17 Oct $882 million stolen from cryptocurrency exchanges in past 21 mos
A report from Group-IB shows 14 cyberattacks on cryptocurrency exchanges resulted in a loss of $882 million between January 2017 and September 2018.
Five attacks have been linked to North Korean hackers from the Lazarus state-sponsored group on four cryptocurrency exchanges in South Korea and one in Japan. The Japanese attack on Coincheck netted the cybercriminals more than $534 million.
Cryptocurrency exchanges and investors victimized
“Last year we warned that hackers competent enough to carry out a targeted attack might have a new target – cryptocurrency exchanges,” said Dmitry Volkov, Group-IB CTO. “In the last couple of years, crypto exchanges suffered many attacks. Some of the exchanges went bankrupt after the hacks, including Bitcurex, YouBit, Bitgrail. At the beginning of 2018 hackers’ interest in cryptocurrency exchanges ramped up. The most likely cryptocurrency exchange attackers now are Silence, MoneyTaker, and Cobalt.”
As the data shows, South Korean cryptocurrency exchanges have been the most frequently victimized in seven of the 14 known attacks. It is likely that some of the “unknown” attacks could also have been carried out by North Korea’s Lazarus group.
ICOs targeted, losing 56% of funds raised
According to Group-IB, ICOs are becoming a new favorite of cybercriminals. Hackers stole more than 10% of funds raised by ICOs in 2017 and 80% of projects disappeared with funds not utilized as promised to investors.
Despite the widespread ICO fraud, more than $14 billion was raised in the first half of 2018 compared to $5.5 billion during all of 2017.
It’s estimated 56% of ICO funds were stolen using phishing attacks.
“For instance, cybercriminals targeted the TON project, founded by Pavel Durov, through phishing and managed to steal $35,000 in Ethereum. The worst generally happens on the first day of token sales: a set of DDoS attacks simultaneous with an influx of users, the eruption of Telegram and Slack messages, and mailing list spamming,” the report said.
Other ICO scams include theft of databases to later be resold on the darknet are used for blackmail. Another popular cybercriminal tactic is stealing whitepapers of ICO projects and promoting the new project using identical information, a new website, new brand, and new phony team members to raise ICO funds fraudulently.
2019 forecast: More cryptocurrency exchange and mining pool attacks
Group-IB predicts ICOs and investors will continue to be targeted in 2019 using phishing and malware attacks as hacker groups shift their focus from targeting banks.
The new target could be the large and very profitable global mining pool. “The world’s largest mining pools may become the target not only for financially-motivated cybercriminals but also for state-sponsored hackers. If successful, they may take over 51% of the network’s mining hash rate and obtain control over the cryptocurrency and its transactions,” Volkov said.
The best investors can hope for is that a combination of regulator monitoring, better cryptocurrency exchange security, and faster scam information sharing on social media can help prevent widespread growth in cryptocurrency cybercrime.
Cybercriminals are moving faster and becoming savvier in their cyberattacks, so we’re not holding our breath that the situation will improve anytime soon.
The Group IB Hi-Tech Crime Trends 2018 report is available for free download here with a simple email registration.
Chart courtesy of Group IB