2017 saw many risk-takers rack up small fortunes by riding the Bitcoin wave, but some ended up in tears — their accounts hacked and their crypto-wallets emptied. While you might be tempted to blame the wallet’s owner for such a mishap, it’s not that simple.
An investigation into two years’ worth of data leaks from cryptocurrency exchanges reveals that hackers aren’t exactly having a hard time hacking into cryptocurrency exchange services. A good example was the case in June of South Korea’s Coinrail, which lost about £28 million / $36 million to hackers. Crypto-fans might remember that the cyber-attack instantly sent the price of Bitcoin tumbling 10%.
Group-IB has found that, from 2016 to 2017, the number of cryptocurrency-related data leaks soared by 369%, while the first month of 2018 set a record.
“Due to growing interest in cryptocurrencies and the blockchain industry, in January the number of incidents jumped by 689% compared to the 2017 monthly average,” researchers said.
The USA, Russia and China are the primary targets, and every third victim of the attack is an American. The US also hosts 56.1% of criminal C&C servers belonging to cryptocurrency hackers, followed by the Netherlands (21.5%), Ukraine (4.3%) and Russia (3.2%).
Attackers use techniques ranging from simple social engineering methods to more sophisticated trojan deployments, leveraging tools like AZORult and Pony Formgrabber, and Qbot. Cybercrooks are also repurposing tools previously used in bank attacks.
So, why are cryptocurrency exchanges such sitting ducks?
The answer, according to researchers, is simpler than one might like to believe: “disregard for information security and underestimating the capabilities of cybercriminals. The first and main cause is that both users and exchanges omit to use two-factor authentication. The second cause is disregard for basic security rules such as the use of complex and unique passwords.”
Analyzing 720 accounts, Group-IB found that one in five uses a password shorter than 8 characters – a dangerous practice, considering how successful brute force attacks can be against weak passwords.
After analyzing circumstances of other exchanges that got hacked – including Bitfinex, Bithumb, Bitstamp, HitBTC, and Poloniex – researchers drew the following conclusion:
“Currently no cryptocurrency exchange, regardless of its size and track record, can guarantee absolute security to its users.”
This chilling conclusion alone should send shivers down the spines of those who sold expensive goods to hop on the Bitcoin bandwagon – or at least it should prompt them to set a stronger password.
Other attack vectors identified by researchers included: errors in the source code of the software; phishing attacks; unauthorized access to the user database; vulnerabilities related to storage; and withdrawal of funds.
“However, all of them stem from the lack of attention to information security and protection of digital assets,” researchers emphasized.
As far as crypto-exchanges are concerned, considering the kind of business they run and how a breach can affect their customers’ lives, two-factor authentication should be the absolute minimum level of protection for customer accounts. Unfortunately, not all of them enforce this practice, the research revealed.