Cyber Security Hub analyzes why and how hackers are targeting cryptocurrency investors.
By 2026, the digital currency market will be worth $2.2 billion. Having more than 420 million users and more than 12,000 different cryptocurrencies. However, because of its rapid growth, it is becoming a prime target for online scammers.
Cyber Security Hub examines the danger vectors and vulnerabilities exploited by hackers. These are unique to cybercrime involving cryptocurrencies.
Why do hackers target cryptocurrency?
Cryptocurrency hacks can yield substantial returns.
Bitcoin, Ethereum, and Tether have respective market capitalizations of $330,6 billion, $152,6 billion, and $68 billion. Cryptocurrency traders and wallets may be an enticing targets for hackers.
In September 2022, hostile actors accessed the hot wallet of cryptocurrency market maker Wintermute and stole $162.5 million. A hot wallet is an online cryptocurrency wallet facilitating transactions between the owners and other wallets. To accomplish this, the hackers exploited a flaw in the private keys generated by the Profanity application. Private keys are a secure code that demonstrates ownership of a cryptocurrency wallet and enables the owner to conduct transactions. However, hostile actors may access a bitcoin wallet by compromising these keys.
Companies dealing with cryptocurrencies may be more susceptible to assault.
Digicash created the first cryptocurrency, eCash, in 1990. Still, the widespread adoption of cryptocurrencies only occurred with the release of Bitcoin in 2009. Generating roughly 100 new cryptocurrencies and minted daily. The drive to join the market may mean that so-called crypto-preneurs focus more on developing and marketing their cryptocurrency than defending their business.
In January last year, hackers stole $415 million of cryptocurrencies from the defunct exchange FTX. After FTX lawyers and consultants identified $5.5bn in assets to be recovered, including about a tenth of the stolen cryptocurrency, they discovered the theft.
A global news organization speculated that the stolen cryptocurrency might be linked to a cyberattack. It occurred just hours after FTX filed for bankruptcy. At the same time, prosecutors said that more than $370 million in cryptocurrencies had “vanished from the exchange.”
Transfers of cryptocurrencies cannot be reversed.
Transfers of cryptocurrencies occur on a decentralized network. Transmitted funds cannot be canceled or reversed; only the recipient can issue a refund. It is due to the immutable nature of the blockchain, making it impossible for any data within the network to be altered. Cryptocurrency businesses implement digital currency standards to enable merchants to accept digital currency without chargebacks and prevent canceling or reversing funds.
Suppose hackers can access and transfer funds from a victim’s bitcoin wallet. In that case, it is incredibly improbable that they can recover these monies.
How do bad actors target bitcoin users and companies?
Social engineering assaults against investors without vigilance
Those seeking to invest in cryptocurrencies feel pressure to purchase at the optimal time. Unscrupulous actors in social engineering assaults are exploiting this because of the people’s urge. In July 2022, the FBI warned cryptocurrency investors that bogus applications had resulted in $42.7m in losses in six months.
From November 1, 2021, to May 13, 2022, the FBI identified 244 victims who lost between $900,000 and $5.5 million due to fraudulent bitcoin apps.
Fraudsters posed as reputable US investing services and targeted individuals interested in cryptocurrencies and mobile banking. During interactions with the victims, the hackers exploited the logos and names of stated investing businesses to make themselves appear more credible. Using these methods, the hackers persuaded the investors to download mobile applications, which resulted in their defrauding.
The scammers established false websites for two organizations: YitBit, the name of the previous actual bitcoin provider, and Supayos, an Australian currency exchange business. According to the FBI, it was an attempt to make the fraudulent apps appear more authentic.
According to research by the cyber security reference website Privacy Affairs, criminal actors perpetrated 15 cryptocurrency-based scams every hour in 2022. Hackers took $4.3bn worth of cryptocurrencies between January and November.
Using token bridges to steal money through hacking.
Bitcoin users use blockchain bridges to transfer cryptocurrency across the different blockchains. The bridges function by depositing ‘wrapped’ tokens of the assets across the bridge. Tokens can function on the blockchain they are being transferred to if wrapped. As a result, bridges are more vulnerable to attack, as they have vulnerabilities at both ends of the transmission.
In August 2022, the US-based cryptocurrency company Nomad reported that a hack of the Nomad token bridge had stolen bitcoin worth $190 million.
They took the cash after hackers exploited a bridge design weakness that allowed hostile actors to substitute their accounts for the intended destination wallet.
Phishing attacks designed to obtain digital wallets
Similar to how fake crypto organizations are used to deceive investors, hackers will masquerade as cryptocurrency companies in phishing attacks. Because of this, they will get access to cryptocurrency users’ wallets.
Monkey Drainer, a phishing hacker, stole $1 million in Ethereum and NFTs in 24 hours in October 2022.
The most notable victims of the October 2022 attack were only identified as 0x02a and 0x626. The couple lost $370,000 due to malicious phishing sites maintained by Monkey Drainer, with 0x02a losing approximately $150,000 worth of NFTs.
Monkey Drainer’s suspicious transactions were rejected by 0x626’s cryptocurrency wallet, which had $2.2 million. It meant that the actual amount of cryptocurrency lost was $220,000.
