Cryptocurrency Hacks and Heists in 2017 | Tripwire

Cryptocurrency Hacks and Heists in 2017

Posted on January 22, 2018
Cryptocurrency Hacks and Heists in 2017
The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the granting of official status to Bitcoin in Japan, and a plethora of other events designating the unstoppable progress of the virtual currencies market. The flip side of the coin, though, is rather ominous. Amidst the numerous positive signals to the vast community of aficionados, there were bankruptcies of exchange services, ICO frauds that left backers desperate, Ponzi schemes, and even a kidnapping of a Bitcoin analyst. Another disconcerting trend that gained momentum in 2017 was the rise of cyber attacks targeting various segments of the infrastructure behind the digital cash. To top it off, stealthy cryptocurrency mining grew into another big scourge. The whole frenzy with Bitcoin, the most popular cryptocurrency around, was understandably instigated by its price that skyrocketed from $1,000 to $20,000 during the year. Although some analysts argue this enormous rise to be a red flag and a classic attribute of a bubble, Bitcoin quickly became a must-have to many, including online perpetrators.

News-making incidents in 2017

Below is a rundown of malicious events that took place on the cryptocurrency arena last year.
  • In February, hackers stole personal records of more than 30,000 customers of Bithumb, one of the world’s largest cryptocurrency exchanges based in South Korea. They reportedly did this by compromising the home PC belonging to one of the service’s employees. The attackers then used the data and some social engineering to steal about $1 million worth of Bitcoin from victims’ accounts.
  • Threat actors made about $7 million worth of Ether, a popular type of virtual currency managed by the Ethereum platform, by pulling off a high-profile fraud in July. This incident occurred in the course of an ICO for a brand new trading platform called CoinDash. The black hats were able to trick early investors of the startup into submitting a specified amount of Ether to a rogue address.
  • By circumventing the defenses of another Initial Coin Offering campaign held in July, cybercriminals stole tokens worth $8.4 million. This ICO was set up by proprietors of the Ethereum-based peer-to-peer platform called Veritaseum. The felons stole 37,000 tokens called VERI, quickly exchanged them for Ether, and vanished.
  • A flaw in the code of a popular Ethereum wallet application called Parity allowed perpetrators to steal about 150,000 coins and get away with it. At the time of the heist, this amount was approximately worth a whopping $30 million.
  • One more ICO ended up becoming a rip-off for investors in August. The fraudsters were able to brainwash potential backers of another Ethereum platform derivative called Enigma. In the upshot of this scam, investors were tricked into sending $500,000 worth of cryptocurrency as part of a “pre-sale” of tokens. In order to implement this con, the threat actors compromised Enigma’s domain and sent phishing emails to interested parties.
  • The Hong Kong-based operator of Tether, a virtual currency whose coin value is pinned to that of the U.S. dollar, stated that cybercrooks stole about $31 million worth of tokens in November. The funds were surreptitiously withdrawn from one of the company’s “treasury wallets” and then submitted to an unidentified Bitcoin address.
  • A coding imperfection in Parity wallet software led to disastrous consequences in November, leaving $280 million worth of Ether frozen. According to official reports, the bug was set off when an unsuspecting user accidentally wiped out library code – as prosaic as that. As a result, all multi-signature wallets created since July 20 became unusable.
  • Online malefactors compromised a Bitcoin mining platform called NiceHash in December. In the aftermath of this hack, customers lost some 4,700 Bitcoin, which was worth about $64 million at the time of the incident. According to the Slovenia-based company in question, the incursion involved sophisticated social engineering.
Another adverse trend is the growth of furtive cryptocurrency mining. Also referred to as cryptojacking, this activity geared up for a rise after the Coinhive service introduced a feature of coin mining via web browsers in September. It allows webmasters to embed a site script that will run in the browser of a visiting host and use the machine’s processing power to mine a virtual currency called Monero (XMR). The worst part is that users may be not asked for permission to harness their computing resources. The threat actors have been compromising legitimate websites to embed the JavaScript code surreptitiously and then benefit from user hits without the site owners’ awareness. The scope of this issue is huge: more than 30,000 websites were reportedly infected with the Coinhive mining malware as of November.

What does the future hold for Cryptocurrencies?

The ubiquity of cryptocurrencies appears to be a mixed blessing. On the one hand, this innovative framework makes it easy and fairly safe to transfer funds with low processing fees. The security facet of these transactions is backed by cryptography, so the probability of perpetrators meddling with the underlying protocol and the blockchain technology is negligible. The weak link in this whole chain is the myriad of exchange services, wallet providers, and payment systems that are much easier to compromise. Furthermore, anonymity (that comes from the combined usage of cryptocurrencies, TOR network, and even the best VPN services) has helped to facilitate shady activities, including money laundering, tax evasion, and extortion through ransomware. All of this has led governments to monitor this domain more closely. In fact, the central banks of some countries, including the United States, Sweden, China, and Japan, are reportedly planning to develop their own digital coins in an attempt to stay on top of this volatile marketplace. Time will tell whether these initiatives can address cryptocurrency-related security concerns. Meanwhile, traders, ICO backers, and other interested parties should be on the lookout for scams, adopt hacking countermeasures, store their private keys reliably, and have a plan B for the worst-case scenario.  
security-4.jpg
 About the Author: David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the www.Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!