New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Crypto WiFi Hack – How it Works

Read 3 min
Orange warning sign popping out on a black background.
— Most Public WiFi networks are not encrypted therefore they are easy targets for remote access by a potential attacker.

— Hackers set up their own malicious WiFi routers in a public venue (e.g., a hotel) with the goal of snooping web traffic using a dubious access point.

— If users log into unsecured accounts like bank gateways or online crypto wallets, attackers can intercept that data.

— Hardware wallets also provide excellent defenses against public WiFi intrusions.

Yes, that WiFi network you asked for at your most recent hotel stay or local café is not really that secure. Let’ s find out how the crypto WiFi hack works.

The dangers of public WiFi

The dangers of “free public WiFi” found in places like hotels, airports, cafes, and libraries are manifold. Most public WiFi networks are unencrypted, making them easy targets for remote access by a potential hacker. In many instances, such attacks go entirely unnoticed by the victims. 

The appeal of accessing potentially thousands of people’s devices and Internet activity, in say an airport, is too enticing for many hackers to pass up. A few public WiFi eavesdropping attacks include Man-in-the-middle (MITM) attacks, the evil twin method, cookie thefts, and remote malware injections. 

Man-in-the-middle attack

MITM attacks work by interposing independent connections between users of a public WiFi network. The attacker intercepts traffic generated by a user’s device and makes it seem as though they are communicating with another party. The attacker is relaying and altering messages, which enables the attack to work if the malicious party can bypass mutual authentication between the users.  

MITM can be detected via tamper detection methods such as method authentication by exchanging public keys over secure channels or HTTP Public Key Pinning. Web traffic analysis can also be used to uncover instances where a public WiFi network may be compromised. 

Tamper detection, traffic analysis, and public key infrastructure (e.g., TLS) can help to reduce the relevance and damage of MITM attacks. But there are precedents for sustained, high-profile MITM attacks such as the Nokia Xpress Browser and DigiNotar certificate incident. 

In one of the most egregious MITM software attacks, the National Security Agency (NSA) reportedly impersonated Google servers to spy on individuals. 

Evil twin method

In the case of the evil twin method, hackers would set up their own malicious WiFi routers in a public venue (e.g., a hotel), with the goal of snooping web traffic using a dubious access point. WiFi users plug into the wireless access point hosted by the hackers that appears to be the same public network as the relevant venue, and their Internet traffic is analyzed.

If users log into unsecured accounts like bank gateways or online crypto wallets, attackers can intercept that data. 

Cookie thefts involve the commonly asked about browser functionality, cookies, which are small files acting as authentication methods for frequently visited sites on a user’s unique browser. Akin to a specific browser’s “footprint” when visiting websites, they allow commonly visited sites of a particular user to load faster, remember passwords, and more. 

Hackers take advantage of cookies by impersonating their browser identities and gaining access to websites on their behalf by leveraging the user’s cookies. 

The problem with MITM attacks is that they can be trivial to set up in public WiFi hotspots, and so convincing to users at the same time, that they are unlikely to go noticed by users or WiFi hosts for extended periods. Evil twin attack perpetrators can even pass on web traffic to the authentic access point once they have monitored the target’s communications. 

In the context of protecting your crypto assets, it is best not to access your wallets, notes apps, or other applications where sensitive data or value is stored while using public WiFi hotspots. No network is ever completely secure, and even by taking the necessary precautions, you can still be exposed to risk. 

Hardware wallets provide excellent defenses against public WiFi intrusions, however.

Hardware wallets are totally offline

Hardware wallets do not connect to the Internet, so they can be safely carried with you through public venues like airports without worrying about an MITM attack stealing your funds. Even when connecting your hardware device to your computer, critical data will never be communicated to the computer that is connected to a public wifi hotspot. The final verification of a transaction will always occur directly on your physical device. 

Remember, if you store your passwords, recovery phrases, or PINs in a digital file on your computer or phone, they are at risk of being stolen through public WiFi incursions. 

Keep learning! If you enjoy getting to grips with crypto and blockchain, check out our School of Block video Intro to Web 3 for Beginners.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.