Though once synonymous with underground networks and black hat hackers, bitcoin and other cryptocurrencies have gone mainstream over the past two years.
In 2017, we saw the skyrocket of bitcoin to an all-time high of close to $20,000 followed by a significant decline the following year.
But beyond the ups and downs in the market for the world’s largest cryptocurrency is a much more sinister story revolving around cyber-attacks of the economy’s newest asset class.
In 2018, it estimated that as much as $1.7 billion worth of cryptocurrencies were swindled away from investors (likely more) through a variety of means.
Whether accomplished through hacking, phishing, or other forms of scamming, it’s clear that the crypto industry is facing a serious dilemma with security.
For a technological movement based on decentralisation and the advantages it offers for security, the number of breaches occurring is startling.
Cryptocurrencies offer users a way to send money without the need for a third party, yet the industry as a whole is dealing with more security vulnerabilities than centralised financial firms doing the same thing. During the same time period, more traditional companies that transfer money and banks have seen nowhere near the same amount of issues with hackers. So, what’s the problem?
The Weakness: Crypto Exchange Services
While cryptocurrencies and blockchain technology are decentralised in nature, there are many aspects of the cryptosphere that aren’t. The number one culprit in 2018 was cryptocurrency exchanges. Unlike the underlying technology behind currencies like bitcoin, ether, and Litecoin, cryptocurrency exchanges are centralised in nature and not yet regulated to the same extent that most financial firms are.
According to data from CipherTrace’s 2018 cryptocurrency report, $950 million of the total $1.7 billion stolen were from exchanges and infrastructure services. Exchange services are a particular pain point for the industry because they’re one of the easiest ways for users to get started with cryptocurrencies as some even handle fiat currency.
Often referred to as “on-ramps” for the crypto industry, fiat friendly exchanges are easy for beginners to use and purchase their first crypto.
However, with that ease of use comes a major target for hackers and phishers. 2018 was undoubtedly a big year for cryptocurrency hacks, setting new records for theft, but 2019 may not be far off. Just four months into the new year, here are two of the major cyber attacks that have already occurred in 2019.
Last month, popular South Korean exchange Bithumb announced that it suffered a security breach and theft to the tune of $19 million worth of cryptocurrencies, making it the largest of the year.
The exchange suspects that the attack may have been carried out with the help of an insider to steal EOS and XRP. More notable is that this is not the first time the exchange has been compromised.
In 2017, hackers managed to get away with $31 million worth of cryptocurrencies from the exchange and around $1 million the year before.
Also occurring in March, Singapore-based cryptocurrency exchange DragonEx revealed that it too had been hacked.
After going public with the announcement, the company revealed that it estimates somewhere around $7 million worth of cryptocurrencies were stolen and transferred off the exchange to various other exchanges and wallets.
DragonEx has stated that it’s working on a preliminary compensation plan for clients whose funds were stolen and has denied rumours of potential bankruptcy.
The exchange has publicly released the addresses of wallets it believes to be possibly holding stolen funds and has asked for assistance from other exchanges and wallet providers.
As the total amount of cryptocurrencies stolen from investors continues to rise each year, security experts are scrambling to find the most effective methods to combat hacking.
However, also included in CipherTrace’s report was the changing landscape of crypto hackers and scams. In the first three quarters of 2018, the majority of theft happened via direct exchange hacks, now that’s starting to change.
With exchange services beginning to take security concerns more seriously, different forms of attacks are becoming more common.
Looking forward into 2019, experts suggest that tactics like social engineering and the utilisation of insiders may be the largest threats.
Scammers and phishers see the cryptocurrency space as low hanging fruit over recent years as more newcomers flock to the scene.
Between fraudulent social media accounts claiming to be influential people to bogus “exchange support members” accounts claiming to help with logging in problems, the way the industry thinks about security breaches is changing.
images from Hacker News