Anti-Phishing, DMARC , Blockchain & Cryptocurrency , Cybercrime

Report: Cryptocurrency Exchanges Lost $882 Million to Hackers

Launching an ICO? You're a Target, Group-IB Warns
Report: Cryptocurrency Exchanges Lost $882 Million to Hackers

An analysis of attacks against cryptocurrency exchanges over nearly two years shows hackers have inflicted $882 million in damages, according to Moscow-based cybersecurity firm Group-IB.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

The tally is likely to grow next year, it says, as seasoned hacking groups such as Cobalt, Silence and MoneyTaker, which appear to be operating from Russia, as well as North Korea's Lazarus group, direct more attention to exchanges as well as initial coin offerings (see Cobalt Cybercrime Gang Reboots After Alleged Leader's Bust).

"In 2019, cryptocurrency exchanges will be a new target for the most aggressive hacker groups usually attacking banks," Group-IB writes. "The number of targeted attacks on crypto exchanges will rise."

Group-IB's tally of cyberattacks against cryptocurrency exchanges

In many ways, the attacks against virtual currency exchanges mirror the pedestrian - but effective - hacks that continue to compromise so many enterprises. Namely, attackers' phishing emails continue to dupe victims into divulging credentials or installing malware, Group-IB says.

The targets not only include exchanges, but also cryptocurrency companies launching ICOs, which are fundraising exercises that involve the sale of tokens to private investors. Group-IB says it found that more than 10 percent of the funds raised during ICOs were stolen - at least during the period it studied, which ran from 2017 through the end of September 2018.

Lucrative Attacks

Cyberattacks have been a thorn in the side of the cryptocurrency landscape since bitcoin's blockchain went live in early 2009. Companies that set up exchanges to buy and sell cryptocurrency arguably underestimated the determination and cleverness of attackers, resulting in astounding losses.

One of the most notable such attacks struck Tokyo-based Mt. Gox in 2014. Over the course of a few years, attackers stole 650,000 bitcoins, worth around $361 million, until Mt. Gox disclosed the attack in February 2014 and subsequently shut down. The attack was initially thought to have extracted 850,000 bitcoins, but the company later found 200,000 that were not missing (see Bitcoin Trading Website Goes Dark).

A Russian man, Aleksandr Vinnik, was indicted by a grand jury in the U.S. in July 2017 on numerous charges, including laundering stolen Mt. Gox funds. Vinnik ran BTC-e, a Russia-based exchange, which prosecutors allege laundered stolen bitcoins from Mt. Gox.

Vinnik was arrested in Greece just before the indictment was announced. Although the U.S. sought his extradition, as did France, Greece's Supreme Court ruled in September that he be extradited to Russia, which has sought custody of Vinnik for alleged criminal activity there, the New York Times reported. But it's still up to Greece's justice minister to make the final decision on where Vinnik might be extradited.

Mt. Gox's losses, meanwhile, were eclipsed earlier this year by those of Coincheck, a Japanese exchange. In January, attackers stole $530 million worth of NEM, a token belonging to the eponymous blockchain project. The attackers obtained the private key for Coincheck's "hot wallet," the reservoir of funds used for live trading on its exchange (see Japanese Cryptocurrency Exchange Suffers $530 Million Theft).

Irresistible Targets

Exchanges are alluring to attackers because their security defenses usually lag those of well-heeled financial services firms. Additionally, most virtual currency transactions are irreversible, meaning after an attacker obtains the funds, the tokens are impossible to recover unless the holder voluntarily returns them.

"In 2019, cryptocurrency exchanges will be a new target for the most aggressive hacker groups usually attacking banks. The number of targeted attacks on crypto exchanges will rise."
—Group-IB

Some virtual currencies, such as bitcoin, can be traced by watching how funds move from one payment address to another on the open digital ledger known as the blockchain.

But the identity of who holds the funds is usually unknown. The riskiest part of the stealing virtual currency is trying to then sell it for cash, because many exchanges now run know-your-customer anti-money laundering checks (see Criminals Hide 'Billions' in Cryptocurrency, Europol Warns).

While cyberattacks against exchanges have always been a threat, they have done little to diminish interest in virtual currency. Instead, the most significant influence by far has been the value of the cryptocurrencies.

The surge in their value, starting in December 2017, caused a huge amount of attention, which likely fueled this year's ICO boom. But that enthusiasm - at least among the general public - has been dampened this year as the value of many virtual currencies has plunged by as much as 80 percent.

The price of bitcoin has drastically fallen since its December 2017 peak. (Source: CoinMarketCap)

Still, in the first five months of this year, 537 ICOs collectively raised $13.7 billion, according to the Crypto Valley Association and PwC's Strategy & Consulting unit. That amount already represents more than ICOs had raised collectively since 2013, according to a Crypto Valley Association study released in June.

Group-IB says that more than half of the funds stolen from ICOs were linked to phishing attacks. But the virtual currency itself isn't hackers' only target. Some attacks have sought to steal lists of investors interested in ICOs, perhaps for schemes such as blackmail or highly targeted phishing attacks.

"Attacks on ICOs will remain a threat for every project potentially able to attract investors," Group-IB says.

Executive Editor Mathew Schwartz also contributed to this story.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.