The crypto revolution is gaining momentum. Bitcoin prices have soared past $12,600 and show no signs of slowing down. Unfortunately, hacking compromises, scam losses, and other nefarious methods of deception are also skyrocketing, as the seamy underbelly of the crypto-verse continues to make its presence known. Cryptocurrency theft is proliferating in all quarters, leveraging the Libertarian ideals that were meant to insure freedom from autocracy, but which have also provided the criminal element of our society a medium like no other for concealing their tracks and deceiving consumers.
Per Cointelegraph:
A recent report by cryptocurrency intelligence firm CipherTrace estimated losses from digital currency theft and scams in the first quarter of 2019 at $356 million, with additional fraud or misappropriated fund losses amounting to $851 million in the same period. Alarmingly, this Q1 total of $1.2 billion constituted 70% of the total losses to crypto crime in all of 2018, indicating intensified hacking activity in the first months of 2019.
The crooks are obviously upping their game, as the awareness and popularity of cryptos soar. According to security professionals, vulnerabilities in the infrastructure will continue to present opportunities to those professional hacking gangs with the funding to search for them, while the number of attacks on individuals will rise, due to a newcomer’s lack of appreciation for how easily their credentials can be compromised:
- Sky Guo, CEO and co-founder of Cypherium: “Security threats happen on the level of the software, the infrastructure. But our industry needs to realize that there are dangers attached to presenting something as ‘decentralized’ in order to cash in on the security advances of blockchain tech. Projects like Facebook’s Libra and some other major projects already leading in our industry still have central points of failure by virtue of their highly permissioned network structures, and they need to be more transparent about the security implications of such systems.”
- Matthew Finestone, the director of business development at Loopring, an open-source protocol for building decentralized exchanges: “I really see attacks drawing on human inattention becoming more prevalent. It’s dangerous because newcomers to the space aren’t aware of these threats, and they often fail to realize that there is no recourse after cryptocurrency is sent, unlike traditional financial systems that can bail you out in worst case scenarios.”
Researchers at Positive Technologies, a security research company, have determined that not only is the number of attacks increasing at a rapid rate, but also the structure of the attacks is adapting to the market. These changes are due to the crooks taking malware, which had primarily been used in cryptojacking exercises, and adapting it to be more versatile and smarter. In the past, the malware may have only searched for increased capacity for its mining network. It now scrapes clipboards and searches for any personal information it can find.
Security professionals have broken down a variety of threats directed specifically at unsuspecting consumers into what they call “attack vectors”, typically enabled by the insertion of malware within an Internet access device, as depicted below:
- Clipboard Hijacking: Malware now “scrapes” as much valuable information that it can find on your internal clipboard, even replacing crypto addresses to redirect transfers, payments, or even withdrawals to the crook’s coffers. The blockchain does not allow the reversal of nefarious transactions.
- Cryptojacking: This malware inserts mining software in the hidden background on your computer. Mining efforts correlate with crypto prices. Taking over another’s computer capacity to serve as an “agent” miner actually declined over 2018, due in part to declining prices. It is on the rise again for obvious reasons.
- Infection Chain: Antivirus software typically treats the credentials area within a device as reliable, leaving it unchecked. The newer versions of malware are now actually “hiding” within this credentials area to avoid detection.
- Website Clones: Websites that actively serve the crypto community and deal in cryptos are being cloned with the objective of installing malware in your device.
- Social Engineering: The average individual today has no idea of the technical sophistication of criminal intent within the social media space. Per one report: “The term “social engineering” refers to a broad scope of malicious activities whereby wrongdoers use human interactions to accomplish their goals. These attacks usually rely on less sophisticated technical solutions, seeking to exploit the victims’ lack of attention, literacy or understanding of the context in order to obtain sensitive information or extort digital assets.”
The messages are clear: Stay away from mysterious websites. Validate the spelling of URL addresses to ensure you are dealing with a legitimate site. Update your anti-virus software often. Lastly, always double-check wallet addresses when performing transactions.