Bitcoin on the rise, while cryptocurrency security remains flimsy
In October 2020, the U.S. Attorney General presented a new report by the Cyber-Digital Taskforce called “Cryptocurrency: An Enforcement Framework”. The report lists the threats, such as buying and selling tools to commit crimes or to support terrorism, ransom, blackmail, and extortion, money laundering, operating unlicensed or non-compliant exchanges, evading taxes, theft, fraud and cryptojacking (malicious use of someone’s computing power to mine cryptocurrencies). The guide also explains the regulatory approaches to these kinds of crimes, current challenges and future strategies for the enforcement bodies.
The active counter-measures are much needed because the crime in this sphere is definitely getting momentum. For example, a criminal group CryptoCore, also known as Crypto-gang, Dangerous Password and Leery Turtle, has already stolen about 200$ million from cryptocurrency exchanges in Japan, the US and other countries. According to Or Blatt, a leader of the research group at ClearSky, the hacker gang operates since 2018. They are supposedly based in Eastern Europe: Ukraine, Russia or Romania. The criminals have already performed five successful attacks and now put 10-20 cryptocurrency exchanges at risk.
Interestingly enough, the group always uses the same tactic with little variations. The first step always involves data research about the exchange leadership, IT team and other employees.
The initial phishing attacks always target personal e-mails, not corporate ones. They usually have more vulnerabilities, but nevertheless, contain business-related data. Eventually, hackers obtain business account access. According to the researchers, the spear-phishing is typically carried out by impersonating a high-ranking employee either from the target organization or from another company with connections to the targeted individual.
Then the hackers infiltrate the corporate networks with malware, obtain the password manager credentials, access the cryptocurrency wallets, get through the two-factor authentication and transfer money.
Security breaches in the crypto sphere are widespread
As Bitcoin and other cryptocurrencies gain popularity, the number of exchange platforms grows exponentially. According to Cryptimi, there are more than 18 000 services of this kind. Bloomberg estimates their income of $3 million daily and $1 billion every year. Small exchange platforms often have serious security breaches.
Cybernews have recently researched the security level of cryptocurrency exchanges. They have monitored the web to find the databases that use the vulnerable platform called MongoDB. The researchers used keyword filtration and manually analyzed the databases. They claim that the currently available unprotected data can cost the exchanges $18 million of losses if the criminals choose to exploit it.
Breach Report database of leaks includes 400 000 accounts of cryptocurrency services, added in 2020 alone. You can check if your credentials were compromised on BreachReport.com. The leak of any personal data can help the criminals get access to your funds with the use of social engineering and other schemes. This is why non-stop monitoring and timely notifications are so important. These features are also available for BreachReport users.
Other resonant attacks
About $2 million worth of Dai cryptocurrency was stolen from a borrowing and lending service Akropolis in November. The criminals used a “flash loan” tactic by taking a loan and then exploiting the service code to get away with the money. Akropolis offered a $200 000 bug bounty to the attacker for returning the funds, but there were no reports on whether they have accepted the proposal.
A Singapore-based exchange KuCoin was hacked in September for about $150 million. They claim that the majority of funds have been recovered through "judicial recovery, contract upgrades, and on-chain tracking."
Slovak exchange ETERBASE has also experienced theft from their hot wallets worth $5.4 million in September. Hot wallets are generally considered to be a vulnerable solution due to the active connection to the Internet.
The domain registrar GoDaddy suffered a social engineering and phishing attack in November that led to a wave of breaches in cryptocurrency exchanges, such as Liquid.com and the NiceHash.
A hacker stole about $24 million from decentralized finance (DeFi) service Harvest Finance in October. Two minutes after the attack he returned $2,5 million due to reasons that remain unclear. The company’s representatives say that the attacker left a significant number of personally identifiable information and offered a bug bounty for transferring the whole sum back.
In September login credentials from a leading cryptocurrency and airdrop program CryptoBharat were exposed in a dark web share. The database came from a well-known hacker, also publishing Boom-Cash and SLD.RU databases. BreachReport analysis on the file disclosed 9,053 unique accounts affected by the event, in form of email addresses and plaintext passwords.
In September 2020 about twenty Israeli executives of cryptocurrency exchanges were attacked by hackers. Their phones were breached, and the credentials were stolen. The criminals also sent their contacts the requests for money transfer. According to the Haaretz website, the attack failed overall, but the same scheme with the tapping into the telecom network occurred in December in Russia.
Criminals seem to have the upper hand at the moment. For instance, Google has recently deleted 49 Chrome Web Store extensions posing as reliable cryptocurrency wallets. Their malicious code was designed to steal wallet keys, mnemonic phrases and other confidential data.
However, some tactics can minimize the chance of a person dealing with crypto to be breached:
1. The key thing is to install high-quality anti-virus software. These sophisticated programs are regularly updated to protect your devices in real-time.
2. Data backup is also important. Keep your data in the cloud, USB card or hard drive. After the backup, disconnect the device to avoid infection. This measure will save your data if you catch ransomware, a virus that blocks access to your files and threatens to publish them or forces you to buy the decipher key.
3. Never follow the suspicious links. Always check if the address is valid before entering any credentials. If you have doubts, you can also check the page’s functionality. Many phishing websites have only one page with sign-in fields. Or other website links may lead to absolutely different-looking pages.
4. Trust only the proven services with your money management. Before using the service, check its background, reviews, and how long it has been around. Are there any reports on Ponzi schemes, scums or user data leaks associated with it?
5. Two-factor authentication (2FA) is a great tool, but cybercriminals manage to hack it as well. For example, if a code for the 2FA is sent on the phone, the hackers can get the number through the open sources or mobile operator databases. Then they can block the SIM card by calling the mobile plan support hotline and claiming it was lost or stolen. Then they connect the account to a new number and log in using the 2FA. To prevent SIM swapping, you can use a separate SIM card for cryptocurrency exchanges and wallets. This number shouldn’t be used on the daily basis, mentioned and shared anywhere. Another tip is to get a password for SIM blocking if your operator supports such practice.
6. Set a whitelist of addresses for the money transfer on the cryptocurrency exchange. It will make it harder for hackers to add a new address for stealing your funds.
7. If a person you know contacts you with a request to transfer some crypto, make a rule to assume this is a scam. Try to verify the request by calling them or even having a video chat.
8. Don’t keep money at the exchange platforms, they get attacked every day. Buy only the amount you need to make the deal happen. And then, transfer the profits immediately, preferably to a cold-storage wallet that is not connected to the internet and is more secured against the attacks.
9. Use multi-signature, a technology that requires multiple people to authorize a transaction. It is a popular tool for business accounts belonging to a number of partners.
10. Keep an eye on your devices and accounts, especially emails. We also recommend you so subscribe to the Breach Report monitoring service to be immediately informed if your credentials get leaked on the dark web.