Why do cybercriminals target digital currencies?
TechMoran examines the reasons behind the persistence of cyberattacks on cryptocurrency investors.
Let’s examine the reasons for and methods used by hackers to target crypto investors.
The digital currency sector is expanding quickly, with over 420 million users, over 12,000 cryptocurrencies globally, and an expected value of US$2.2 billion by 2026. But because of its quick expansion, cybercriminals now target it in an attempt to trick unsuspecting victims.
In this article, TechMoran examines the attack vectors and vulnerabilities unique to cryptocurrency-based cybercrime that hackers use.
Why Do Cybercriminals Target Cryptocurrencies?
Attacks on Cryptocurrencies Can Pay Off Handsomely
With market values of $330.6 billion, $152.6 billion, and $68.2 billion for Bitcoin, Ethereum, and Tether, respectively, traders in digital currencies and wallets may be a tempting target for cybercriminals. So much so that, in 2022, cryptocurrency hackers stole $3.8 billion in value. It was almost double the sum of what was siphoned by hackers last year, which was $2 billion in cryptos.
Malicious criminals broke into leading cryptocurrency-focused algorithmic trading firm for digital assets Wintermute’s hot wallet in September 2022 with the intention of stealing $162.5 million.
Note: A cryptocurrency wallet that’s readily accessible online and allows for transactions between its owner’s wallet and other people’s wallets is referred to as a “hot wallet”. These wallets are connected by public and private keys, which serve as both security and transactional aids.
The hackers used a flaw in the private keys produced by the Profanity app to accomplish this. A cryptocurrency wallet’s private key is a secure code that identifies the wallet’s owner and permits transactions. On the other hand, malevolent actors may be able to access a crypto wallet if these keys are dangerous.
Even the gambling industry hasn’t been bypassed when it comes to crypto attacks. Over $40 million in digital assets has been taken by hackers from what is purported to be the top betting site in the world, Stake. Based in Curaçao, the gambling platform allows users to wager on sports and casinos with cryptocurrencies. It reported in September of last year that its Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets have been used to make illicit transactions. Fortunately for the business, the hackers spared themselves an effort to hack any other wallets. Blockchain security firm Cyvers initially reported the problem, pointing out that $16 million worth of Ethereum coin had been taken out of Stake. After that, the pilfered cryptocurrency was moved to more external wallets. ZachXBT, a blockchain investigator, conducted additional research and found that $25.6 million in BSC and Polygon (MATIC) had been taken out of the hot wallets. This all affected the Stake’s reputation and made clients turn to other crypto gambling operators, preferably Monero betting sites, which proved to be more confident and more anonymous crypto, highly suitable for gaming.
Blockchain Enterprises Might Be More Susceptible to Cyberattacks
Even though Digicash produced the first digital currency, eCash, in 1990, it wasn’t until 2009 that cryptocurrencies gained popularity thanks to the release of Bitcoin. Since there are about 100 new cryptocurrencies launched every day, the desire to get into the market could lead to so-called “cryptopreneurs” putting more emphasis on starting and growing their venture than safeguarding their company.
The eagerness to launch can result in security flaws that are a major attraction for hackers. Because it isn’t necessary to invest a significant sum of money to launch a startup in the cryptocurrency area, people may choose to concentrate their investments on building an eye-catching website or other front-end features rather than safeguarding the back end of their organization. They are hence open to cyberattacks.
It’s likely that not even some of the bigger cryptocurrency companies have advanced enough cyber security to keep hackers at bay. It makes sense that keeping up with the rapidly expanding crypto business would be challenging. Deploying a robust cyber defense plan and infrastructure would require a full-time employee given the rate of intelligence growth of both hackers and technology.
It was discovered in January of last year that $415 million worth of cryptocurrencies had been taken by hackers from the defunct exchange FTX. The theft was uncovered after FTX attorneys and consultants found $5.5 billion in assets that needed to be found, of which the pilfered cryptocurrency accounted for around a 10th. Prosecutors said that over $370 million in bitcoin had vanished from the exchange, and it was speculated that the stolen coin may have been connected to a cyberattack that happened just hours after FTX filed for bankruptcy.
This, however, can’t compare to what stands as the largest incident in history – the breach of the Ronin network (an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity) in 2022, where North Korean state-backed hacking group Lazarus stole more than $600 million in cryptos.
Transfers of Cryptocurrency Can’t Be Undone
Transfers of cryptocurrency occur on a network that’s decentralized, which means that once money is sent, it can’t be stopped or reversed—the recipient can only recover their money back. This is because no data on the network can be altered due to the irrevocable nature of the blockchain. In addition to preventing chargebacks, digital currency methods implemented by cryptocurrency organizations shield merchants from having their funds reversed or canceled.
This implies that there’s very little chance that victims will be able to retrieve the money after hackers are able to access and move from a victim’s crypto wallets.
The complete digital livelihood of NFT God was breached on January 15, 2023, when hackers obtained access to and took a substantial amount of money and NFTs from their digital wallet, altering their entire net worth.
NFT God clarified that malware that they thought was video streaming software had been downloaded by mistake, giving hackers access to their computer and digital wallet. Every digital asset owned by NFT God was taken by the hackers. According to blockchain data, these assets comprised multiple NFTs, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and at least 19 ETH, which was valued at about $27,000 at the time.
Hackers profit from the desire of those who lose their digital goods to get them back. The US Federal Trade Commission (FTC) has warned cryptocurrency owners not to trust people or businesses that offer cryptocurrency recovery services due to the prevalence of hackers taking advantage of this desperation. Malicious actors will persuade victims in these scams that they can get their money and assets back, but in order to do so, they will either charge them a fee or require their financial details. This results in additional deception of the victim.
How Do Fraudsters Target Businesses and Users of Cryptocurrencies?
Attacks Using Social Engineering to Deceive Unwary Investors
Malicious individuals take advantage of this pressure on those who are interested in investing in cryptocurrency to purchase at the best possible time by attacking using social engineering. This was demonstrated in July 2022 when the US Federal Bureau of Investigation (FBI) alerted investors to the fact that fraudulent cryptocurrency applications had resulted in $42.7 million in losses in just six months.
The FBI documented 244 victims who lost from $900,000 and $5.5 million each to fraudulent digital currency apps between November 1, 2021, and May 13, 2022. Scammers pretended to be authorized US investment services in the schemes, and they targeted people with an interest in mobile banking and cryptocurrencies in particular. The hackers utilized the names and logos of the aforementioned investment businesses in their conversations with the victims in order to look more trustworthy. The investors were duped by the hackers when they used these strategies to persuade them to download mobile apps.
The two businesses for which the con artists made fictitious websites were Supayos, an Australian currency exchange company, and YitBit, the name of a formerly reputable crypto service. According to the FBI, this was a strategy to give the fraud apps a more authentic appearance. By patiently awaiting traders to put money into the fictitious accounts and then informing them through the mobile application that they must pay taxes before they can withdraw any money, the thieves, acting as YitBit, were able to scam no fewer than four victims out of $5.5 million. As a result, those harmed were powerless to take their money out of the fake program.
According to research conducted by the cyber security reference site Privacy Affairs, in 2022, malevolent actors initiated 15 cryptocurrency-related scams each hour, resulting in hackers taking $4.3 billion in cryptocurrencies between January and November.
Breaking into Token Bridges in Order to Extract Money
Users of cryptocurrencies utilize blockchain bridges to move coins across various blockchains. The assets are deposited over the bridge as “wrapped” tokens in order for the bridges to function. The tokens can operate on the blockchain to which they are being moved if they are wrapped. Sadly, because bridges have weaknesses at both ends of the transfer, they become more vulnerable to attacks.
The US-based cryptocurrency company Nomad said in August 2022 that the breach of the Nomad token bridge had resulted in the theft of $190 million worth of cryptocurrencies.
The money was taken after malevolent actors were able to substitute the intended destination wallet with their own account due to a vulnerability in the bridge’s implementation.
The hackers stole enormous amounts of money from multiple token bridges in July 2023, moving over $126 million between networks like Fantom, Moonriver, and Dogecoin. The ensuing event not only highlighted multichain’s weaknesses but also threw other ecosystems that depended on it into disarray.
Attacks Using Phishing Techniques to Access Digital Wallets
Hackers will impersonate cryptocurrency companies in a manner akin to that of phony companies used to deceive investors in order to obtain access to cryptocurrency users’ wallets through phishing attacks.
Phishing assaults were employed by a hacker known as Monkey Drainer in October 2022 to take $1 million in Ethereum and NFTs in a single day. The hacker group known as Monkey Drainer is well-known for using phishing-based tactics to defraud users by creating phony NFT and cryptocurrency websites. Monkey Drainer has been observed to impersonate reputable blockchain websites, such as RTFKT and Aptos, in order to provide credibility to these fraudulent sites. Victims grant Monkey Drainer access to their wallets and money by providing critical information concerning their digital currency wallets and approving transactions after logging into the phony websites.
In the October 2022 attack, the two most well-known victims were solely identified as 0x02a and 0x626. Through malicious phishing websites run by Monkey Drainer, the two lost a total of $370,000, with 0x02a losing 12 NFTs valued at about $15,000. At the time, 0x626 had about $2.2 million in their cryptocurrency wallet. Nevertheless, the network the wallet was on rejected some of the transactions that Monkey Drainer had pushed because they were deemed suspicious. This indicated that $220,000 worth of crypto had actually been lost in total.
In 2023, there was a surge in cryptocurrency phishing operations. Scammers used malware called Wallet Drainer to steal around $300 million from their victims. Over the course of the previous year, wallet drainers took $295.5 million in cryptocurrency assets from over 324,000 victims; the most money taken from a single user was $24 million.
Conclusion
Hackers plundered billions of dollars worth of cryptocurrency for another year. It’s 2023 we’re talking about. However, according to crypto security firms, the trend is declining for the first time since 2020. Even though it’s spread among multiple occurrences, this sum highlights the ongoing weaknesses and difficulties in the DeFi ecosystem. Even if the prolonged bear market in the early half of the year somewhat dampened interest in the industry, 2023 served as an indicator of both the persistent vulnerabilities and the progress achieved in resolving them.
One can’t foresee what may occur in 2024. However, considering the lax security measures taken by many web3 and cryptocurrency initiatives and the enormous financial worth they possess—discussed at TechCrunch Disrupt earlier this year—we may anticipate hackers to stay persistent in targeting the industry that’s clearly growing.