Lessons From the Latest Cryptocurrency Theft

Published On June 12, 2018

Bitcoin cryptocurrency has the attention of more than just investors. It now has the attention of cyber criminals.

When the bitcoin cryptocurrency briefly topped $19,000 in value last year, it got the attention of more than just investors and day-traders. It also caught the eye of cyber criminals.

They have responded as expected, stealing more than $1.1 billion in crypto currency during the past six months, according to a new report by Carbon Black. Their weapons of choice include good old-fashioned hacking and new breeds of malware that specialize in stealing from crypto currency exchanges, businesses and individual users. Security software firm Carbon Black has estimated that there are 12,000 marketplaces on the dark web selling more than 34,000 forms of this malware at prices beginning at just over a dollar.

There are two basic approaches to cryptocurrency theft, that attackers use to steal from their victims. Unlike a conventional bank account, money owners have the option of transferring funds to a local electronic wallet on a PC or mobile device. In many cases, these private vaults are protected by nothing more than a password. Malware harvests legitimate credentials from a victim’s computer to look for those that might unlock the wallet, using the same techniques criminals employ to steal passwords. If a crook gains access to a local wallet, funds can disappear just like that.

The most recent hack wasn’t an individual, however, but a crypto exchange. That’s an online platform that enabled crypto currency owners to trade virtual currencies with each other or for real cash. There are thousands of such exchanges, and regulatory oversight is light.

One of them, a Korean exchange called Coinrail, reported that $40 million worth of crypto currency was stolen, apparently by an attacker who was able to channel funds from the accounts of law-abiding customers into its own. That follows upon a much bigger hack in January, when Japanese crypto currency exchange Coincheck said it lost more than $400 million in tokens. The value of bitcoin plummeted 10% in a single day following the Coinrail revelation, dramatizing how sensitive the market is to even a small compromise.

The lesson: Never store crypto currency online or in a wallet that must be connected to the internet to work. Use offline storage media such as a thumb drive, employ two factor-authentication and make sure to limit the number of people who have access to the wallet. When using an exchange, minimize the amount of time your currency is out of your hands.

A less malicious, but also insidious form of crypto currency theft is mining malware. This takes advantage of a unique characteristic of many virtual currencies, which is that they can be earned. To do that, people solve complex equations in a process called mining, with rewards in cryptocurrency for every problem they solve.

The problems aren’t trivial. In fact, they’re so complex that it can take a single PC thousands of years to solve just one, so attackers use malware to hijack computers, federate them in a network and dedicate all or part of their collective processing power to crypto mining. Some recent attacks can even launch mining processes from individual webpages without the user’s knowledge.

Crypto mining isn’t stealing, but it still has an impact on victims. In addition to the costs of power, large-scale mining malware infections can slow computers to a crawl. Customer support reps can’t access account records on a timely basis and financial transactions may be delayed or canceled. That’s not to mention the productivity drain of having the performance of every computer in your company fall by half.

Given the huge run-up in the value of some crypto currencies over the last year, businesses may be tempted to invest or start conducting transactions with virtual money. Be aware of – and prepared for – the risks you’ll be taking with a form of currency that’s largely unregulated and mostly anonymous.