Cyber Security Hub explores why and how hackers target cryptocurrency investors.
With over 420 million cryptocurrency usersmore … than 12,000 cryptocurrencies in the world And one estimated value of $2.2 billion by 2026, the digital currency market is growing rapidly. This rapid growth, however, has made it a target for cyber attackers looking to defraud their victims.
Here, Cyber Security Hub explores the threat vectors used and vulnerabilities exploited by hackers specific to cryptocurrency-based cybercrime.
Why do hackers target cryptocurrency?
Cryptocurrency attacks can have big payoffs
With Bitcoin, Ethereum, and Tether having market caps of $330.6 billion, $152.6 billion and $68.2 billion respectively, cryptocurrency traders and wallets can be an attractive target for hackers.
In September 2022, malicious actors compromised the hot wallet of cryptocurrency market maker Wintermute to steal $162.5 million. The term hot wallet refers to a cryptocurrency wallet that is available online and can facilitate transactions between the owner and the wallets of others. To do this, the hackers exploited a vulnerability in the private keys generated by the Profanity application. Private keys are a secure code that proves ownership of a cryptocurrency wallet and allows the wallet holder to perform transactions. If these keys are insecure, however, it can allow malicious actors to gain access to a cryptocurrency wallet.
Cryptocurrency businesses may be more vulnerable to attacks
While the first cryptocurrency, eCash, was created in 1990 by Digicashcryptocurrency did not reach the mainstream until the introduction of Bitcoin in 2009. With about 100 new cryptocurrencies created and minted every day, the urge to join the market can mean that so-called cryptopreneurs focus more on creating and launching their cryptocurrency than protecting their business.
Luke Willmott, co-founder and COO of crypto-based car market AutoCoinCars notes that this enthusiasm for the launch can lead to security issues that are very attractive to hackers. He notes that since people don’t need to invest a large sum of money to create startups in the cryptocurrency space, it may mean that their investment is focused on the front-end of the business. business, for example by creating an attractive web page, rather than protecting the back-end of their business. This makes them vulnerable to attacks.
“Even some of the biggest cryptocurrency companies probably don’t have cyber defenses sophisticated enough to thwart hackers. With the cryptocurrency industry growing rapidly, it’s understandable why this can be difficult to keep track of. Add at this the rate that hackers and technology are getting smarter, you would need a full-time person to deploy a strong cyber defense strategy and infrastructure,” says Wilmott.
In January this year, it was revealed that collapsed cryptocurrency exchange FTX had $415 million worth of cryptocurrency stolen by hackers. The loss was discovered after FTX lawyers and advisers identified $5.5 billion in assets to be recovered, with the stolen cryptocurrency accounting for approximately one-tenth of the assets to be recovered.
Global news firm Insider suggested that the stolen cryptocurrency “may be linked to a hack that took place just hours after FTX filed for bankruptcy” and prosecutors noted that more than $370 million worth of crypto had “disappeared from the exchange”.
Cryptocurrency transfers cannot be undone
Cryptocurrency transfers take place on a decentralized network, which means that when funds are transferred, they cannot be canceled or reversed, only refunded by the recipient. This is due to the immutable nature of the blockchain, which makes it impossible to change all data on the network. Digital currency protocols put in place by cryptocurrency companies to allow merchants to accept digital currency without chargebacks also prevent funds from being canceled or reversed.
This means that if hackers are able to access and transfer funds from a victim’s cryptocurrency wallets, it is highly unlikely that they will be able to recover those funds.
On January 15, a cryptocurrency and NFT influencer who uses the moniker NFT God posts on Twitter that “their entire digital livelihood has been breached” after hackers gained access to and stole “an amount of life that changes life”. [their] net worth” in funds and NFTs from their digital wallet.
All channels I have with my community, friends and family have been compromised in the last 24 hours
My Twitter, Substack, Gmail, Discord and Wallets have all been invaded and taken over by bad actors
Significantly less important than all that I lost all my digital assets
— NFT God (@NFT_GOD) January 15, 2023
In a series of tweets, NFT God explained that they believe hackers gained access to their computer and digital wallet after they mistakenly downloaded malware they believed to be video streaming software. Hackers stole all of NFT God’s digital assets.
Cryptocurrency news site Metaverse Zeus reported that blockchain data showed these assets included “at least 19 ETH, worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and several other NFTs”.
Speaking about the hack, NFT God tweeted: “There is no recourse. It is not repairable. You cannot undo blockchain transactions.
Hackers have even capitalized on the fact that those who lose their digital assets will want them back. The prevalence of hackers exploiting this desperation has led the U.S. Federal Trade Commission (FTC) issue a warning to cryptocurrency owners do not trust individuals or companies that offer cryptocurrency recovery services. In these scams, malicious actors will tell victims that they can return their funds and assets and then charge them a fee or ask for their financial information to do so. This leads the victim to be further defrauded.
How do malicious actors target cryptocurrency users and businesses?
Social engineering attacks against unsuspecting investors
While those looking to invest in cryptocurrencies feel the pressure to buy at the most opportune time, malicious actors are exploiting this pressure in social engineering attacks. An example of this was seen in July 2022, after the US Federal Bureau of Investigation (FBI) warned cryptocurrency investors that fake cryptocurrency apps had resulted in losses of $42.7 million in just six months.
Between November 1, 2021 and May 13, 2022, the FBI identified 244 victims who lost between $900,000 and $5.5 million each to fake cryptocurrency apps.
The scams involved fraudsters posing as legitimate US investment services and specifically targeting those with an interest in cryptocurrency and mobile banking. During communications with the victims, the hackers used the logos and names of the said investment services to make themselves look more legitimate. Using these techniques, hackers managed to convince investors to download mobile apps, which led to them being defrauded.
The two companies the scammers created fake websites for were YitBit, which is the name of a legit old cryptocurrency service, and Supayos, an Australian exchange company. The FBI suggested this was an attempt to make fraudulent apps more legitimate.
The criminals were able to defraud at least four victims of $5.5 million by posing as YitBit, waiting for investors to deposit funds into the fake accounts, then telling them through the app that to withdraw funds, they have to pay taxes. This meant that victims were unable to withdraw investments from the fraudulent app.
Research by cybersecurity resource site Privacy Affairs found that malicious actors got into 15 cryptocurrency-based scams every hour in 2022, leading to pirates stealing $4.3 billion worth of cryptocurrency from January to November.
Hack token bridges to steal funds
Blockchain bridges are used by cryptocurrency users to transfer cryptocurrency between different blockchains. Bridges work by depositing assets in the form of “wrapped” tokens on the bridge. Wrapping the tokens allows them to run on the blockchain they are being transferred to. Unfortunately, this makes bridges more vulnerable to attack because they have vulnerabilities at each end of the transfer.
In August 2022, the American cryptocurrency company Nomad confirmed that $190 million worth of cryptocurrency was stolen via a hack of the Nomad Token Bridge.
The funds were stolen after hackers exploited a flaw in the bridge’s code that allowed malicious actors to replace the intended destination wallet with their own account.
Phishing attacks to access digital wallets
Similar to using fake cryptocurrency companies to defraud investors, hackers will impersonate cryptocurrency companies to gain access to cryptocurrency users’ wallets via phishing attacks.
In October 2022, a hacker known as Monkey Drainer used phishing attacks to steal $1 million worth of Ethereum and NFT in just 24 hours.
Monkey Drainer is known for using phishing-based hacking techniques rob victims by creating fake cryptocurrency and NFT sites. To make these fake sites more believable, Monkey Drainer has been known to pose as legit blockchain sites, including RTFKT and Aptos. After logging into the scam sites, victims enter sensitive details about their cryptocurrency wallets and sign the transactions, allowing Monkey Drainer to access their wallets and funds.
The most important victims of the October 2022 attack were only designated by 0x02a and 0x626. The pair lost a collective $370,000 via malicious phishing sites operated by Monkey Drainer, with 0x02a losing 12 NFTs worth around $150,000.
0x626 held approximately $2.2 million in his cryptocurrency wallet at the time, however, some of the transactions pushed by Monkey Drainer were rejected by the network the wallet was on because they were marked as suspicious. This meant that the overall actual loss was $220,000 in cryptocurrency.