Within the past several years, cryptocurrency has gone from a niche hobby to a mainstream concern. Cryptocurrencies like Bitcoin, Ethereum, and even Dogecoin have generated widespread interest, particularly as their value has risen. This interest has penetrated well beyond financial speculators and into the public at large.
The rise of these currencies has also generated interest among cybercriminals. Many cryptocurrency exchanges have been compromised over the past several years, with cybercriminals making off with significant sums.
There is a lack of recourse for individuals whose cryptocurrency is stolen, making it a high-value target for would-be attackers. As cryptocurrency becomes increasingly mainstream, owned by a growing number of both businesses and individuals, its value to cybercriminals will continue to grow.
What cryptocurrency attacks look like
In 2018, hackers famously compromised several cryptocurrency exchanges by compromising a popular software library used by most exchanges on the internet. When the exchanges updated their software, the attackers were able to access the servers and pillage accordingly.
Exchanges are still under threat of attack, but cybercriminals are also targeting the users.
Exchanges have hardened their security adapting it to counter the most common attack methods, but vulnerabilities remain. Attackers are now more likely to focus on employees or individual users via phishing and spear phishing attacks, preying on the ignorance of individuals. Hackers are also targeting marketing lists from crypto-associated companies, including those who make crypto wallets and other resources. They might email users telling them there has been suspicious activity and they need to log into their account. If they do, attackers have their credentials.
Attackers targeting cryptocurrency are generally looking for the same vulnerabilities that other attackers are looking for, including open ports with vulnerable services, vulnerabilities in web applications (e.g., unsanitized input parameters or lack of validation controls), and phishing opportunities. Today, an exchange being breached could result in anything from delayed access to funds to a total loss of funds for users. And while some exchanges are insured, there is often no recourse for affected users.
It is also important to note that throughout 2021 there has been an increase in attacks against decentralized finance (DeFi) services, and it is estimated that 75% of attacks have targeted these platforms. Attackers will exploit vulnerabilities with smart contract code or obtain leaked administrator keys to siphon funds out of DeFi applications. The rise in popularity of this attack vector should not be overlooked.
Mitigating cryptocurrency threats
Cryptocurrency exchanges are convenient, which means people will almost certainly continue to use them. Unfortunately, the mainstream rise of cryptocurrency means an influx of novice users—and these are also the most likely to continue to use exchanges.
To protect those users and to prevent a repeat of the 2018 debacle, the exchanges must be able to detect potential vulnerabilities in third-party code. This goes beyond cryptocurrency and into all industries—the SolarWinds attack was a prime example of what can happen when supply chain security is neglected. Source code reviews and audits on third-party code not written in-house are essential steps, as is implementing continuous monitoring overall for networks, web applications, and compromised credentials (the three most common attack vectors).
Increased information sharing between exchanges would also be a step in the right direction. If one exchange is compromised, it stands to reason that other exchanges could be next. There are also a considerable number of customers who use multiple exchanges, giving attackers the opportunity to jump to another exchange if, for example, the customer uses identical passwords for accounts on both. Sharing information on known tactics, techniques, and procedures (TTPs) can help exchanges stay one step ahead of these attackers. This kind of sharing can be observed in practice with the tagging and blacklisting of malicious crypto addresses.
It is also important for individual users to protect themselves. The best, most secure way to store cryptocurrency is locally on a hardware wallet. Entrusting custodianship of cryptocurrency to a third party always leaves a chance that something outside the user’s control could happen, and users should avoid storing more money on a cryptocurrency exchange than they are prepared to lose. Individuals and organizations looking to invest in cryptocurrency should also investigate which exchanges have paid out the most claims, which is easily obtainable information. This can help them identify which exchanges and DeFi apps are vulnerable (and should be avoided).
Growing necessity of cyber insurance
Cyber insurance was once a “nice-to-have” resource, but soon it will be as necessary as car insurance for those with cryptocurrency holdings. The massive rise in ransomware attacks has already made it as important as liability insurance for many companies. Individual users who got into Bitcoin or other cryptocurrencies early and now have substantial sums of money are also potential victims and should protect themselves appropriately.
Having substantial cryptocurrency holdings does not necessarily mean that an individual is technically savvy. Especially at the beginning of the crypto boom, some users simply got lucky, and may still not know how to best protect themselves today. Those wondering whether they need to insure their holdings should ask themselves a simple question: Are they losing sleep over the amount of money they have stored on an exchange? If so, they may want to look into a cyber insurance solution. As the cyber insurance market evolves and becomes more fully formed, policies will become more tailored to specific issues (like cryptocurrency theft).
The fact that cybercriminals have been using cryptocurrencies for many years now is a testament both to their value and their ability to facilitate anonymity. Although cryptocurrency transactions are all documented, savvy attackers can often avoid associating their accounts with any personally identifiable information. This also means that these cryptocurrency attacks are unlikely to stop anytime soon, and it will continue to be favored by cybercriminals.
A safer future for both exchanges and their customers
The mainstream emergence of cryptocurrency, coupled with its popularity among cybercriminals, has created a potentially dangerous environment for those with significant crypto holdings. Both businesses and individuals should familiarize themselves with the risks surrounding crypto, including popular attack tactics. As more people begin to adopt cryptocurrency, attackers will continue to target less sophisticated users with phishing/spear phishing attacks designed to trick them into giving up their credentials/assets.
Exchanges themselves can increase their security through steps like implementing continuous monitoring, vulnerability detection, and information sharing with other exchanges. As attacks continue, those exchanges that protect their users and their assets will be the most successful—especially since claims against exchanges can be viewed publicly. And both exchanges and individuals should explore the growing field of cyber insurance, which can allow individuals to protect their assets from potential theft while also putting exchanges in a position to reimburse customers if something goes wrong.
Cryptocurrencies have been popular among cybercriminals for many years, and that isn’t likely to change. Protection, both at the user level and the exchange level, will only become more important as time goes on.