device software.
Connection vulnerabilities: Issues with Bluetooth, display, and USB interfaces.
Malware through PC injection: When connecting hardware wallets to infected computers.
Tangem cards are not vulnerable to supply chain attacks because, as simple cards, "there is nothing to change—you could just destroy the card if you wanted to do something.
Hardware wallet vulnerabilities
Hardware wallets can include several components that create potential vulnerabilities:
Battery: Batteries are a significant vulnerability source. With batteries, you can change the power—create a fault injection via voltage manipulation." This can leak private keys and create entry points for hackers. Since Tangem has no battery, it's not vulnerable to this attack vector.
Displays
Regarding displays and the concept of "trusted displays" on hardware wallets, the question isn't if the display is on the device but how the display connects to the hardware wallet—whether by a simple chipset or through real security cryptography.
We referenced recent hacks of famous wallets that began with display vulnerabilities, including the "blind signing" issue in the recent Bybit attack, where users signed transactions they couldn't properly see on their small screens.
The Tangem wallet uses your smartphone display instead, where all information is totally clear and detailed. You can see all smart contracts and transaction information in great detail.
Chipsets
These are secure microprocessors for managing private keys and displays. For the secure element—the chipset securing private keys—there have been examples of compromised chipsets in famous wallets. Displays require additional chipsets, creating more potential vulnerabilities. In cybersecurity, the fewer components your wallet has, the more secure it is. Adding a display chipset allows another potential firmware injection point.
Entry ports (USB, Bluetooth, camera for QR codes, NFC)
Input/output ports also present security risks. The more entry points you allow, the more vulnerable a wallet becomes. Wallets requiring updates through USB connections face particular risks, as demonstrated by attacks using malicious firmware updates.
In Tangem, the only communication avenue is NFC, used just in read mode. There's only one moment when NFC is in writable mode—when you create your three cards to copy your private key. After that, write access is closed, and only NFC reading remains.
Tangem Wallets have just one chipset and no batteries because they work through NFC, which passively gets energy through magnetic fields from your smartphone. Tangem’s secure element is certified as EAL6+ certification, a high-security level used in cyber defense areas, including military applications.
The Tangem Chipset
I discovered that the chipset was documented in France on the ANSSI side because there's a certificate from the French government explaining that the chipset Samsung S3D232A is certified by the French government.
This chipset achieved EAL6+ certification, allowing it to be used in high-security French industries. This is the kind of chipset used for passports, so it's really highly secured.
Also, the connection between the card and smartphone requires a distance of just 4cm, further enhancing security by limiting the range of potential attacks.
Risk assessment with crypto wallets
Here’s the typical transaction process using standard wallets, highlighting the risks involved at each step.
First, you connect to your wallet and authenticate, which carries very little risk, especially if you use two-factor authentication. However, the risk increases when your wallet connects to the internet.
The connection pathway introduces several vulnerability points:
Computer vulnerabilities (high risk)
Internet connection methods:
Cable connection (more secure)
Private WiFi (moderate risk)
Mobile data (4G/5G)
Public WiFi (extremely high risk)
I recommend never connecting to public WiFi. If you absolutely must use public WiFi, always use a VPN to encrypt your data, but this should be your last option.
After connecting to an exchange, the risk shifts to the exchange platform itself, which can be hacked, as demonstrated by several significant incidents in recent years. When done offline, the signature process presents lower risk, and the blockchain technology involves minimal risk due to its secure design.
Risk assessment with Tangem Wallet
Let’s go over the risk profile when using a Tangem Wallet.
With Tangem, you authenticate through your smartphone and connect directly to exchanges through it. This removes all the risks associated with your computer and reduces the number of potential attack vectors in the transaction process.
The internet connection risks remain the same (WiFi, mobile data, public WiFi), but the overall risk profile is much lower due to eliminating computer-related vulnerabilities.
Never use public WiFi for crypto transactions. This single decision can dramatically reduce your risk exposure.
Different types of attack vectors
When it comes to specific attack types, we can categorize them by their channels: communication, wallet, PC/smartphone, exchange, or network.
Phishing attacks
Phishing is one of the most common attacks you'll encounter. This communication-based hack redirects users to fake websites through deceptive links in emails, pictures, videos, or text messages. Once on these sites, users are prompted to enter sensitive data, which attackers then steal.
For example, you might receive an email claiming to be from your exchange, saying, "Verify your account now." The link looks legitimate but actually points to a fake site designed to capture your login credentials.
Brute-force attacks
These attacks involve repeated authentication attempts on a wallet until the correct PIN code is found. While complex and time-consuming, they can be effective against systems without attempt limitations.
The attacker might try thousands of PIN combinations on your wallet or exchange account, hoping to eventually guess correctly.
SIM swapping
This particular attack vector targets two-factor authentication systems that rely on SIM cards.
The hacker contacts your mobile provider, pretending to be you, claiming they need a new SIM card because yours was lost or damaged. After receiving the new card, they can intercept your authentication messages, bypassing your security measures.
Once it’s successful, all your two-factor authentication codes will be sent to the attacker's phone instead of yours, giving them access to your accounts.
Device-based attacks
Several attacks target your computers and smartphones directly:
Clipboard hijacking: Captures and alters data when you copy-paste information, such as changing a cryptocurrency address during a transaction.
Key logging: Records every keystroke on your keyboard, capturing passwords and private information.
Malicious firmware: Particularly affects updatable hardware wallets, where hackers can create fake updates containing malicious code.
Supply chain attack: Occurs when devices are intercepted between manufacturing and delivery, allowing attackers to modify them before they reach customers.
Network-based attacks
Attacks targeting the connection between you and the exchange include:
DDoS (Distributed Denial of Service): Overwhelms exchange traffic until it crashes, creating opportunities for deeper attacks.
Session cookie attacks: Steals authentication files created after you log in, allowing attackers to use your active session.
Man-in-the-Middle: This method positions attackers between you and the exchange, allowing them to read data transmitted over the network. Both the Poly Network and Coincheck hacks involved this method.
DNS spoofing: Frequently occurs on public WiFi, redirecting users to fake websites to steal login credentials.
How to protect your crypto from all attacks
Here’s practical advice for protecting against each type of attack:
Phishing protection: Never click on suspicious links, and verify website URLs through a Google search before visiting them.
Brute force attacks: Create strong, long passwords and store them securely in a password manager.
Enable login attempt limitations wherever possible. Most smartphones have already implemented this, blocking access after several incorrect attempts and increasing the waiting time between attempts.
The password manager eliminates the need to remember multiple complex passwords, allowing you to use unique, strong passwords for every service without the risk of forgetting them.
SIM swapping: Contact your mobile carrier to activate additional protection measures to counter SIM swapping, such as confidential keywords required for SIM card changes. If you suddenly lose mobile service, contact your provider immediately to check if someone has requested a new SIM card.
Clipboard attacks: Always check every character of a cryptocurrency address after pasting it and before signing a transaction. Don't just verify the first and last few characters.
Supply chain attack: Purchase wallets only from official manufacturers. Don't trust the security seal alone.
Keylogging: Use virtual keyboards—like those used by many banking apps—and regularly update your antivirus and anti-malware software. Also, regularly clear your browser cookies for session cookie security to ensure any new cookies are fresh and uninfected.
Exchange vulnerabilities: Research and choose exchanges that have undergone successful security audits.
Network-based attacks: Always use a VPN when on public WiFi. The VPN encrypts your network communication, making intercepted data useless to attackers.
DNS spoofing: Always verify the complete URL of websites you visit, looking for subtle letter changes that might indicate a fake site.
Smart contract: Never sign smart contracts you can't fully read and understand. Even if you're using a device with a small screen, ensure you've read all the information before signing.
Personal dangers: Stay anonymous online. Don't tell strangers that you have crypto or are involved in these activities. If a determined hacker targets you specifically, they may eventually succeed despite your precautions.
Human error remains the most statistically significant source of security breaches in cybersecurity. Let your crypto wallet handle security whenever possible. Use a seedless setup in Tangem.
FAQ: Cybersecurity in Crypto
1. How can I safely interact with DeFi smart contracts?
When using DeFi smart contracts, it's best to choose well-audited ones that have been active for a long time, as this often indicates security. Simpler smart contracts tend to be more secure. Users can check audits and contract creation dates on various blockchain platforms.
2. Can governments crack EAL6 security standards?
EAL6 is a high-level security certification used in Tangem devices and defense industries. It is highly secure, and there is no indication that governments or other entities can break it. Higher levels like EAL7-9 exist for specialized uses, but EAL6 is already a pretty strong standard.
3. What is the biggest cybersecurity mistake users make?
One of the most common mistakes is blind signing, which means confirming a transaction without fully understanding what it does. Users may unknowingly approve malicious transactions if a smart contract or wallet is compromised. It’s important always to verify transaction details carefully. Additionally, never trust unsolicited messages from strangers online.
4. How do social engineering attacks work, and how can I avoid them?
Social engineering attacks often involve impersonation, where attackers pretend to be representatives from banks, exchanges, or other trusted entities. With AI advancements, these scams have become more convincing. To protect yourself:
Verify the identity of the sender by using a different communication method.
If contacted by phone, hang up and call back using an official number.
If sent a link, search for reports on its legitimacy before clicking.
Use blockchain explorers to check addresses for known scams.
5. What happens if I lose my phone paired with my Tangem Wallet?
Losing a phone does not compromise the Tangem Wallet. Transactions require both the smartphone and the Tangem card (or ring). Users can simply pair their wallet with a new phone. Strong authentication layers, including Face ID and passcodes, provide additional security. Even if the phone is lost, the wallet remains secure unless an attacker can access all security factors.
6. Can Tangem wallets support multiple receiving addresses?
Currently, Tangem wallets provide one static address per token (e.g., one Bitcoin address per wallet). However, the option to have multiple receiving addresses is being developed. Users can check the Tangem roadmap at community.tangem.com/roadmap for updates.
7. What are the best security hygiene practices for everyday users?
To maintain strong security, follow these best practices:
Keep your devices and software updated.
Regularly clear cookies in your web browser.
Be cautious with browser extensions—many malware attacks come through them.
Use secure browsers like Mozilla Firefox to handle sensitive transactions.
Install strong antivirus software and avoid installing unnecessary browser extensions.
By following these guidelines, users can enhance their security and reduce the risk of cyber threats.
Wrapping up
Targeted attacks take time, making personal vigilance the last defense against cyber threats. Simple precautions like maintaining anonymity online can significantly enhance your security.
