“The killer app is money because cryptocurrencies allow anyone anywhere in the world to still receive any amount of money with anyone anywhere on the planet instantly and basically for free.”
- Roger Ver (Chairman of Bitcoin.com)
As the technologies become more sophisticated, their impact is comparable to other big revolutions in communications and transportation that have evolved over the past thousand years. Smartphones, computers, and the internet are revolutionary technologies, and these technological marvels of our time have also bred a profession called Hacker. These benevolent hackers, also known as ethical or white hackers, use their skills to find flaws, vulnerable areas, and weak spots in the organization’s security system. This is done to find and fix the weaknesses and prevent malicious hackers from breaking in the security system. However, there is also a group of hackers that operate and execute their skills on illicit activities. Also known as Black Hackers, they have the ability to gain unauthorized access to someone’s system to steal their data and files or corrupt their system. And they have started getting more creative with the scams and hacks they carry out.
Cryptocurrencies were first introduced with the introduction of Bitcoin (BTC) in 2009, and many other digital currencies — or altcoins — have also appeared since then. The attractive asset class is completely created online, thus they are prone to hacking as well. Over the years, numerous cryptocurrency hacks and scams have taken place as cryptocurrency is slowly gaining a foothold in the financial market.
Through the popular rise of cryptocurrencies (and the underlying blockchain), it comes as no surprise that hackers are seeking to exploit possible vulnerabilities to claim control over these technologies for financial gains, and perhaps for more sinister purposes.
Hacking where the money is
Given the available technologies and tools today, blockchain remains to be unhackable. However, the softwares utilising blockchain and storing of cryptocurrencies are subject to exploitations. Many hacks were the result of attacks on individual phones but most of the thefts occurred on exchanges. An exchange is where people store their coins before exchanging them into or converting them to fiat in a trade. As far as the cyber thieves are concerned, exchanges are where the money is. They can hack into the exchange network, access user keys which unlock people's funds and wreak havoc in the process. And while the money the hackers make off cannot be forcibly returned to the users — a blockchain usually doesn't allow reversed transactions — the money can be monitored and tracked using various investigative and analytic tools in order to determine which address belongs to the hacker, and freezes them. An example would be a hack incident involving a cryptocurrency exchange called CoinCheck, in which the exchange identified, published and froze a list of eleven addresses that held all its stolen coins.
Other notable cases include Slovenian-based Bitcoin mining marketplace, NiceHash whereas in December 2017, a highly skilled and organized attack was carried out with sophisticated social engineering, resulting in a loss of US$64 million. Infamous Mt. Gox exchange was also hacked in 2013 during its heydays as the leading crypto exchange of that time, losing a whopping US$460 million to the attack.
Hacks beyond exchanges
Apple has claimed that their products are highly secured also that it is impossible to hack or exploit Apple products. However, they have come into picture of a highly orchestrated series of attacks sponsored by North Korea. Disguised under the alias called ‘Lazarus Group’, they tried to hack into Apple computers via a fake cryptocurrency trading app which the group have coded and later uploaded on GitHub. There was a piece of malware inside this code that would target Apple computers when downloaded, and allow the hacker access to do something on the devices. North Korea has made about $2 billion by hacking various conventional crypto exchanges and banks, according to a United Nations report. Similar attacks by Lazarus Group were executed in March 2019, when a Singapore-based exchange known as DragonEx was infiltrated and lost US$7 million to the hackers. Chainalysis, which DragonEx hired to help in the investigation, said that it was one of the most complex phishing campaigns they have ever seen, claiming it's "on another level of complexity."
"It shows the time and energy that Lazarus group have at their fingertips, as well as the deep knowledge of the cryptocurrency environment required to effectively impersonate legitimate participants," the firm stated.
Commonly used methods deployed by hackers
In order to prevent a possible security breach to your crypto assets, it is important to understand the various approaches hackers commonly used to steal the funds. The pioneering cryptocurrency, Bitcoin, has been the target of hackers due to its high liquidity and value. Any softwares or devices that have wallets installed are susceptible to attacks. Many users owning crypto assets for investment or trading purposes often store their assets online, especially in exchanges. While physical wallets can be lost and stolen, it is still a safer option than storing them on centralised exchanges and wallet applications. Users do not own the private keys in wallets created in the latter. Private keys act as a sort of a security code used to withdraw funds, and in the case of an exchange, they hold on the keys for all of its users. In the event that an exchange is compromised, hackers will be able to access all private keys, thereby stealing the funds. Thus, it is advisable to keep your private keys offline or in a hard copy, as even your computer is accessible by hackers.
Over the years, hackers have also thought of newer and innovative ways to steal the funds of innocent users. Email phishing attacks have been on the rise, and it works by sending the victims an email that allegedly comes from a service that they are most familiar with. Hackers could send an email impersonating a company representative and seek the victim to disclose certain personal data, sometimes even the private keys. Therefore, it is highly important to understand that an official representative will never ask for such information via an email. To put it in a better perspective, private keys are like your bank account’s PIN codes. No official bank representative will contact you for such information via an email or a phone call.
Other methods such as keyloggers, malware injection, fake browser extensions, fake advertisements and even two-factor authentication bypassing have been used by highly experienced hackers. Thus, the simplest way is to store your private keys offline, or in a piece of paper, and double check the authenticity of the website that you are accessing. If ample precautionary measures are made, it will greatly reduce the chances of hacker’s attack.
But can we defeat the hackers?
There are no guaranteed solutions around that can stop hackers from infiltrating systems and commit the above-mentioned cybercrimes. Fortunately, there are many blockchain and cryptocurrency enterprises that are addressing the issue. A growing number of exchanges and wallet applications have assured their customers with an insurance, in the event that an attack may occur on their systems. In addition, there are some definitive ways of improving the overall architectural security. Nevertheless, developers and users both play a huge part in this case. Some of the examples include stringent auditing on blockchain protocol codes before the product launch and frequent bug bounties to detect vulnerabilities in the system. Companies are also looking into partnering with blockchain analytics such as Elliptic and Chainalysis to detect any abnormal activities fast. Users can play their part in staying vigilant in their online activities and inputs, making sure to keep their private keys private and not share it with anyone else. For added protection, they could deploy various tools to ensure full anonymity with trusted VPNs and learn how to mix Bitcoin with mixers such as MyCryptoMixer to make their cryptocurrency transactions untraceable, anonymous from bad actors.
Securing your investments
Cryptocurrencies are the new form of asset classes, which are increasingly viewed as a favorable investment choice, as many people have moved from traditional investments like real estate and gold. However, it is important to note that with the ease of transaction comes the risk of cyberattacks that could potentially cost users their crypto funds. It is essential to use legitimate two-factor authentication services such as Google Authenticator, and other services like email verification or bitcoin mixing, as mentioned in earlier paragraphs, in order to greatly reduce attacks by hackers and malwares.
Blockchain and cryptocurrency enterprises such as exchanges have also acknowledged the issue and are mitigating the risks of users by executing various measures and especially warranties such as insurance funds for their users. The folks at MyCryptoMixer are sure that although crypto-related crimes will not disappear tomorrow, hackers will become less of a threat if both users and enterprises regard the matter seriously, thereby making cryptocurrencies increasingly secure.