It’s no surprise that cryptocurrency is attractive to hackers. Where there’s money, there will be hackers. And there’s a lot of money locked up in cryptocurrency. But, recently, cryptocurrency attacks are skyrocketing. So what is it that makes cryptocurrency so hackable?
First of all, it’s necessary to support the premise that these attacks have actually ramped up. This graph, modified from Comparitech, shows the increase in attack per month on cryptocurrency platforms over the last three years.
To add more depth to the chart above, of the 10 biggest cryptocurrency hacks of all time, six of them occurred in 2021. Of these, 5 occurred in the last half of the year with 3 in December…so far.
Poly Network – $610 million stolen – August, 2021
PancakeBunny – $200 million stolen – May, 2021
Bitmart – $196 million stolen – December, 2021
Vulcan Forged – $135 million stolen – December, 2021
Cream Finance – $130 million stolen- December, 2021
BadgerDAO – $120.3 million stolen- December, 2021
According to research firm, Chainanalysis, 2021 saw an 81% increase in the amount of cryptocurrency stolen over the previous year. In total, over $7.7 billion has been stolen in this year alone.
So, the big question here is: What’s going on?
The first reason many people lost money this year is from a ploy known as the ‘rug pull’. Basically, a group of hackers comes up with a new cryptocurrency and is looking for investors. They may announce the coin on Twitter, Telegram, or other cryptocurrency forum platforms and begin hyping it up as the next big thing. The developers/scammers may then pump up the price through their own investments to lure in others. When they get enough money from investors, they suddenly disappear with all of the money, never to be seen again… until they develop another cryptocurrency. Look for fake coin mixers to do the same thing in the future.
Another problem for cryptocurrency investors this year was the appearance of bogus financial management firms that would ‘take care of’ your investments They would claim to be registered with the Commodity Futures Trading Commission or the National Futures Association, but they weren’t. They would build an image of themselves as being the top in the industry saying that their “first priority is the security of our client funds.” In fact, their main priority was to get your money. In September, the Commodity Futures Trading Commission filed charges against 14 of these companies, but they continue to pop up every day.
The sad truth is that the very complexity of blockchain transactions makes them easy to exploit. Many cryptocurrency investors know very little about the technology behind cryptocurrency which leaves them open to scams. If you add greed to ignorance, you have a potent cocktail just waiting to be exploited.
Most people believe that crypto scams target only individuals, but that’s only partly true. There’s an overlap between crypto-scammed individuals and companies, and that’s called ransomware. Companies caught up in a ransomware attack will be told to pay a ransom in cryptocurrency. If they don’t, personal information about customers or employees will be leaked. It would not be farfetched to think that scammers could use these leaks to target employees or customers with crypto scams. These scammers could simply be those from the ransomware group that targeted the company in the first place. In short, all ransomware attacks that result in leaked personal information are a rich source of potential victims for any cryptocurrency scammers. By the same token, ransomware attackers will unearth information about a company’s supply chain that they can use to attack those associated companies.
But even the most well-designed ransomware attack needs to begin at a weak point. By far the weakest link in your company is the individual that is targeted through a phishing email. Take a look at this graph from Statistica.
In fact, the first two categories listed above could be combined. This would show that ransomware hackers target endpoints at least 81% of the time to begin an attack. The problem is that most companies believe that they are more protected than they actually are. They believe, or have been led to believe, that their security architecture will keep them protected from ransomware attacks. Yet, every day, multiple companies fall victim to such attacks. Any endpoint protection that does not factor user/employee ignorance into the mix is bound to fail eventually. The best endpoint protection will separate user misbehavior from the corporate network.
To no one’s surprise, Kaspersky is predicting that cryptocurrency attacks will continue to rise dramatically in 2022. These attacks will be more and more state-sponsored and will likely involve fake crypto wallet sites. There is also no doubt that major cryptocurrency exchanges will be targeted by more and more sophisticated actors. A good word of advice is to avoid ‘hot’ wallets (cryptocurrency storage online) as these will be most vulnerable to attacks.
In fact, it is not only malicious actors that cryptocurrency investors need to worry about. A number of nations have already banned cryptocurrencies and others are considering doing so. Federal Reserve Chairman, Jerome Powell, said that he has no plans to ban cryptocurrencies, but has not ruled out restricting their use. In fact, it seems as if everyone is interested in cashing in on the cryptocurrency boom. So, if the hackers don’t get you, the government will.