Why Is Cryptocurrency Such an Appealing Target?
Ten months ago we asked a rhetorical question : will losses from cryptocurrency exchange hacks hit one billion dollars in ? Indeed, they did. The Libra currency is a type of stablecoin; that is, its value will not fluctuate significantly the way that, for instance, bitcoin does. However, it will not be pinned to the value of an existing fiat currency like the USD or Euro. Instead, its value will be guaranteed by a basket of deposits that will be diversified across several different currency markets, which are brought to the table by the Libra Association.
This association, which is the other unique aspect of the Libra currency, will be composed of a number of organizations from different industries, including tech, finance, and consumer goods and services. Members of the association will have votes on the future of the currency, placing Libra in a sort of middle position in terms of decentralization.
It is less centralized than if Facebook were running the entire show, but more centralized than other cryptocurrencies, making it sort of a corporate oligarchy rather than either a nation-state fiat currency or a completely decentralized, community-run currency. However, new evidence from a panel of experts reporting to the United Nations Security Council provides a better sense of the scope of the threat. There is also growing evidence that the DPRK is using the pseudonymous nature of blockchain transactions to launder money and operate clandestine global financial operations.
A variety of factors contribute to the appeal of cryptocurrency as a target for malicious actors. Many digital thefts leave the attacker with illiquid assets—that is, something that still needs to be converted into money. By contrast, cryptocurrency is essentially cash, so it is much more liquid.
The cryptocurrency ethos, which espouses deep personal privacy, anonymity or at least pseudonymity , and autonomy, can be both a helps and a hindrance to security. Some of the same principles and tools that draw people to cryptocurrency can work to the advantage of attackers, and the field has more than its share of scammers. In the same way that fiat currency like the U.
Every part of this infrastructure has the potential to be the focal point of an attack, including wallet software, exchange platforms, the blockchain algorithms underpinning the currency itself, and the people who use it.
This has led to the use of some unusual and unanticipated attack vectors, in addition to many familiar ones. Cryptocurrency exchanges have been subjected to distributed denial of service DDoS attacks on multiple occasions, probably for the purpose of suspending trading in order to achieve some kind of pricing advantage.
DDoS attacks do not require much sophistication or effort, and can have a devastating impact on the perceived stability of platforms—like exchanges—that thrive on traffic to drive their marketplaces.
The trove of documents that Edward Snowden revealed in showed that the NSA had cultivated techniques to deanonymize bitcoin users. In one case, the NSA created an anonymization service probably a VPN to bitcoin users in geographic areas of interest that had a backdoor deliberately built in. However, even if everything in this scenario was above board, it demonstrates that, as with all organizations with a financial presence on the Internet, a single strong control of any type, including encryption, is not sufficient to control the various manifestations of risk.
There are no reports of any losses. In February , , user credentials for the prominent exchange Coinmama, specifically email addresses and hashed passwords, were posted on the dark web as part of a larger dump of compromised credentials. Attackers reportedly exploited a vulnerability in the PostgreSQL database management system to download credentials from a swath of sites.
Fortunately, there are no reports of any loss of assets by Coinmama users. One of the leading cryptocurrency exchanges, Binance, was hacked in May through a combination of phishing and malware attacks that provided attackers with a large number of multifactor authentication codes and application programming interface API keys. In late January , attackers compromised a third-party discussion forum platform running on the LocalBitcoins site and set up a false login prompt which they used to collect user credentials, including multifactor codes.
Using these credentials attackers gained access to six user accounts and transferred BTC 7. The attack was tentatively ascribed to an insider. All of the assets stolen were Bithumb reserves, not user assets. This highlights the issues surrounding visibility that APIs have introduced into contemporary systems.
The attackers exploited an unspecified vulnerability in order to gain access to 90 user accounts. Bitrue quickly detected the attack, suspended the account in question, and contacted other exchanges trading in XRP and ADA currencies to freeze the corresponding transactions. Exit scams are not really security breaches, but rather fraud events in which exchanges or currencies collect money from investors, often in initial coin offerings that are subject to a great deal of financial speculation, then disappear.
These scams exploit the cryptographic capabilities of cryptocurrencies to make it impossible to recover funds once they are stolen. The popular Irish exchange Bitsane was notable for being one of the first exchanges to trade the XRP currency. Users began reporting technical difficulties for withdrawals in May and the exchange went offline mid-June In October , the Canadian exchange MapleChange went down for site maintenance shortly before it announced that it had been hacked.
Exit scams and exchange hacks are only a risk to those who store their currency on exchange platforms. Storing currency in wallets offers significantly greater security, but hot wallets can still be compromised under certain conditions. While breaches like this result in smaller losses overall than what occurs when an entire exchange is breached, the loss is catastrophic for the affected user.
Thus far, the most prominent tactic has involved using SIM swapping to gain access to hot wallets. SIM swapping involves convincing a wireless carrier to move a wireless account to another SIM card and therefore another phone , so that the attacker can bypass multifactor authentication, or simply log in to crypto exchanges to move currency. In November , a man was arrested and charged for multiple SIM swapping frauds against Silicon Valley executives and other prominent cryptocurrency personalities.
The combination of the technologies underpinning cryptocurrencies and the people participating in the cryptocurrency community make the crypto market a strange beast.
Trust is in short supply, and while there is a lot of money to be made, it is even harder than normal to completely minimize risk. Nevertheless, there are a few things you can do to improve your security profile as an individual cryptocurrency investor.
At this point, it should be clear that not all exchanges are started in good faith. You should vet your exchange thoroughly before you commit any money. Third-party audits are a good sign that an independent entity considers the organization a well-run and safe platform for investment. Cold wallets that rely on hardware authentication and that are physically disconnected when not in use that is, air-gapped are a good way to retain control over your assets.
With over 20 years of experience in Internet security, he has worked closely with federal law enforcement in cyber-crime investigations.
He was directly involved in several major intrusion cases, including the FBI undercover Flyhook operation and the NW Hospital botnet prosecution. He has worked in information security, geopolitical risk, and linguistic consulting. So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats.
We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space.
With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe. Reports All Reports October 24, Top Risks. September 11, Cryptocurrency Hacks By Raymond Pompon, Sander Vinberg. Attack Type: App Infrastructure Attacks. DDoS Attacks. Client-side Attacks. Web Application Attacks.
Attack Method: DNS hijacking. API Attacks. Credential stuffing. Credential theft. Credential Theft. Attack Motive: Cybercrime.
Attacker Attribution: North Korea. App Tiers Affected:. Introduction Ten months ago we asked a rhetorical question : will losses from cryptocurrency exchange hacks hit one billion dollars in ? Obscure Threat Models In the same way that fiat currency like the U. Denial-of-Service Effects Cryptocurrency exchanges have been subjected to distributed denial of service DDoS attacks on multiple occasions, probably for the purpose of suspending trading in order to achieve some kind of pricing advantage.
Hacking Incidents Below are the incidents that are suspected malicious attacks that have unfolded since our last report in October Vet Your Exchange At this point, it should be clear that not all exchanges are started in good faith. Air-Gap Your Wallet Cold wallets that rely on hardware authentication and that are physically disconnected when not in use that is, air-gapped are a good way to retain control over your assets.
Related Articles Top Risks. July 22, July 16, June 25, About the author. More articles from Raymond Pompon. More articles from Sander Vinberg.
Any cryptocurrency exchange hack adversely affects the rate of cryptocurrency, which makes the price to restore only after a few months. Hackers carry out attacks not only to steal money. The likelihood of such well-designed tactical attacks will only grow with the development of the market and fierce competition on it. Coins and tokens can disappear even from the largest and seemingly protected exchanges. Gox opens the list of cryptocurrency hacks. In the distant , a hacker managed to hijack auditor account with administrative rights. Through phishing, he or she took possession of the administrative account, stole hot wallet private keys from wallet.
About The Author
Trading on BBOD is much safer than any other centralised exchange. Gox bitcoin exchange caused the nominal price of a bitcoin to fraudulently drop to one cent on the Mt. So, if you do the read more, you can always keep track of how the business is going. The total amount does not include stolen user data and undisclosed amounts of stolen funds. Fortunately for users, the malicious code was discovered by a security researcher and quickly remediated by Gate. The full amount of lost funds is unknown; however, 19, ETH has been seen transferred to an unknown wallet. The company stated that one of the possible reasons for the fraudulent withdrawal was a lack of 2FA. Add cryptoucrrency. Source: BraveNewCoin.