Cyber Security Hub explores why and how hackers are targeting cryptocurrency investors.
With more than 420 million cryptocurrency users, more than 12,000 cryptocurrencies worldwide and an estimated value of US$2.2bn by 2026, the digital currency marketplace is growing rapidly. This rapid growth, however, has made it a target for cyber attackers looking to defraud victims.
Here, Cyber Security Hub explores the threat vectors used and vulnerabilities exploited by hackers specific to cryptocurrency-based cyber crime.
With Bitcoin, Ethereum and Tether having market caps of $330.6bn, $152.6bn and $68.2bn respectively, cryptocurrency traders and wallets can be an attractive target to hackers.
In September 2022, malicious actors compromised cryptocurrency market maker Wintermute’s hot wallet to steal $162.5mn. The term hot wallet refers to a cryptocurrency wallet that is available online and can facilitate transactions between the owner and others’ wallets. To do this, the hackers exploited a vulnerability in private keys generated by the Profanity app. Private keys are a secure code proving ownership of a cryptocurrency wallet and allowing the holder of the wallet to make transactions. If these keys are unsafe, however, it can allow malicious actors access to a cryptocurrency wallet.
While the first cryptocurrency, eCash, was created in 1990 by Digicash, cryptocurrency did not reach the mainstream until the introduction of Bitcoin in 2009. With around 100 new cryptocurrencies created and minted each day, the urge to join the market may mean so-called cryptopreneurs are more focused on creating and launching their cryptocurrency over protecting their business.
Luke Willmott, co-founder and COO of crypto-based car marketplace AutoCoinCars notes that this enthusiasm to launch can lead to security issues that are a big draw for hackers. He notes that as people do not need to invest a large amount of money to form startups in the cryptocurrency space, this can mean that their investment focus is on the front end of the company, for example making an attractive webpage, rather than protecting the back end of their business. This leaves them vulnerable to attacks.
“Even some of the larger cryptocurrency companies likely do not have sophisticated enough cyber defenses to outsmart hackers. With the cryptocurrency industry growing at such a rapid rate it is understandable why this may be difficult to keep up with. Add on top of that the rate at which both hackers and technology grow in intelligence, you would need a full-time person to deploy a strong cyber defense strategy and infrastructure,” Wilmott explains.
In January of this year, it was revealed that collapsed cryptocurrency exchange FTX had $415mn worth of cryptocurrency stolen by hackers. The loss was discovered after FTX lawyers and advisors identified $5.5bn worth of assets to be recovered, with the stolen cryptocurrency making up around a tenth of the assets to be recovered.
Global news company Insider suggested that the stolen cryptocurrency “could be linked to a hack that took place just hours after FTX filed for bankruptcy” and prosecutors noted that more than $370mn in crypto had “vanished from the exchange”.
Cryptocurrency transfers take place on a decentralized network, meaning that when funds are transferred they cannot be cancelled or reversed, only refunded by the receiver. This is due to the immutable nature of the blockchain making it impossible for any data within the network to be edited. Digital currency protocols put in place by cryptocurrency companies to allow merchants to accept digital currency without chargebacks also prevent funds being cancelled or reversed.
This means that if hackers are able to gain access to and transfer funds from a victim’s cryptocurrency wallets, it is very unlikely that they will be able to regain these funds.
On January 15, a cryptocurrency and NFT influencer who uses the moniker NFT God poster to Twitter that their “entire digital livelihood was violated” after hackers gained access to and stole “a life changing amount of [their] net worth” in funds and NFTs from their digital wallet.
Every channel I have with my community, friends, and family was compromised over the last 24 hours
My Twitter, Substack, Gmail, Discord, and wallets were all invaded and taken over by bad actors
Significantly less important than all of that I lost all of my digital assets
In a series of tweets, NFT God explained that they believed hackers had gained access to their computer and digital wallet after they mistakenly downloaded malware they believed was video streaming software. The hackers stole all of NFT God’s digital assets.
Cryptocurrency news site Metaverse Zeus reported that blockchain data showed that these assets included “at least 19 ETH, worth almost $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and several other NFTs”.
Speaking on the hack, NFT God tweeted: “There’s no recourse. It’s not fixable. You can’t revert blockchain transactions.”
Hackers have even capitalized on the fact that those who lose their digital assets will want to regain them. The prevalence of hackers exploiting this desperation has led to the US Federal Trade Commission (FTC) issuing a warning to cryptocurrency owners not to trust individuals or companies that offer cryptocurrency recovery services. In this scams, malicious actors will tell victims they can return their funds and assets to them, then either charge them a fee or ask for their financial information to do so. This leads to the victim being further defrauded.
As those looking to invest in cryptocurrencies feel pressure to buy in at the most opportune moment, malicious actors exploit this pressure in social engineering attacks. An example of this was seen in July 2022, after the US Federal Bureau of Investigation (FBI) warned cryptocurrency investors that fake cryptocurrency applications had led to losses of $42.7m in just six months.
Between November 1, 2021 and May 13, 2022, the FBI identified 244 victims who lost between $900,000 to $5.5mn each to fake cryptocurrency apps.
The scams involved fraudsters posing as legitimate US investment services and specifically targeting those who had an interest in cryptocurrency and mobile banking. During communications with the victims, the hackers used the logos and names of said investment services to make themselves appear more legitimate. Using these techniques, the hackers were able to convince the investors to download mobile apps, which led to them being defrauded.
The two companies the scammers created fake websites for were YitBit, which is the name of former legitimate cryptocurrency service and Supayos, an Australian currency exchange business. The FBI suggested this was an attempt to make the scam apps seem more legitimate.
The criminals were able to defraud at least four victims of $5.5mn while posing as YitBit, by waiting for investors to deposit funds into the fake accounts, then telling them via the app that to withdraw any funds, they must pay taxes. This meant that the victims were unable to withdraw any investments from the fraudulent app.
Research by cyber security resource site Privacy Affairs has found that malicious actors launched up 15 cryptocurrency-based scams every hour in 2022, leading to hackers stealing $4.3bn worth of cryptocurrency from January to November.
Blockchain bridges are used by cryptocurrency users to transfer cryptocurrency between different blockchain. The bridges work by depositing the assets as ‘wrapped’ tokens across the bridge. Wrapping the tokens allows them to function on the blockchain they are being transferred to. Unfortunately, this makes bridges more susceptible to attacks as they have vulnerabilities on each end of the transfer.
In August 2022, US-based cryptocurrency firm Nomad confirmed that $190mn worth of cryptocurrency had been stolen via a hack of the Nomad token bridge.
The funds were stolen after hackers exploited a flaw in the bridge’s code that allowed malicious actors to replace the intended destination wallet with their own account.
Similar to the use of fake cryptocurrency companies to defraud investors, hackers will similarly pose as cryptocurrency companies to gain access to cryptocurrency users’ wallets via phishing attacks.
In October 2022, a hacker known as Monkey Drainer used phishing attacks to steal $1mn worth of Ethereum and NFTs in just 24 hours.
Monkey Drainer is notorious for using phishing-based hacking techniques to steal from victims by setting up fake cryptocurrency and NFT sites. To make these fake sites more believable, Monkey Drainer has been known to pose as legitimate blockchain sites including RTFKT and Aptos. After logging in to the fraudulent sites, victims enter sensitive details about their cryptocurrency wallets and sign off on transactions, allowing Monkey Drainer to access their wallets and their funds.
The most prominent victims in the October 2022 attack were referred to only as 0x02a and 0x626. The pair lost a collective $370,000 via malicious phishing sites operated by Monkey Drainer, with 0x02a losing 12 NFTs worth around $150,000.
0x626 held around $2.2mn in their cryptocurrency wallet at the time, however, some of the transactions pushed by Monkey Drainer were rejected by the network the wallet was on as they were marked as suspicious. This meant that the overall actual loss was $220,000 worth of cryptocurrency.
Join the global cyber security online community
With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now
February 21 – 22, 2023
Free CS Hub Online Event
01 March, 2023
Online
08 – 09 March 2023
Free CS Hub Online Event
March 21, 2023
Free CS Hub Online Event
22 March, 2023
April 18 – 19, 2023
Free CS Hub Online Event
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-03-01
10:00 AM – 11:00 AM EST
2022-12-13
11:00 AM – 12:00 PM SGT
2022-11-29
11:00 AM – 12:00 PM EST
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.
Get detailed training system that shows an absolute beginner (without any skill) how to make huge profits in a short time with crypto.
The #1 course for profit in the Crypto & NFT world - You will discover the secrets that 99% of people don’t know yet