Sequel to How Cryptocurrency Works, here are the major cryptocurrency attacks vectors used by cybercriminals to compromise cryptocurrency accounts and do away with the funds.
- System vulnerabilities
As in all I.T systems, vulnerabilities are unavoidable. In cryptocurrency infrastructure, “vulnerabilities in smart contracts, wallets, and web applications have been used to drain at least $150 million in ICO funds in just over a year. This means cybercriminals have stolen nearly 9.5% of the value of all Ethereum ICOs”[1]. An example is Bitrue, a Singaporean cryptocurrency exchange breach on June 26, 2019. Bitrue lost about $5million to hackers who exploited a vulnerability in its Risk Control team’s second review process to “access the personal funds of about 90 Bitrue users,” … “and move 9.3 million XRP and 2.5 million ADA to different exchanges” from its hot wallets. A bug in the Bitfinex multi-signature system was exploited by hackers to withdrew about 120,000 BTC (about $72 million ) from its hot wallet in 2016. Also, In May 2017, hackers leveraged a critical vulnerability in the Poloniex exchange’s software to withdrew funds from the exchange.
- Insider threats and exit scam
Apart from cyber thieves compromising the cryptocurrency exchange’s infrastructure, exit scam is another increasing fraud tactic in cryptocurrency business. Insiders mostly the executives fabricate means of defrauding the investors of their funds. A recent example is the $195 million user funds that disappeared as a result of a password that died with QuadrigaCX’s CEO, Cotten. It was claimed that only the CEO has the passwords to the exchange’s wallet which according to Ernest and Young investigation as stated in CipherTrace report might not be true. “Ernst & Young revealed it had utilized public blockchain records to review the transactional activity of the six identified cold wallets set up by Cotten, where Ms Robertson claims the assets were locked up without access to the password keys. However, instead of holding US$137 million, the wallets were empty. Moreover, they had been drained in early April 2018. Ernst & Young also found evidence of what appeared to be 14 fake accounts set up by the company under false names that had been trading large amounts of crypto to accounts on external exchanges”.
Insider threats had led to almost 200 million dollars lost in which founders and executives embezzled users’ custodial crypto funds according to a report[2]. This includes Bithumb, the largest cryptocurrency exchange in South Korea loss of $14 million in EOS and XRP in March 2019 and Coinbin which collapsed after losing $26 million. According to Coinbin, an insider “removed hundreds of cryptographic keys to coin wallets containing hundreds of Bitcoins, and also lost the cryptographic key to a wallet containing more than 100 Ethereum coins”
- Phishing attacks
In a report by Ernst & Young, phishing was identified as the most commonly used technique for cryptocurrency cyber-attackers. Hackers steal about $1.5 million in ICO proceeds per month via phishing by either deceiving the investors to transfer funds to wrong wallets or handing over the private keys to their digital wallets. Almost $400m has been stolen from initial coin offerings (ICOs). More than 10% of ICO proceeds are lost as a result of cyber-attacks. Phishing attackk was used to steal 19,000 BTC (about $5 million) from Bitstamp’s hot wallet in 2015.
The security of the private key determines the security of either hot or cold wallet. Where the private keys are stored and who controls and /or have access to them is the most important security aspect of a crypto wallet.
You may also, want to read how cryptocurrency works