What are zero-click attacks? Zero-click attacks allow bad actors to access your cryptocurrencies wi
What are zero-click attacks?
Zero-click attacks allow bad actors to access your cryptocurrencies without any input from you.
Imagine opening your crypto wallet one day and discovering that it’s all gone. You didn’t download any viruses or click on suspicious links. The funds just aren’t there. It’s possible you have fallen victim to a zero-click attack.
A zero-click attack is a digital threat that allows hackers to access your wallet without any interaction from you.
While having your wallet hacked without clicking anything sounds impossible, these threats are the latest to watch out for if you want to protect your crypto wallet.
How zero-click attacks work
Zero-click attacks are the latest in an endless variety of crypto wallet hacks.
Typically, hackers gain access to your wallet when you accidentally download malicious software or click on a suspicious link, also known as crypto phishing attacks.
However, a zero-click crypto attack executes code without any action required by you. This lack of interaction is what makes them so threatening.
Instead of relying on user error, zero-click attacks access your wallet through flaws in your device’s software, be it a PC or mobile phone.
Picture a burglar breaking your door not because you forgot to lock it but because they took advantage of a flaw in your door’s manufacturing. Zero-click attacks work similarly but in a virtual environment, often targeting mobile devices.
Did you know? Zero-click attacks aren’t exclusive to crypto. These software-threatening assaults have been around since the early 2000s, initially targeting messaging apps and email clients. Now, they’re how wallets get hacked.
How hackers target wallets with a zero-click attack
Zero-click malware targets you through programming weaknesses.
Here are some common ways zero-click attacks can target you.
Software weaknesses
If your Android phone receives an update with a specific security flaw, a bad actor can exploit that vulnerability by simply texting you a particular set of words. Once you receive the text, it may activate that flaw and give the hacker complete control. From there, they’ll commit a wallet security breach.
Similarly, hackers can target iOS devices through everyday apps like iMessage or Airdrop. In April 2024, Trust Wallet shared “credible intel” of a zero-click attack on iOS devices. The group recommended users with a crypto wallet installed disable iMessage to protect themselves until Apple produces an update.
While Trust Wallet classified this issue as a zero-day exploit, the company acknowledged that the attack could take over devices without user input, making it a clear example of a zero-click attack.
Network weaknesses
Targeted attacks can breach your wallet software through proximity if you’re connected to a public wi-fi network, like at a coffee shop. The same applies to open Bluetooth connections.
Here’s how it works: open networks transmit your unencrypted data between devices. Hackers can intercept those packets and send malware through them, targeting any devices with a specific software vulnerability.
Any connection to your device — be it wi-fi, Bluetooth, or some other one — is a potential opportunity for a zero-click attack. That’s what makes these attacks so alarming. They can come out of nowhere. One day, a bad actor finds a way to take advantage of your device and exploits it.
Decentralized application (DApp) weaknesses
Most crypto wallets interact with Web3 apps, also known as DApps. Notably, the barrier to entry for creating a DApp is relatively low, but security measures can vary greatly.
Even if you’re using a trusted Web3 service, its code can be vulnerable to zero-click attacks anytime. Bad actors can use that weakness, such as an error in the DApp’s smart contract programming, to access your wallet.
While it can be fun to interact with new DApps, consider using a wallet holding minimal funds. That way, you can test the application while mitigating the damage from a potential zero-click wallet hack.
While attacks caused by such vulnerabilities may seem completely unfair, there are steps you can take to protect yourself.
What if you’ve fallen victim to a zero-click attack?
Suspect you’ve fallen victim to a zero-click attack? Immediately transfer your assets.
If you suspect you’ve fallen victim to a zero-click attack, follow these steps to protect your crypto assets:
- Disconnect your device: Disconnect the device from the internet immediately.
- Transfer assets: Secure your Web3 wallet. Transfer your assets to another device using your wallet’s recovery phrase.
- Run an anti-virus check: Once your assets are safely…
cointelegraph.com