Theft of user accounts on cryptocurrency exchanges is soaring

Within a year, the number of data leaks from cryptocurrency exchanges soared by 369%, Group-IB researchers have found, and the US, Russia and China are the countries where users are targeted most often. In fact, every third victim of the attack is located in the United States.

The research

In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Based on data obtained from the the company’s Threat Intelligence (cyber intelligence) system, the researchers were able to analyze the theft of 720 user accounts (logins and passwords) from the 19 largest cryptocurrency exchanges.

They have identified 50 active botnets used for launching cyberattacks on users of cryptocurrency exchanges. The infrastructure used by cybercriminals is mainly based in the US (56.1%), the Netherlands (21.5%), Ukraine (4.3%) and Russia (3.2%).

The attackers use an increasingly wide range of malicious software and update their tools on a regular basis. The most frequently used malicious software includes Trojans such as AZORult and Pony Formgrabber, as well as the Qbot. At the same time, cybercriminals have modified tools previously used for attacks on banks and now successfully use them to hack cryptocurrency exchanges and gain access to users’ personal data.

What makes a successful attack possible? The answer is actually quite simple: disregard for information security and underestimating the capabilities of cybercriminals.

The first and main cause is that both users and exchanges omit to use two-factor authentication. The second cause is disregard for basic security rules such as the use of complex and unique passwords. Of 720 analyzed accounts, one out of five is protected with a password shorter than 8 characters.

Attack as a premonition

Currently no cryptocurrency exchange, regardless of its size and track record, can guarantee absolute security to its users, the researchers believe.

“At least 5 out of 19 exchanges in question fell victim to targeted cyberattacks widely covered by the media. These are Bitfinex, Bithumb, Bitstamp, HitBTC, Poloniex and, presumably, Huobi. There are various attack vectors: errors in the source code of the software, phishing attacks, unauthorized access to the user database, vulnerabilities related to storage and withdrawal of funds. However, all of them stem from the lack of attention to information security and protection of digital assets.

“Increased fraudulent activity and attention of hacker groups to cryptoindustry, additional functional of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds signals that the industry is not ready to defend itself and protect its users”, says Ruslan Yusufov, the Director of Special Projects at Group-IB. “In 2018 we will see even more incidents. This situation requires prompt and effective response of all stakeholders, including experts in different areas.”

Recommendations to users and exchanges

In order to protect one’s funds against crypto-fraud, Group-IB recommends users to be mindful of their passwords (which should contain at least 14 unique symbols), never use the same passwords for different exchanges and always enable the 2FA (two-factor authentication).

They also recommend avoiding the use of public Wi-Fi (at least when carrying out exchange transactions) and paying special attention to one’s “traces” on the social media. For instance, users should not demonstrate the fact that they possess any cryptocurrency.

Cryptoexchanges are strongly advised to make two-factor authentication obligatory for all the users and their operations, conduct regular security audits of IT infrastructure and related services, and allocate resources to training and awareness-raising concerning personnel security, starting from top management (founders) and down to rank-and-file employees.

To improve the cybersecurity of cryptocurrency exchanges, experts also recommend installing anti-APT solutions and anti-fraud solutions, as well as behavioral analysis systems. Finally, they should also prepare cybersecurity incident response plans which will minimize potential damage.