Cryptocurrency boom provides opportunities for cyber criminals

The rise of cryptocurrencies like Bitcoin, Ethereum and Ripple has been astronomical over the past 12 months. And while the boom has generated substantial profits for the savvy investor, it is also increasingly drawing the attention of cyber criminals

Once considered the sole preserve of computer nerds and online criminals, Bitcoin and the plethora of altcoins have since evolved into a legitimate and exciting investment vehicle. Predominantly this stems from a growing appreciation and understanding of the underlying blockchain technology, as well as the vast potential for profits, despite the sometimes extreme market volatility.

As an example, there are now more than 54 cryptocurrencies worth more than $10 million at the time of writing. Bitcoin, the original and most valuable cryptocurrency, has a market capitalisation of approximately $80 billion – more than PayPal and many fiat currencies around the world. The price of a single coin has risen by nearly 88% in the past year alone; others including Ethereum have appreciated even more.

One notable facet of the boom has been the rise of cryptocurrency-mining malware. These strains are designed to create vast botnets with the necessary computational power to mine cryptocurrencies. Not only does this drain the resources of the infected machines and increase power consumption, it can also faciliate other web and network-based attacks. Adylkuzz, discovered in May 2017, used both the EternalBlue and DoublePulsar NSA hacking tools to spread, much like the notorious WannaCry ransomware. Once infected, the machines were used to mine Monero, a coin known for its anonymity.

Another notable aspect of the cryptocurrency investment scene is the Initial Coin Offering (ICO). These involve a company selling its own crypto-tokens to investors to crowdfund projects in the cryptocurrency and blockchain industries. Following a successful sale, the company secures the capital needed to fund its new venture and the investor receives their newly-minted altcoins. In most instances these are sold at a fixed price and rapidly increase in value, providing the buyer with an opportunity to make substantial profits within a short timeframe.

Unsurprisingly, the crypto gold rush has attracted the attention of fraudsters and other cyber criminals. Indeed, on 25 August 2017, the US Securities and Exchange Commission issued a warning for investors about the potential for ICO-related scams. Not only is it relatively easy to create a convincing-looking ICO, the pseudonymous nature of most cryptocurrencies makes any investment difficult to trace and impossible to recover.[1] As an example of the potential scale of fraudulent ICOs, the creators of OneCoin successfully amassed over $350 million before it was discovered to be a Ponzi scheme.

Hackers are also getting in on the action, using relatively simple attacks and exploits to divert funds before they are registered on the blockchain. And these are not trivial sums: hackers have stolen nearly $50m in five attacks since June 2017. Nearly $32m of this was stolen from Ethereum client Parity, where an attacker exploited a vulnerability in the software used to create multi-signature wallets. In the case of Enigma, the attacker simply hacked the website and uploaded a fake pre-sale page and then notified unwitting customers via spam emails.

Instances such as these prompted the National Cyber Security Centre (NCSC) to issue an alert in their weekly threat report for 25 August. It warns that attackers will increasingly target ICOs as they become more mainstream. In addition, they remind potential investors that “overall security is only as good as its weakest link: attackers won’t attempt complex attacks on cryptographic blockchains if they can achieve similar results by simple website or email exploits”.[2]

For potential investors in cryptocurrencies, it is important to remain vigilant and remember the old adage: if it seems too good to be true, it probably is.

“Bitcoin IMG_3418” by BTC Keychain is licensed under CC BY 2.0

  1. ↩︎

  2. ↩︎