The flip side of the coin: Why crypto is catnip for criminals | WeLiveSecurity

Cybercriminals
continue
to
mine
for
opportunities
in
the
crypto
space

here’s
what
you
should
know
about
coin-mining
hacks
and
crypto
theft

Wherever
you
look
these
days,
cryptocurrencies
are
in
t

The flip side of the coin: Why crypto is catnip for criminals | WeLiveSecurity

Cybercriminals
continue
to
mine
for
opportunities
in
the
crypto
space

here’s
what
you
should
know
about
coin-mining
hacks
and
crypto
theft

Wherever
you
look
these
days,
cryptocurrencies
are
in
the
news.
And
it’s
not
just
because
of
the
recent
slump
in
their
prices.
Everybody
seems
to
have
grabbed
a
slice
of
the
crypto
pie
over
the
past
few
years,
as
‘things’
like
Bitcoin
have
gone
from
fringe
curiosities
to
household
names
in
a
span
of
a
decade,
all
while
giving
rise
to
hordes
of
newly-minted
crypto
millionaires.
These
days,
it
feels
like
you’re
either
in
or
you’re
out
(and
left
behind
by
the
crypto
revolution
and
the
gold
rush).

Naturally,
the
fascination
with
all
things
crypto
and
the
(almost)
gravity-defying
increase
in
the
value
of
many
cryptocurrencies
haven’t
escaped
the
notice
of
criminals.
After
all,
they
always
want
to
be
where
the
money
is

or
in
some
cases,
where
it
is
being
created.

Let’s
look
at
how
criminals
hijack
computing
power
to
mine
new
coins
and
how
they
make
off
with
other
people’s
‘crypto
cash’.

A
primer
on
cryptocurrencies

At
its
simplest,
cryptocurrency
is
a
form
of
currency
that
is
secured
by
cryptography
and
uses
a
public

blockchain

ledger
to
record
transactions.
Unlike
conventional
currencies,
cryptocurrencies
are
not
backed
by
governments
(though
there
are

some


exceptions
)
and
the
crypto
sector
is
subject
to
little
to
no
regulatory
oversight.
Many
people
view
crypto
as
a
viable
alternative
to
traditional
asset
classes
such
as
stocks
and
bonds
and
as
a
better
store
of
value
than
fiat
currencies.
In
May
2021,
some

220
million
people

worldwide
were
estimated
to
own
cryptocurrencies.


Source:
crypto.com

Beyond
Bitcoin,
the
granddaddy
of
cryptocurrencies,
there
are

thousands
more
currencies
,
with
new
projects
springing
up
and
others
dying
a
quick
death
every
day.
New
coins
and
tokens
are
created
via
cryptomining,
a
computationally
and
energy-intensive
process
where
computers
solve
mathematical
puzzles
in
order
to
confirm
the
authenticity
of
transactions
on
the
blockchain.
The
owners
of
these
rigs
are
then
rewarded
with
newly-minted
crypto
in
return.

Pros

  • Crypto
    proponents
    swear
    by
    its
    decentralized
    architecture,
    improved
    transaction
    speeds,
    lower
    transaction
    costs,
    better
    privacy,
    and
    (pseudo)anonymity.
  • Other
    advantages,
    whether
    actual
    or
    perceived,
    stem
    from
    the
    fact
    that
    that
    the
    supply
    of
    crypto
    is
    often
    finite
    and
    scarcity
    generally
    drives
    value
    higher.
    Indeed,
    contrast
    this
    with
    fiat
    money
    where
    governments
    can
    fire
    up
    “money-printing
    presses”
    and
    inject
    the
    money
    into
    the
    economy
    almost
    at
    will.
  • Also,
    cryptocurrencies
    involve
    no
    barrier
    to
    entry,
    obviously
    as
    long
    as
    you
    already
    have
    the
    appropriate
    means

    either
    to
    buy
    the
    already
    existing
    coins
    and
    hope
    for
    their
    increase
    in
    value
    or
    to
    set
    up
    extremely
    powerful
    computer
    rigs
    that
    can
    solve
    number-crunching
    puzzles
    to
    mine
    new
    coins.
    Ka-ching!
  • Information
    that
    is
    once
    recorded
    in
    the
    blockchain
    is
    stored
    there
    forever
    and
    can’t
    be
    changed.
    This
    fosters
    transparency
    and
    helps
    prevent
    fraud.
  • Some
    countries
    are
    “crypto
    tax
    havens”
    and
    you
    don’t
    need
    to
    explain
    to
    the
    tax
    man
    how
    you’ve
    amassed
    your
    coins.
  • You
    can
    also
    use
    your
    crypto
    to
    pay
    for
    all
    kinds
    of
    services
    on
    the
    internet

    not
    only
    on
    the
    dark
    web.

Cons

  • As
    crypto
    prices
    fluctuate
    wildly,
    “investing”
    in
    these
    assets
    is
    not
    for
    the
    faint
    of
    heart.
    In
    fact,
    you
    could
    argue
    that
    dabbling
    in
    crypto
    is
    a
    lot
    like
    gambling.
  • The
    market
    value
    of
    a
    cryptocurrency
    is
    a
    function
    of
    demand
    versus
    supply,
    but
    unlike
    stocks,
    cryptocurrencies
    are
    not
    pegged
    to
    underlying
    “real-life
    assets”
    such
    as
    ownership
    shares
    of
    a
    company.
  • As
    the
    number
    of
    available
    cryptocurrencies
    increases,
    there
    is
    a
    risk
    that
    the
    market
    value
    of
    individual
    coins
    will
    be
    “diluted”.
  • There’s
    no
    telling
    what
    will
    happen
    once
    all
    coins
    have
    been
    mined.
    It’s
    not
    out
    of
    the
    question
    that
    a
    cryptocurrency
    might
    become
    the
    equivalent
    of
    a
    “baseball
    card”
    whose
    value
    is
    driven
    solely
    by
    its
    limited
    availability.
  • The
    mining
    of
    the
    individual
    coins
    is
    extremely
    computing-
    and
    energy-intensive,
    which
    has
    an
    outsized
    impact
    on
    the
    environment
    and
    possibly
    your
    energy
    bills.

Criminals
also
want
a
share
of
the
pie

Notwithstanding
the
perpetual
and
notorious
volatility
of
cryptocurrencies,
the
best-known
coins
have
mostly
soared
in
value
over
the
past
few
years.
This
part
of
crypto’s
appeal
isn’t
lost
on
the
criminally-inclined.
Add
crypto’s
relative
anonymity
to
the
mix,
and
it’s
becoming
clearer
why
criminals
are
eager
to
line
their
pockets
to
the
brim.

To
do
so,
they
have
two
main
options:
illicit
cryptocurrency
mining
and
cryptocurrency
theft.

(Rogue)
cryptocurrency
mining

As
mentioned
earlier,
new
coins
are
created
using
a
process
called
cryptocurrency
mining.
This
process
requires
significant
computing
power
and
can
be
very
costly.
It
relies
on
graphics
processing
units
aka
GPUs
(or
increasingly
even
dedicated

ASIC
miner
hardware
),
any
of
which
is
generally
better
suited
for
performing
the
calculations
needed
to
mine
new
coins
than,
say,
central
processing
units
(CPUs).

The

semiconductor
chip
shortage

along
with
the
rush
by
crypto
“prospectors”
to
build
specialized
rigs
in
order
to
capitalize
on
the
soaring
crypto
prices
have
conspired
to
a
burst
in
demand
for
GPUs,
ultimately
sending
their
prices
through
the
roof.

But
these
developments
also
bolstered
some
pre-existing
trends
in
cybercrime
and
piqued
the
interest
of
many
scammers
and
other
cybercriminals
who
are
only
too
keen
on
riding
the
crypto
wave
without
investing
their
own
money
into
custom
hardware.
Enter
cryptojacking,
the
practice
where
your
computing
resources
are
hijacked
to
mine
crypto
for
somebody
else.

Of
course,
such

malicious
cryptomining

is

far
from
new
.
It
is
still
a
threat
today,
however,
even
for
people
who
don’t
own
racks
of
specialized
hardware
where
they
mine
crypto
on
a
large
enough
scale.
One
risk
involves
falling
victim
to
campaigns
that
spread
malicious
miners
that
are
bundled
into,
for
example,
fake
copies
of
legitimate
software
or
that
ask
you
to
click
on
links
to
download
seemingly
genuine
software
updates.

Another
threat
involves
fraudulent
offers
to
rent
some
of
your
computing
power
for
cryptomining
in
return
for
a
share
of
the
newly-minted
coins.
Such
get-rich-quick
schemes
are
just
one
of
the
many
flavors
of

cryptocurrency
scams

that
are
doing
the
rounds

especially
on
social
media
.



Source:
Instagram

Theft

Cryptocurrencies
are
stored
in
so-called
wallets
(aka
crypto
wallets),
and
it’s
hardly
surprising
that
criminals
are
constantly
coming
up
with
new
ways
of
getting
their
hands
on
the
wallets.

In
fact,
you
can
store
your
crypto
in
two
ways

using
either
hot
or
cold
wallet
storage.
Cold
wallets
are
physical
devices
the
size
of
a
USB
stick
that
are
kept
offline
and
generally
offer
much
better
protection
for
your
digital
currency
holdings.

Hot
wallets,
meanwhile,
are
connected
to
the
internet,
either
on
the
user’s
device
or
the
server
of
a
service
provider.
Both
end
up
in
attackers’
crosshairs,
as
they
distribute

fake
apps
impersonating
legitimate
wallet
apps

and
set
their
sights
on

cryptocurrency
trading
exchanges
.

But
not
even
cold
wallets
are

100%
secure
,
either

after
all,
they
have
to
be
connected
to
a
PC
at
least
once
in
a
while
in
order
to
transfer
coins.
Also,

research
has
already
shown

that
even
these
wallets
can
be
hacked.
There’s
also
a
possibility
that
criminals
could
place
malware
on
victims’
computers
that
intercepts
this
transmission
and
the
keys,
although
I’m
not
aware
of
any
such
case
in
real
life.

The
theft
or
loss
of
a
physical
wallet
is
arguably
a
much
higher
risk.
If
unauthorized
people
get
their
hands
on
a
wallet
that
is
“secured”
with
an
easy-to-guess
PIN
code,
your
crypto
may
be
gone
forever.

In
closing

A
hundred
years
ago,
it
seemed
unthinkable
to
pay
with
plastic
cards
or
phones

now
it’s
part
of
our
daily
lives.
The
world
of
finance
is
constantly
evolving
and
whether
cryptocurrencies
are
the
future
of
finance
is
anybody’s
guess.
They
are
definitely
a
topic
du
jour,
however

including
now
the
cryptocurrency
market
seems
to
be
melting
down.

Regardless
of
whether
you
believe
that
this
is
the
beginning
of
the
end
for
Bitcoin
and
its
peers
or
that
the
tide
will
turn
(again),
you
should
be
mindful
of
the
cybersecurity
side
of
things.
The
growing
popularity
of
cryptocurrencies
has
had
an
effect
on
the
threat
landscape,
and
you
can
bet
your
last
coin
that
cybercriminals
will
continue
to
mine
for
opportunities
to
line
their
pockets.

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.