Cryptocurrency cyber attacks on the rise as industry expands
Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings.
The cryptocurrency market is expanding exponentially, but the recent wave of cyber attacks and scams has shown the industry is struggling on the security front.
Digital currency has become widely adopted by a range of clientele from high-end investors and amateur traders looking to turn a profit to hackers and criminals funding their illicit operations on the dark web. Governments continue to implement new regulations and laws to keep pace with its increasing popularity and its inevitable security weaknesses.
The rising value of many coins isn't the only factor. Cryptocurrency has been a pivotal subject during the Russian invasion of Ukraine as well. It was included in the European Union's sanctions against Russia, and on March 16, Ukraine President Volodymyr Zelenskyy legalized cryptocurrency by signing a law on virtual assets.
To help navigate sanctions amid the war, blockchain analytics vendor Chainalysis released two sanctions screening tools geared toward the cryptocurrency industry.
Earlier this month, Flashpoint published new research on cryptocurrency fueling donations for both sides during the ongoing war. Flashpoint analysts called the Ukrainian government's public requests for cryptocurrency donations a "novel approach."
"As the Russian invasion of Ukraine draws more need for financial contributions to fund military and humanitarian relief needs, cryptocurrency has become a way for governments to directly source funds and bypass traditional aid processes that delay or restrict the aid they receive," the blog post said.
Stand with the people of Ukraine. Now accepting cryptocurrency donations. Bitcoin, Ethereum and USDT.— Ukraine / Україна (@Ukraine) February 26, 2022
BTC - 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P
ETH and USDT (ERC-20) - 0x165CD37b4C644C2921454429E7F9358d18A45e14
Since Feb. 21, the cyberthreat intelligence vendor uncovered "262 cryptocurrency addresses used in advertisements for donations to either Ukrainian or Russian causes related to the war." Unsurprisingly, some of those addresses were legitimate, while others were deemed "suspicious," demonstrating the ongoing risks versus rewards associated with cryptocurrency.
"Malicious actors are also able to more easily monetize donations intended for the Ukrainian government by advertising and proliferating their own cryptocurrency wallet addresses rather than the legitimate addresses," the blog said.
The scams unfortunately coincide with a recent spike in cryptocurrency attacks that have seen the thefts of millions of dollars in various coins from exchanges, platforms and even personal wallets.
The security risks were further highlighted in the FBI's Internet Crime Report last week, where the "criminal use of cryptocurrency" sat among the top three reported incidents in 2021.
Transferring illicit funds directly to cryptocurrency wallets has made "recovery efforts more difficult," according to the report, which listed Bitcoin, Ethereum, Litecoin and Ripple as currency examples. The report also determined its criminal use has expanded.
"Once limited to hackers, ransomware groups and other denizens of the 'dark web,' cryptocurrency is becoming the preferred payment method for all types of scams," the report said.
Though the report uncovered a decrease in victims compared to 2020, there was a hefty increase in losses, with more than $1.6 billion reported in 2021. Similarly, Chainalysis published research in January that found "cryptocurrency-based crime hit a new all-time high in 2021." In that report, analysts discovered illicit addresses received $14 billion last year.
Not only has the use of virtual currency grown integral in ransom demands and to fund future criminal programs, exchanges, platforms and hot wallets have also become targets.
In November, BTC-Alpha confirmed a cyber attack and attributed it to a competing cryptocurrency platform. The following month, BadgerDAO issued a plea to work with the attackers who breached the decentralized finance platform and stole more than $100 million in users' funds. In January, Crypto.com suspended withdrawals to investigate an attack on its platform; the company later confirmed threat actors stole $35 million.
Last month, hackers stole over $300 million from another platform, Wormhole.
[ALERT] LockBit ransomware gang has announced "Cryptocurrency Exchange" on the victim list. pic.twitter.com/pA2bh1Vmte— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) November 17, 2021
The question of whether these cryptocurrency attacks have ramped up or if the activity is just becoming more widely publicized is tough for analysts to answer, according to experts.
Javed Samuel, vice president of NCC Group's cryptography services, told SearchSecurity that the increase in attacks correlates with the increase in use and in the number of players in the currency and platform markets.
Ryan Kovar, distinguished security strategist at Splunk, has observed anecdotal evidence of an increase in activity against cryptocurrency wallets, which he attributed to the observed successes of ransomware groups.
"I think we're seeing a natural evolution of going after people's invoices and bank accounts, and now there's money in crypto and a lot of these places are not as mature in their security operations," he told SearchSecurity.
Samuel also addressed the issue of immature security operations. One of the aspects that makes cryptocurrency exchanges and platforms an interesting target for attackers, according to Samuel, is their deployment of novel systems. There is a significant benefit, he said, to being the first mover in the cryptocurrency market. However, it may also benefit potential attackers.
"You may have various companies that want to be the first one to provide X or provide Y and a result, while it's great to be first, you may sometimes put security further down the list of priorities," he said. "But from an attacker's perspective, their goal is justifying one vulnerability that can lead to them extracting millions of dollars from your system. It doesn't matter that you have the other 99% correctly implemented."
Examples of platform shortcomings that Samuel provided were insufficient validation or incorrect signature checks.
During a panel at the SecureWorld Boston conference earlier this month, Brendan "Casey" McGee, assistant to the special agent in charge for the U.S. Secret Service, said many of the cryptocurrency attacks they've observed use the same tactics, techniques and procedures that exist in business email compromise and in other financial crimes. That includes credential theft, social engineering, phishing, SIM card swaps and romance investment scams.
"We are seeing a lot of typo-squatting where scammers are putting together slick websites. It will be a mirror of that website except minor differences in the URL," McGee said during the panel.
From a user standpoint, Kovar mentioned a lack of two-factor authentication (2FA) as a major risk. Implementing 2FA was a step many platforms took in the aftermath of recent attacks.
"In the cryptocurrency space, growth can happen really quickly and explosively," Samuel said. "So your system that you built may have been fine for lower volume in that initial installment, but that can change really quickly in a matter of days or weeks given how decentralized it is."
Can cryptocurrency be secured?
While platforms can improve security postures, it comes down to the user as well. Mark Basa, global brand and business manager of cryptocurrency firm HOKK Finance, told SearchSecurity when it comes to securing hot wallets, it requires due diligence on the part of the individual.
As easy as it may be to enter the cryptocurrency arena, it can be just as easy to lose money, he said. Awareness and education are important in what he referred to as the "wild, wild west."
Basa experienced an attempted cryptocurrency scam in the form of a phishing email that, though unsuccessful, he said many other users received as well.
"People are falling for these really well-crafted emails, clicking the link and the link is then exposing the MetaMask or Trust Wallet and then it gets taken out and washed," Basa said. "What we're facing right now in crypto is that you really got to know your stuff."
On the other hand, McGee said the Secret Service has prevented over $2.2 billion in potential fraud loss related to cryptocurrency financial transactions. Additionally, he said they returned over $54 million in actual losses to victims of cryptocurrency-related crimes.
When it comes to securing and tracking cryptocurrency activity, it appears there's more work to be done. The ways to avoid being tracked are getting better and better, according to Basa. McGee addressed whether the Secret Service could see where the money goes during the conference.
"The best answer I can give you is 'sometimes.' Not all the time -- there are limits," McGee said during the panel. "There are places where we will run into a brick wall, but there are investigative tactics to be able to track through mixers and tumblers and places like that."