The Rise of Cryptocurrency-related Cyberattacks

5 min read

Cybercriminals now have the chance to profit immensely from all the money that has begun to flood the cryptocurrency market. As new crypto-based investments like initial coin offerings (ICOs) and non-fungible tokens (NFTs) become more and more popular, the hackers have more avenues open for them now. So why is there a rise in cryptocurrency-related cyberattacks? Read on to know.

Why are Cybercriminals Choosing Cryptocurrencies? 

Transactions using cryptocurrency are not outrightly illegal, in most cases, but they can lead to money laundering. Cryptocurrencies have become a safe haven for hackers and they are finding new ways to attack victims. 

Cryptocurrency Maintains Anonymity

When criminals undertake transactions via cryptocurrency, no evidence remains behind. This is because payments via cryptocurrency coins do not need one to produce identity proofs like email addresses, names etc. Therefore, they maintain a great degree of anonymity. 

Secondly, crypto exchanges allow converting one cryptocurrency to the other. This is often done by money mules which are employed on Dark Web forums. These people are told to withdraw, say, Bitcoins from particular accounts while keeping their identity concealed. 

Increasing Popularity of Cryptocurrencies

More and more business transactions are relying on cryptocurrencies. With so much digital money flooding the space, the hackers, but naturally, have begun to choose this mode of operation as well. Even some governments have officially started accepting cryptocurrencies as legal modes of payments, making the scope wider.

Autonomy of Transactions

Crypto coins do not have any intermediary authorities such as banks or governments and neither other banking procedures like banking fees, mandatory maintaining of an account, a minimum balance in the account or overdraft charges. With crypto coins, one can do whatever one wants with his money. This autonomy in transactions has made this form of money so popular amongst hackers. As it does not have an overseeing authority or governance, hackers can operate in unregulated markets and carry out under-the-table business deals without problems.

Permanence of Transactions

Much like cash, once it is handed over, it can’t be returned unless the recipient returns it. This quality of permanence of transactions via crypto coins is another reason why it has become so appealing to hackers. Once a transaction is complete, it remains that way.

Quality of permanence of transactions via crypto coins.

Publicly Available Information

Maintenance and display of transactions using cryptocurrency are on a public ledger. Hence, it is easy to view where the money goes. This gives the scammers access to a lot of data they can exploit. The cybercriminals, though, can stay anonymous despite such public display of information. The wallet addresses that are receiving the money carry no personally identifiable information. Also, they often send the funds through ‘a mixer’ or ‘wash’ the cryptocurrency by transferring it through numerous wallets. Several automated services help in ‘washing’. For instance, tornado.cash helps to ‘wash’ Ethereum. 

Easy Access to the Wallet Codes

To make a purchase, a buyer can scan the displayed QR code or copy-paste the wallet address into purchasing application. However, as a wallet address has a fixed number of letters and numbers that help form the code, hackers can latch onto the computer clipboard and monitor to detect such an address just when the victim is about to make a transaction using it. Using malware, the scammers then make an easy switch by changing the recipient’s wallet address with their malicious one. 

Major Types of Cyberattacks Targeting Cryptocurrencies 

Ransomware

Hackers use ransomware as a tool to get crypto coins. Usually, it begins with the business’ website going down and the systems becoming inaccessible. In such situations, the administrator overrides also stop working. After this, the ransom demand via an email arrives. This has a wallet address to which a certain payment amount needs to be made. Left with no choice, the victim makes the deposit using crypto coins. For example, in the Colonial Pipeline ransomware incident, the firm allegedly paid $4.4 million to the attackers in Bitcoin.

Hackers use ransomware as a tool to get crypto coins.

Cryptojacking

Cryptojacking is the method that hackers use to use another’s computer to mine cryptocurrency. This happens in two ways.

  • An email with a malicious link can be sent to the unsuspecting victim. When the victim clicks on this link, a crypto-mining code loads onto the computer
  • The hacker can infect a website or online ad by using JavaScript code. This code can auto-execute itself once it loads into the victim’s browser. 

Once the code is in the victim’s computer, it works in the background when he or she is using the computer. Such a form of hacking is tough to spot, the only way being to see whether the performance has become slower and if there are considerable lags in execution.

Hacking of Cryptocurrency Trading Platforms

A crypto exchange is a centralised web application with a few big crypto wallets inside and can execute multiple transactions. This makes it prone to attack by hackers as a single, centralised failure could mean a lot of profit for the cybercriminals. So it is done in various ways.

Client-Side

  • Cross-Site Scripting (CSS) allows the hacker to use the victim’s browsers as his own by adding malicious JS/HTML code to it. 
  • Open redirects arbitrarily redirect the victim to his crypto exchange. Such an attack looks like a link to the original domain of the victim’s exchange which downloads a ‘new version of trading desktop client’ but in reality is malicious software that steals the victim’s wallet.

Server Side

  • There could be logic issues due to which there could be simultaneous processing of more than one withdrawal transaction. Hackers like to use this method as they are tough to discover by automation tools like source code analysers.
  • Sometimes authentication bypass issues prevent passwords and even 2FA from working. Due to this, user sessions start even without properly checking the credentials.

To prevent such attacks from happening, the frontend JavaScript, the mobile app, terminals and other clients on the client-side, and APIs and data repositories on the back end need protection. 

Client side and server side attacks.

Phishing

Crypto-phishing is one where the hackers get access to the victim’s private key of his crypto wallet to access the funds within the wallet. For this, the scammers send an email with a link that leads the account holder to a website where he is to enter his private key information. These emails generally imitate the providers of cryptocurrency-related services like web wallets, exchanges, and others. They sometimes also contain security alert messages like ‘Someone tried to sign in to your account’ followed by a browser URL that says ‘Click the link to check that all is fine’. Once the hackers have this information, he has access to the wallet.

Recent Breaches and Attacks in the Cryptocurrency Market

A recent study by the well-known research company, Chainalysis, showed that in 2021 scammers had managed to syphon off $14 billion worth of cryptocurrency from victims. This was an increase of 79 per cent over 2020! Some of the recent breaches in the cryptocurrency market which has duped victims off a lot of money are below. 

In October 2021, a leak impacted three million CoinMarketCap (CMC) users’ data from US, India, and Japan. The attackers then uploaded this information on various hacking forums. CMC, however, said that the data was just email addresses and not the associated passwords. Furthermore, they added that the leak had not occurred from their servers, and the cause of the breach was being investigated. 

In December 2021, the crypto trading platform Bitmart announced that there had been a security breach on a significant scare due to which the hackers had managed to withdraw about $150 million. It went on to say that it would use its funds to reimburse the victims and added that the breach had occurred due to a stolen private key that had affected the Ethereum and Binance smart chain. 

In January 2022, Crypto.com, one of the world’s biggest and best-known cryptocurrency exchanges, announced that 483 of its users had been hit by a breach wherein Bitcoin and Ether worth $35 million had been withdrawn illegally. No customer, though, it went on to say, had experienced any loss of funds. The firm said that it had been found that some transactions from accounts were getting approved without the second factor of authentication. To conduct a thorough investigation on this and get to the bottom of the attack, it suspended withdrawals for all tokens after the breach discovery. 

Bottomline

Cryptocurrencies are just digital data, and the wallet address of a holder is nothing but a combination of letters and numbers that looks like gibberish. Yet digital currency’s anonymity, permanence, and autonomy have made it popular amongst cybercriminals. It is time that we, thus, start improving the security measures to mitigate such attacks in the future. 

Leave a Reply

Your email address will not be published. Required fields are marked *