Cyber
Security
Hub
explores
why
and
how
hackers
are
targeting
cryptocurrency
investors.
With
more
than
420
million
cryptocurrency
users,
more
than
12,000
cryptocurrencies
worldwide
and
an
estimated
value
of
US$2.2bn
by
2026,
the
digital
currency
marketplace
is
growing
rapidly.
This
rapid
growth,
however,
has
made
it
a
target
for
cyber
attackers
looking
to
defraud
victims.
Here,
Cyber
Security
Hub
explores
the
threat
vectors
used
and
vulnerabilities
exploited
by
hackers
specific
to
cryptocurrency-based
cyber
crime.
Why
do
hackers
target
cryptocurrency?
Cryptocurrency
attacks
can
have
large
payouts
With
Bitcoin,
Ethereum
and
Tether
having
market
caps
of
$330.6bn,
$152.6bn
and
$68.2bn
respectively,
cryptocurrency
traders
and
wallets
can
be
an
attractive
target
to
hackers.
In
September
2022,
malicious
actors
compromised
cryptocurrency
market
maker
Wintermute’s
hot
wallet
to
steal
$162.5mn.
The
term
hot
wallet
refers
to
a
cryptocurrency
wallet
that
is
available
online
and
can
facilitate
transactions
between
the
owner
and
others’
wallets.
To
do
this,
the
hackers
exploited
a
vulnerability
in
private
keys
generated
by
the
Profanity
app.
Private
keys
are
a
secure
code
proving
ownership
of
a
cryptocurrency
wallet
and
allowing
the
holder
of
the
wallet
to
make
transactions.
If
these
keys
are
unsafe,
however,
it
can
allow
malicious
actors
access
to
a
cryptocurrency
wallet.
Cryptocurrency
companies
may
be
more
vulnerable
to
attacks
While
the
first
cryptocurrency,
eCash,
was
created
in
1990
by
Digicash,
cryptocurrency
did
not
reach
the
mainstream
until
the
introduction
of
Bitcoin
in
2009.
With
around
100
new
cryptocurrencies
created
and
minted
each
day,
the
urge
to
join
the
market
may
mean
so-called
cryptopreneurs
are
more
focused
on
creating
and
launching
their
cryptocurrency
over
protecting
their
business.
Luke
Willmott,
co-founder
and
COO
of
crypto-based
car
marketplace
AutoCoinCars
notes
that
this
enthusiasm
to
launch
can
lead
to
security
issues
that
are
a
big
draw
for
hackers.
He
notes
that
as
people
do
not
need
to
invest
a
large
amount
of
money
to
form
startups
in
the
cryptocurrency
space,
this
can
mean
that
their
investment
focus
is
on
the
front
end
of
the
company,
for
example
making
an
attractive
webpage,
rather
than
protecting
the
back
end
of
their
business.
This
leaves
them
vulnerable
to
attacks.
“Even
some
of
the
larger
cryptocurrency
companies
likely
do
not
have
sophisticated
enough
cyber
defenses
to
outsmart
hackers.
With
the
cryptocurrency
industry
growing
at
such
a
rapid
rate
it
is
understandable
why
this
may
be
difficult
to
keep
up
with.
Add
on
top
of
that
the
rate
at
which
both
hackers
and
technology
grow
in
intelligence,
you
would
need
a
full-time
person
to
deploy
a
strong
cyber
defense
strategy
and
infrastructure,”
Wilmott
explains.
In
January
of
this
year,
it
was
revealed
that
collapsed
cryptocurrency
exchange
FTX
had
$415mn
worth
of
cryptocurrency
stolen
by
hackers.
The
loss
was
discovered
after
FTX
lawyers
and
advisors
identified
$5.5bn
worth
of
assets
to
be
recovered,
with
the
stolen
cryptocurrency
making
up
around
a
tenth
of
the
assets
to
be
recovered.
Global
news
company
Insider
suggested
that
the
stolen
cryptocurrency
“could
be
linked
to
a
hack
that
took
place
just
hours
after
FTX
filed
for
bankruptcy”
and
prosecutors
noted
that
more
than
$370mn
in
crypto
had
“vanished
from
the
exchange”.
Cryptocurrency
transfers
cannot
be
reversed
Cryptocurrency
transfers
take
place
on
a
decentralized
network,
meaning
that
when
funds
are
transferred
they
cannot
be
cancelled
or
reversed,
only
refunded
by
the
receiver.
This
is
due
to
the
immutable
nature
of
the
blockchain
making
it
impossible
for
any
data
within
the
network
to
be
edited.
Digital
currency
protocols
put
in
place
by
cryptocurrency
companies
to
allow
merchants
to
accept
digital
currency
without
chargebacks
also
prevent
funds
being
cancelled
or
reversed.
This
means
that
if
hackers
are
able
to
gain
access
to
and
transfer
funds
from
a
victim’s
cryptocurrency
wallets,
it
is
very
unlikely
that
they
will
be
able
to
regain
these
funds.
On
January
15,
a
cryptocurrency
and
NFT
influencer
who
uses
the
moniker
NFT
God
poster
to
Twitter
that
their
“entire
digital
livelihood
was
violated”
after
hackers
gained
access
to
and
stole
“a
life
changing
amount
of
[their]
net
worth”
in
funds
and
NFTs
from
their
digital
wallet.
Every
channel
I
have
with
my
community,
friends,
and
family
was
compromised
over
the
last
24
hoursMy
Twitter,
Substack,
Gmail,
Discord,
and
wallets
were
all
invaded
and
taken
over
by
bad
actorsSignificantly
less
important
than
all
of
that
I
lost
all
of
my
digital
assets—
NFT
God
(@NFT_GOD)
January
15,
2023
In
a
series
of
tweets,
NFT
God
explained
that
they
believed
hackers
had
gained
access
to
their
computer
and
digital
wallet
after
they
mistakenly
downloaded
malware
they
believed
was
video
streaming
software.
The
hackers
stole
all
of
NFT
God’s
digital
assets.
Cryptocurrency
news
site
Metaverse
Zeus
reported
that
blockchain
data
showed
that
these
assets
included
“at
least
19
ETH,
worth
almost
$27,000
at
the
time,
a
Mutant
Ape
Yacht
Club
(MAYC)
NFT
with
a
current
floor
price
of
16
ETH
($25,000),
and
several
other
NFTs”.
Speaking
on
the
hack,
NFT
God
tweeted:
“There’s
no
recourse.
It’s
not
fixable.
You
can’t
revert
blockchain
transactions.”
Hackers
have
even
capitalized
on
the
fact
that
those
who
lose
their
digital
assets
will
want
to
regain
them.
The
prevalence
of
hackers
exploiting
this
desperation
has
led
to
the
US
Federal
Trade
Commission
(FTC)
issuing
a
warning
to
cryptocurrency
owners
not
to
trust
individuals
or
companies
that
offer
cryptocurrency
recovery
services.
In
this
scams,
malicious
actors
will
tell
victims
they
can
return
their
funds
and
assets
to
them,
then
either
charge
them
a
fee
or
ask
for
their
financial
information
to
do
so.
This
leads
to
the
victim
being
further
defrauded.
How
do
malicious
actors
target
cryptocurrency
users
and
companies?
Social
engineering
attacks
against
unsuspecting
investors
As
those
looking
to
invest
in
cryptocurrencies
feel
pressure
to
buy
in
at
the
most
opportune
moment,
malicious
actors
exploit
this
pressure
in
social
engineering
attacks.
An
example
of
this
was
seen
in
July
2022,
after
the
US
Federal
Bureau
of
Investigation
(FBI)
warned
cryptocurrency
investors
that
fake
cryptocurrency
applications
had
led
to
losses
of
$42.7m
in
just
six
months.
Between
November
1,
2021
and
May
13,
2022,
the
FBI
identified
244
victims
who
lost
between
$900,000
to
$5.5mn
each
to
fake
cryptocurrency
apps.
The
scams
involved
fraudsters
posing
as
legitimate
US
investment
services
and
specifically
targeting
those
who
had
an
interest
in
cryptocurrency
and
mobile
banking.
During
communications
with
the
victims,
the
hackers
used
the
logos
and
names
of
said
investment
services
to
make
themselves
appear
more
legitimate.
Using
these
techniques,
the
hackers
were
able
to
convince
the
investors
to
download
mobile
apps,
which
led
to
them
being
defrauded.
The
two
companies
the
scammers
created
fake
websites
for
were
YitBit,
which
is
the
name
of
former
legitimate
cryptocurrency
service
and
Supayos,
an
Australian
currency
exchange
business.
The
FBI
suggested
this
was
an
attempt
to
make
the
scam
apps
seem
more
legitimate.
The
criminals
were
able
to
defraud
at
least
four
victims
of
$5.5mn
while
posing
as
YitBit,
by
waiting
for
investors
to
deposit
funds
into
the
fake
accounts,
then
telling
them
via
the
app
that
to
withdraw
any
funds,
they
must
pay
taxes.
This
meant
that
the
victims
were
unable
to
withdraw
any
investments
from
the
fraudulent
app.
Research
by
cyber
security
resource
site
Privacy
Affairs
has
found
that
malicious
actors
launched
up
15
cryptocurrency-based
scams
every
hour
in
2022,
leading
to
hackers
stealing
$4.3bn
worth
of
cryptocurrency
from
January
to
November.
Hacking
into
token
bridges
to
steal
funds
Blockchain
bridges
are
used
by
cryptocurrency
users
to
transfer
cryptocurrency
between
different
blockchain.
The
bridges
work
by
depositing
the
assets
as
‘wrapped’
tokens
across
the
bridge.
Wrapping
the
tokens
allows
them
to
function
on
the
blockchain
they
are
being
transferred
to.
Unfortunately,
this
makes
bridges
more
susceptible
to
attacks
as
they
have
vulnerabilities
on
each
end
of
the
transfer.
In
August
2022,
US-based
cryptocurrency
firm
Nomad
confirmed
that
$190mn
worth
of
cryptocurrency
had
been
stolen
via
a
hack
of
the
Nomad
token
bridge.
The
funds
were
stolen
after
hackers
exploited
a
flaw
in
the
bridge’s
code
that
allowed
malicious
actors
to
replace
the
intended
destination
wallet
with
their
own
account.
Phishing
attacks
to
gain
access
to
digital
wallets
Similar
to
the
use
of
fake
cryptocurrency
companies
to
defraud
investors,
hackers
will
similarly
pose
as
cryptocurrency
companies
to
gain
access
to
cryptocurrency
users’
wallets
via
phishing
attacks.
In
October
2022,
a
hacker
known
as
Monkey
Drainer
used
phishing
attacks
to
steal
$1mn
worth
of
Ethereum
and
NFTs
in
just
24
hours.
Monkey
Drainer
is
notorious
for
using
phishing-based
hacking
techniques
to
steal
from
victims
by
setting
up
fake
cryptocurrency
and
NFT
sites.
To
make
these
fake
sites
more
believable,
Monkey
Drainer
has
been
known
to
pose
as
legitimate
blockchain
sites
including
RTFKT
and
Aptos.
After
logging
in
to
the
fraudulent
sites,
victims
enter
sensitive
details
about
their
cryptocurrency
wallets
and
sign
off
on
transactions,
allowing
Monkey
Drainer
to
access
their
wallets
and
their
funds.
The
most
prominent
victims
in
the
October
2022
attack
were
referred
to
only
as
0x02a
and
0x626.
The
pair
lost
a
collective
$370,000
via
malicious
phishing
sites
operated
by
Monkey
Drainer,
with
0x02a
losing
12
NFTs
worth
around
$150,000.
0x626
held
around
$2.2mn
in
their
cryptocurrency
wallet
at
the
time,
however,
some
of
the
transactions
pushed
by
Monkey
Drainer
were
rejected
by
the
network
the
wallet
was
on
as
they
were
marked
as
suspicious.
This
meant
that
the
overall
actual
loss
was
$220,000
worth
of
cryptocurrency.
Join
the
global
cyber
security
online
community
With
more
than
140,000
members,
Cyber
Security
Hub
is
the
vibrant
community
connecting
cyber
security
professionals
around
the
world.
About Author
