Cryptocurrency: An Emerging Target for Cyberattacks

Since its advent in 2008, cryptocurrency has made a giant leap from being a part of the science community to become a common topic of discussion in almost every gathering, real or virtual. It is important to note the qualities of crypto which make it a lucrative mode of currency, it also attracts cybercriminals who use these features to trick potential victims and increase their profits. Paired with the global pandemic, remote working, and an overall fragile cybersecurity infrastructure it should come as no shock that in the year 2021, there have been a number of cybersecurity incidents as well as an increase in new attack vectors such as VPN and RDP. According to the data gathered by CloudSEK, crypto-related cyber attacks accounted for 2.9% of all reported cyber threats in 2021 with an 8.4% increase from February to October.

2.9% of the total cyberattacks were related to crypto
2.9% of the total cyberattacks were related to crypto

 

The growing cases of crypto scams and cyberattacks have affected millions of investors around the world and have also led to a decrease in the value of crypto-related stocks. In this paper, we have brought together data from XVigil and various other sources to provide you with an overview of the rise in Cryptocurrency-related cyber attacks in 2021.

Types of Attacks Against Crypto

Even in a short period of time, threat actors have successfully developed various vectors to exploit cryptocurrencies. Following are the most common types of attacks prevalent against cryptocurrencies.

  • Cryptojacking – Cryptojacking is a form of cybercrime in which hackers utilize people’s gadgets (computers, cellphones, tablets, and even servers) to mine for cryptocurrencies without their permission. Crypto mining is the method of obtaining cryptocurrency through the use of high-powered computers by solving cryptographic equations.

Hackers achieve this via infecting websites or online ads with JavaScript code that auto-executes once loaded in the victim’s browser, or by convincing the victim to click on a malicious link in a customized email that loads the crypto mining code on the machine. Once the code is loaded, it executes in the background, unnoticed by the victim. The only visible signs of this are a decrease in CPU performance and slowness of the system.

  • Cryptocurrency Scams – Scams are prevalent in every finance-related sector and crypto is no exception. Threat actors have been successful in scamming the crypto investors using various tactics such as:
    • Using spoofed domains
    • Developing fake APKs
    • Phishing advertisements and campaigns on Twitter and other social media
    • Scamming emails

Fraudsters find it easy to conduct these scams since most people are unfamiliar with cryptocurrencies.

  • Bulking Up Their Arsenal – Threat actors flourish by staying ahead of their victims’ cybersecurity capabilities. To accomplish this, they must continue to recruit skilled personnel and invest in advanced tools. The anonymity and flexibility of crypto make it easier for attackers to purchase these resources and further their attacks.
  • Money Laundering – Money laundering is a key feature of many criminal enterprises, especially those involving financial crimes. While most cryptocurrency transactions are legitimate, the anonymity and oversight-free global network it provides makes it attractive to malicious actors as well. Decentralized Finance (DeFi) platforms are rapidly being used by cybercriminals, ransomware groups, and hackers to launder their illicit funds. Peel Chain, Chain Hopping, and Over the Counter trades, are the three main mechanisms leveraged to enable money laundering in cryptocurrency networks. (For more information refer to the whitepaper on The Dark Web Crypto Lifecycle ).

Relation b/w Value of Bitcoin and the Crypto Based Attacks

Information from statista.com suggests that due to developments involving Tesla and Coinbase, Bitcoin (BTC) was worth more than USD 60,000 in both February and April 2021. The news by Tesla that it had purchased USD 1.5 billion worth digital coins, as well as the IPO of the United States’ largest crypto exchange, attracted widespread attention including that of cyber threat actors. Investments by notable firms such as Grayscal and MicroStrategy provided a huge publicity to crypto. MicroStrategy is the first publicly traded company to invest significant treasury assets in Bitcoin.

Besides this, tweets by Elon Musk, Gene Simmons, and Carole Baskin, among others, assisted in speeding up crypto adoption among the general public. The data gathered by XVigil indicates that there has been a significant increase in crypto-based cyber threats from April to June 2021 and from August to September 2021. Thus suggesting that the hype surrounding cryptocurrencies has made it a desirable target for cybercriminals.

A graph depicting the average value of bitcoin per month along with the number of crypto based attacks
A graph depicting the average value of bitcoin per month along with the number of crypto based attacks

 

Cryptocurrency – A Booming Market for Cyber Attackers

After analyzing the data gathered by XVigil, from multiple platforms across the internet, we found that the majority of crypto-based cyber incidents in 2021 had a global impact. A major reason for this can be the ease of conversion of bitcoin into a particular currency as compared to inter-currency conversions. For example, to purchase a product in American Dollars, Indians would have to convert INR to USD, and any remaining change would have to be converted back to INR. Whereas, in the case of bitcoin users can directly deal with bitcoin and save the change for future purchases that use bitcoin.

A graph depicting the Number of crypto attacks by the region affected
A graph depicting the Number of crypto attacks by the region affected

 

In the first three quarters of 2021, Asia & Pacific recorded the second-highest number of crypto-based incidents closely followed by Europe, North America, South & Latin America, and Africa.

 

Cyber Threat Watch 2021

Type of data posted on underground forums in crypto-related posts
Type of data posted on underground forums in crypto-related posts

Data acquired by XVigil indicates that the sale and purchase of datasets from various crypto exchanging platforms accounted for the majority of threat posts i.e 47.2% of overall crypto-based cyber attacks. Malware, accesses, vulnerabilities, and exploits were among the other prominent data types targeted. Here is a collection of the most intriguing advertisements discovered through our Threat Intelligence field research.

  1. Actor selling access to a crypto platform along with API keys from the past two exchanges. The actor has quoted a price of USD 200,000 (in cryptocurrency) for the sale.
Threat actor selling access to a DeFi platform
Threat actor selling access to a DeFi platform

2. Actor selling the user database from Shakepay.com, a website that allows Canadians to buy or sell bitcoin and pay their friends. The alleged database contains 387K unique records.

Threat actor selling 387K user records from Shakepay.com
Threat actor selling 387K user records from Shakepay.com

3. Actor selling methods to bypass 2FA (two-factor authentication) on crypto exchange accounts from Binance. Binance is a cryptocurrency exchange that is currently the largest exchange in the world in terms of the daily trading volume of cryptocurrencies. The actor mentions that the buyers need not log in to execute this attack and is offering this service for USD 500.

Threat actor selling 2FA bypass service for crypto exchange accounts
Threat actor selling 2FA bypass service for crypto exchange accounts

4. Actor sharing Nexus stealer malware, with easy control from the admin panel. Through it, an attacker can get the files for access to crypto wallets, among other things.

Threat actor offering Nexus malware
Threat actor offering Nexus malware

5. A threat actor is selling 3.1 million email records of the world’s most trusted & accurate source for crypto market capitalizations, pricing, and information, i.e CoinMarketCap.

Threat actor selling the database of CoinMarketCap
Threat actor selling the database of CoinMarketCap

6. Actor selling the PoC (Proof of Concept) for a vulnerability present in LocalBitcoin.com, one of the leading peer-to-peer Bitcoin trading platforms in the world. The alleged vulnerability is based on the internal transactions with LBC accounts which is practically similar to spending double the amount.

Threat actor selling details on a vulnerability in LocalBitcoin.com
Threat actor selling details on a vulnerability in LocalBitcoin.com
Prominent Crypto Based Cyber Incidents Across the Globe
  • Poly Network Crypto Heist –The biggest ever cryptocurrency heist occurred in August 2021, when hackers stole USD 613 million in digital currency from Poly Network. However, it was later reported that USD 260 million had been returned by the hackers in less than 24 hours of the theft.

Poly Network is a decentralized finance (DeFi) network that allows users to trade or swap tokens across different blockchains. Tokens are traded between blockchains using a smart contract that specifies when the assets should be released to the counterparties. According to a preliminary assessment, the hackers exploited a weakness in this smart contract and stole funds in over 12 different cryptocurrencies, including Ether and a Bitcoin variant.

  • Liquid cyber theft – The famous Japanese cryptocurrency exchange firm, Liquid was attacked by cybercriminals and over USD 97 million were stolen from digital wallets which contained Bitcoin and Ethereum tokens amongst others. This incident has been regarded as the second biggest heist of cryptocurrency which affected millions of people.
  • Cryptocurrency Scams – Scams on cryptocurrency have become rather common. According to a report by the Federal Trade Commission (FTC), around 7,000 individuals fell prey and lost a total of USD 80 million in cryptocurrency scams, from October 2020 to March 2021. Out of this, USD 2 million were stolen in a campaign where the scammers claimed to be Elon Musk.
  • Biggest Recorded Ransom Amount – The famous Russian ransomware group REvil, targeted multiple firms in the United States and demanded a total of USD 70 million in Bitcoin, as a ransom amount. The American software firm, Kaseya was among the list of affected entities and it is believed that a number of its clients were impacted.

 

Impact on Crypto Exchanges & Investments

There have been multiple cases of scams and cyber attacks against cryptocurrencies, which have put the public in a state of dilemma when it comes to investing in crypto. Listed below are the major impact of these attacks on crypto exchanges and investments:

  • Victims of Scams and Phishing Campaigns – The data gathered by FTC via their Consumer Sentinel Network suggests that the reported losses to cryptocurrency investment scam have spiked up by nearly 60% in 2021. BBC news has shared the stories of such individuals who were the real victims of such crypto scams and lost their savings in a single blow.
Data from FTC depicting the number of reports filed and amount lost to crypto scams
Data from FTC depicting the number of reports filed and amount lost to crypto scams

 

  • Shattering Dream of Cashless Economy – The concept of a cashless economy is highly dependent on mass scale crypto adoption. However, the increasing number of instances of cryptocurrency frauds has left the general public (particularly young investors) in a conundrum when it comes to investing in crypto. Users are losing faith in this digital currency, and as a result, they are avoiding all investments in it.
  • Declines in Stock Market – Crypto has begun to have a substantial impact on the stock market. The May 2021 bitcoin meltdown resulted in a reduction in the value of stocks owned by corporations that had invested in cryptocurrencies.= The following are the most affected:
      • Coinbase Global – The crypto exchange platform went lower by 7%.
      • Marathon Digital Holdings – The crypto mining company went lower by 10%.
      • Riot Blockchain – The crypto mining company went lower by 8%.
      • Silvergate Capital – The industry banking institution went lower by 3% (initially went as low as 10%).
    • MicroStrategy – The business intelligence company went lower by 9%.

 

Best Practices for Crypto Exchanges

The returns involved in crypto investments are remarkable, making it nearly hard to avoid them. Cryptocurrency security, on the other hand, has become a prevalent issue among investors. While safeguarding digital assets is difficult, here are some recommended practices to follow to keep your digital cash safe.

  • Use cold storages – There are two ways of storing cryptocurrency: cold wallets and hot wallets. Owners of digital currencies often keep their money in a digital wallet, which is often on a mobile device, as a key with passwords. Such types of wallets are known as Hot wallets. These are still theoretically online and allow the owner to receive and send tokens. On the other hand, an offline wallet for storing bitcoins is known as Cold storage. These are not connected to the internet, thereby protecting the digital currency against unauthorized access, cyber hacks, and other vulnerabilities that a system connected to the internet is vulnerable to.
  • Use 2FA (two-factor authentication) – It is advised to use those crypto wallets and exchange services that demand at least two-factor verification to keep your digital cash safe. Prefer using physical authentication such as fingerprint or facial/vocal recognition instead of SMS authentication for 2FA. Authy, Google, and Microsoft authenticators are also good choices for this purpose. Multi-factor authentication should be used not only for login in but also for any transactions using your digital currencies.
  • Don’t keep all your eggs in one basket – It’s usually a good idea to diversify your digital assets among various wallets and platforms so that if a hack or data breach occurs, you’ll have a relatively easy time reducing the severity of the loss.
  • Do your own research – Only put your money into something you understand. Never invest in a cryptocurrency based on broker or colleague recommendations. Understand the security environment of the exchange platforms, examine the reliability of a wallet provider and other crucial software you use for your crypto trades.
  • Implement proper crypto cybersecurity protocols – It is advisable to implement the appropriate security measures and to be cautious while using various trading platforms. Businesses as well as individuals should be aware of the ongoing phishing campaigns and should also take intensive cybersecurity courses on crypto.

 

Conclusion

Given the popularity of cryptocurrencies and the growing adoption among a wide range of users, it will become progressively more complex and energy-intensive to track and trace crypto transactions. Hence it is essential for users, investors, and government agencies across the globe to adopt safe practices, use reliable crypto exchanges, and develop policies that create a safe DeFi ecosystem. To safeguard themselves from crypto attacks and hacks, users must educate themselves on how to safely participate in cryptocurrency exchanges before investing their money. Alternatively, there are numerous options in terms of exchanges and digital wallets where the customer can store their digital currency. Hence, an informed customer must weigh the advantages and disadvantages of each of these options and make an informed decision.

A good provider will often have features like multi-factor authentication, SSL/TLS encryption for facilitating and safeguarding crypto transactions. Therefore, before choosing a financial services provider, the users must read the privacy and security policies of the concerned institution. Additionally, companies should equip their users with adequate knowledge and tools to protect their data and money in a world full of digital frauds. The right company will maintain transparency with its customers and help them have a secure crypto banking experience.

 

References
  1. The Dark Web Crypto Lifecycle: How Cyber Criminals Misuse and Cash Out Crypto Funds
  2. Bitcoin price from October 2013 to October 22, 2021
  3. The real victims of mass crypto-hacks that keep happening
  4. Cryptocurrency buzz drives record investment scam losses
  5. ‘We lost our life savings in a cryptocurrency scam’
  6. Should Stock Market Investors Care About the Crypto Crash?
Hansika joined CloudSEK’s Editorial team as a Technical Writer and is a B.Sc (Hons) student at the University of Delhi. She was previously associated with Youth India Foundation for a year.
This is Alt
Lead Cyberintelligence Editor, CloudSEK
Total Posts: 3
Deepanjli is CloudSEK’s Lead Technical Content Writer and Editor. She is a pen wielding pedant with an insatiable appetite for books, Sudoku, and epistemology. She works on any and all content at CloudSEK, which includes blogs, reports, product documentation, and everything in between.
×
Hansika joined CloudSEK’s Editorial team as a Technical Writer and is a B.Sc (Hons) student at the University of Delhi. She was previously associated with Youth India Foundation for a year.
Latest Posts
  • ATM Hacks in Darkweb marketplaces