som to delete traders’ personal information. And if it’s easier to fool less tech-savvy people by using old-school technologies such as phishing emails, even the most paranoid of us can be hacked when cybercriminals find a way to obtain our credentials through mobile SMS two-factor authentication(2FA) by duping mobile operators. Nobody is safe!
The Worst Cyber Attacks
The amount of money in cryptocurrencies stolen from exchanges is incredible, amounting to a grand total of $760 million just in the first half of 2018. The most recent cryptocurrency hack in 2018 was the attack on South Korea’s Bithumb exchange, that allowed cybercriminals to loot $31.5 million worth of digital tokens in June. Hackers exploited the vulnerabilities of Bithumb’s hot wallet, a much less secure storage system than a cold wallet. This attack was nothing compared to the ones performed in January against the Japanese exchange Coincheck which cost them $534 million worth of NEM coins, or the hacking of the Italian exchange BitGrail where $195 million in nano tokens were stolen.
Hacking cryptocurrencies even have some political implications. South Korea’s spy agency, the National Intelligence Service, suspects that North Korean hackers may have been behind some of the attacks such as the one against the Coins exchange in September 2017. They alleged that the attacks against the South Korean exchanges may have occurred to evade the financial sanctions imposed as punishment for the North’s development of nuclear weapons.
Hacking Computers to Steal Mining Power
Mining cryptocurrencies require vast amounts of computing capacity to verify the transaction record and decode the block hash to obtain coins. Malware hidden in Chrome extensions and hacked WordPress sites can be used by hackers to hijack other people’s computers to “enslave” them (a trick called “crypto jacking”). Kaspersky Lab reported finding this type of malicious threat on 1.65 million computers scanned and pointed to how hackers moved to mine different, more profitable crypto coins such as Monero and zCash.
Illegal mining operations set up by insiders are also on the rise, as employees with high-level network privileges resort to stealing server power for mining purposes. Some attacks have been directed at stealing computing power even from public Wi-Fi such as that found in Starbucks.
Using Cryptocurrencies for Money Laundering
Cybercrime is a thriving industry, worth up to $1.5 trillion per year. Ransomware alone may be worth up to $1 billion. Just like any other criminal, cybercriminals can’t deposit their ill-gotten gains into normal banks, let alone spend the huge amount of money they collect by breaking all kinds of international law. And just like every other criminal out there, they need to resort to money laundering, except this time they do it with the digital counterpart of physical money: cryptocurrencies.
Crypto transactions are fully anonymous, and since they do not require any financial intermediaries such as PayPal or banks, it’s easy to imagine how simple it is for this money to fall through the cracks. Although more complicated than with traditional methods, money laundering through crypto coins much more convenient and inexpensive since you don’t need to pay the money required to establish a sham business. Laundering is done through “layering,” i.e., moving money through the crypto system until the number of transactions makes it too complicated for an investigator to follow it anymore. The generalized lack of proper “know your customer” (KYC) regulations in cryptocurrency gambling sites also makes the whole process even more foggy and confused, allowing criminals to clean their dirty money with almost no risks.
Not-so-fun fact: Since even traditional criminals acknowledge the potential of cryptos to launder their good ol’ dollars, some hackers are now advertising their services to wash illicitly acquired crypto coins through Google AdWords. This speaks volumes of the feeling of impunity they are currently enjoying.
How to Protect Your Assets
There are a few ways to avoid having one’s digital wallet stolen, both in terms of simple tricks to reduce your chances of being scammed, and promising defense technologies to prevent cryptocurrency hacks from occurring in the first place. First things first – although we previously stated that 2FA is not 100 percent safe anymore, there’s no reason not to employ it at all times. It’s much better to avoid 2FA via SMS, though, since it’s the less secure form. Second, do not trust Slack Bots, and report all those who look suspicious. A good antivirus may be used to protect the Slack channel as well. Third, do not download any crypto add-on – like, ever.
Obviously, keeping one’s eyes peeled at all times can’t be enough. Users need some form of automated threat intelligence that prevents the worst from occurring, rather than just relying on their own wits. The vulnerability of many apps to web-based attacks was solved with the introduction of web application firewalls (WAF) to limit unwanted traffic. This same concept has been applied to the blockchain world through the decentralized application firewall (DAF), a technology implemented by SafeBlocks Firewall to protect smart contracts from unauthorized transactions. Similarly to traditional firewalls, rules and limits can be set to allow or deny transactions based on certain attributes, such as the number of tokens per transaction or the time between each transaction. This new technology may represent an interesting step towards a more efficient, streamlined and automated form of protection against blockchain threats. It may help dispel at least a portion of the general sense of insecurity commonly associated with this new technology.
Hidden hackers that steal Wi-Fi bandwidth to fuel their mining networks. Invisible malware downloaded to conjure real money from thin air by sucking computer power or stealing virtual coins.
Hacking cryptocurrencies depicts a truly dystopian scenario that lets us perceive how another unseen and interconnected world exists around and inside ours. An impressive virtual world whose darkness and intangibility really makes the cyberspace we used to imagine back in the ’80s Cyberpunk pale in comparison.