Blockchain is apparently more vulnerable to hacking than traditional finance. The anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at risk.
In most cases, cybercriminals use traditional tools, such as social engineering or distribution of malware, said Group IB experts.
The most frequent method is spear-phishing, an email scam. For instance, fraudsters deliver malware that looks like a job application: they send an email containing a fake resume with the subject line “Engineering Manager for Crypto Currency.” The attachment, however, has malware embedded in the document.
Five major attacks in 2017-2018 were linked to North Korean hackers from the Lazarus state-sponsored group. They stole $534 million in crypto from Coincheck, a Japanese crypto exchange. Other exchanges that suffered from their attacks include Yapizon, Coinis, and Bithumb. The data was presented in Group IB’s annual report, Hi-Tech Crime Trends 2018.
“Some of the exchanges, such as Bitcurex, YouBit and Bitgrail went bankrupt after the hacks,” said Dmitry Volkov, CTO at Group IB. “At the beginning of 2018 hacker interest in cryptocurrency exchanges ramped up.”
Volkov named the infamous hacker groups Silence, MoneyTaker and Cobalt as the most likely cryptocurrency exchange attackers in the future.
In 2017, hackers set their sights on founders, community members and platforms. More than 10 percent of funds raised through ICOs were stolen, while 80 percent of projects disappeared with the money without fulfilling obligations towards their investors.
In 2018, hackers also started attacking ICOs that raise private funding. For instance, cybercriminals targeted TON project, launched by Pavel Durov, Telegram’s founder, and managed to steal $35,000 in Ethereum. In May, TON's public ICO was cancelled after raising $1,7 billion in presale from a small group of private investors.
The worst generally happens on the first day of token sales: a set of DDoS attacks, the disruption of Telegram and Slack messages, and mailing list spamming.
Rushing to buy tokens at a discount, many blockchain enthusiasts haven’t been paying attention to details. Phishing, as well as attacks using fake domain names, account for approximately 56 percent of all funds stolen from ICOs.
This year has already seen several cases of investor database theft. “This information can be later resold on the darknet, or used for blackmail,” experts said.
A new method of fraud on the ICO market was stealing a White Paper and presenting an identical idea under a new brand name. Fraudsters then build a website featuring a new brand that uses the stolen project description.
In 2019, according to Group IB, the number of attacks on crypto exchanges will rise. The most aggressive hacker groups, which usually target banks, will shift their attention to blockchain. The world’s largest mining pools may also become targets.