Amid a surge in cryptocurrency-related cybercrime, MITRE has unveiled AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a brand-new framework designed to shore up cybersecurity weaknesses within digital financial systems such as cryptocurrency.
How Does AADAPT Work?
Following the construction of MITRE ATT&CK, AADAPT offers a methodology for identifying, analyzing, and mitigating risks associated with digital asset payments.
The framework derives insights from over 150 government, industry, and academic sources. Using this foundation of context, it identifies the tactics, techniques, and procedures (TTPs) employed by adversaries in their digital asset payment scams.
Who Can Use AADAPT?
The MITRE AADAPT framework is meant for use by “developers, policymakers, and financial organizations,” states MITRE. This includes any company leveraging blockchain technology, and those involved in its creation.
Specifically, smaller companies and public institutions are called out specifically as potential beneficiaries of the freely available framework, as these institutions often lack the resources to improve their cybersecurity postures in substantial ways – such as against emerging blockchain technology attacks.
The Rising Tide of Crypto Crime
Cryptocurrency scams cost US citizens $9.3 billion during 2024 alone, according to the FBI 2024 IC3 Report. This represents a 66% increase from the previous year.
While Phishing/Spoofing was the most prevalent crime type last year, garnering over 193,000 formal complaints, Cryptocurrency was the “medium or tool used to facilitate” various crimes (from Phishing to Extortion to BEC) in 149,686 cases.
Per the report, Investment scams were the primary focus of cryptocurrency fraud, with individuals aged 60 and older the hardest hit. Many of these include “pig butchering scams” in which threat actors fake and foster relationships over time to get the victim to invest in spoofed cryptocurrency platforms.
Business Email Compromise (BEC) is another area hit hard by digital financial system attacks. Recent findings from APWG reveal that BEC cryptocurrency scams skyrocketed by 344% between October and December of 2024.
AADAPT Fights Fraud in Consensus Algorithms and Smart Contracts
Two of the technical digital payment mechanisms commonly affected by crypto-scammers, and against which AADAPT defends, are consensus algorithms and smart contracts.
Consensus Algorithms
Consensus algorithms enable a group of distributed machines, such as on the Blockchain network, to work together as one despite the presence of failures or inconsistencies. Vulnerabilities in consensus algorithms – coding, design flaws, etc. - can be exploited to execute fraudulent activities.
Even the design of consensus algorithms themselves can lead to compromise. Since only 51% of nodes must respond in unison in many cases, PoS validators can create fraudulent blocks to destabilize the blockchain with little risk of recourse (the “Nothing at Stake” problem).
Smart Contracts
Smart contracts introduce similar dangers, operating on an “if/then” logic and triggering actions when the predetermined conditions are met.
As IBM states, “These actions might include releasing funds to the appropriate parties...or issuing a ticket. The blockchain is then updated when the transaction is completed. That means the transaction cannot be changed, and only parties who have been granted permission can see the results.”
Double-Spending Attacks
Another danger mentioned in the official MITRE AADAPT news release was the “sophisticated cyber threat” known as a double-spending attack. In the context of blockchain, a double-spending attack occurs when a glitch or alteration in the blockchain allows users to spend the same token more than once.
Making the World Safe for Digital Payments
As noted by MITRE, “Smaller organizations, local governments, and municipalities are particularly vulnerable, often lacking the resources to enhance their cybersecurity measures.” For this reason, AADAPT fills those gaps, seeking to offer practical guidance and tools suited to the unique needs of the financial market segment.
"Digital payment assets like cryptocurrency are set to transform the future of global finance, but their security challenges cannot be ignored. With AADAPT, MITRE is empowering stakeholders to adopt robust security measures that not only safeguard their assets but also build trust across the ecosystem,” stated Wen Masters, vice president of cyber technologies at MITRE.
Outsmarting Financial Cyber Fraud with Fortra
Fortra offers a range of solutions tailored to the financial services sector. Whether it be complying with FinServ standards like PCI DSS, SOX, or SWIFT, or aligning with MITRE ATT&CK and now AADAPT, Fortra can help.
Blockchain compromise is yet another attack in a never-ending string of attempts on financial services. Since cybercriminals go where the money goes, banks, insurers, investment firms, and other fiduciary institutions will always be the target of intense pressure – and regulation.
Fortra’s tailored solutions – like data classification, managed file transfer, regulatory compliance tools, and more – provide a necessary foundation for cyber defense.
As cryptocurrency-related scams become more common, public-sector agencies and financial institutions will need to build on that foundation if they are to successfully align with additional measures, like MITRE ADAPT.
Ready to learn more about financial services cybersecurity?
Discover the cyber challenges facing the industry today, and what Fortra can do to stop them.
