Cryptocurrencies like bitcoin are today’s hottest investment opportunities. They have made millions of dollars for savvy investors. Yet cryptocurrencies have become the target of widespread theft and scams. They are also central to digital extortion, money laundering and other crimes that can impact you—even if you don’t invest in cryptocurrency.
First, cryptocurrencies became the payment method of choice for ransomware attacks like Locky and WannaCry. Then German regulators shut down OneCoin for alleged fraud and scammers in South Korea stole millions of bitcoins from exchange customers.
Cryptocurrencies like bitcoins and ethers have become a focal point for cyber attacks across the globe. When money becomes purely software, the cyber security needed to protect against hackers stealing and manipulating bitcoins and altcoins are sure to change in unexpected ways.
For a detailed analysis of how cryptocurrencies are shaping trends in cybercrime and how these trends can impact your cyber security ― whether you participate in cryptocurrencies or not, read the whitepaper Cryptocurrencies: How Safe is Safe to learn how cryptocurrencies work and how criminals are stealing them, manipulating their prices and more. Did you know:
- DDoS attacks against exchanges can manipulate cryptocurrency prices
- Criminals are stealing computing power from businesses to mine crypto coins
- Some initial coin offerings (ICO) are simply scams
- How cryptocurrencies work
- Ways cyber criminals steal and manipulate bitcoins
- Why cryptocurrencies are essential for ransomware
The digital transformation lets us turn any car into a taxicab, any house into a hotel and creates boundless new opportunities. But what are the risks when we transform traditional money into digital cryptocurrencies like Bitcoin? The rapid growth of currencies like Bitcoin, Ethereum and 800 other issuers makes this a good time to consider issues related to their cyber security. Globally, the market value of cryptocurrencies is in the neighborhood of $120bn. Cryptocurrency expert Derin Cag stated,
According to the World Economic Forum (WEF), the blockchain ecosystem will store 10% of the world’s GDP ($101 trillion) by 2025.
Taking note of this rapid growth, the central banks of Denmark, Vietnam and several other countries are experimenting with issuing their own cryptocurrencies. However, in light of China closing the country’s Bitcoin exchanges, it is hard to know whether we will replace traditional money with cryptocurrencies, or they will only occupy specialty niches in the global economy. In the short term, cryptocurrencies are quickly gaining traction as a medium of exchange, growing 10 times since the beginning of 2017, and as a method for raising investment capital. As they grow, cryptocurrencies are also shaping trends in cybercrime. To understand the risks, it helps to understand how each element that makes up a cryptocurrency can be a potential target for cybercrimes.
Is Malware In The Money?
A cryptocurrency uses a digital ledger called blockchain that contains public addresses. Like a bank, each public address stores a balance of cryptocurrency units, for example 2.0003 BTC (bitcoins). You can think of a public address as a transparent safe that lets everyone see how much money it contains. To move money out of a safe, you need the safe’s private key. When you “own some bitcoin,” you actually own a private key to a public address that contains a record of your balance of bitcoins. Making a transaction means changing the cryptocurrency balances of those involved in the transaction and recording all changes in the blockchain ledger.
You call a cryptocurrency unit the name its issuer gives it such as a bitcoin issued by Bitcoin, or more generally we refer to a currency unit as a token or an altcoin (alternative to bitcoin). Tokens can either be intrinsic or asset based. Intrinsic tokens contain their own value like dollars or euros, while asset-based tokens have a claim on an asset such as a business. This makes asset-based tokens more like shares of stock. In addition, some issuers like Bitcoin simply provide tokens, while other issuers such as Ethereum provides tokens and “smart contracts” that are executable applications optimized to run on a distributed blockchain computer network.
As tokens are virtual numbers entered in a blockchain and are not entities independent of a blockchain, users don’t send tokens to other users’ wallets. Tokens are not in a form that can be compromised to infect their owners’ computing devices. Could a cryptocurrency become compromised with malware? As far as anyone knows, it hasn’t been accomplished and might not be possible. However, as with any type of software, someone is likely trying to figure out how to compromise a blockchain through software updates, by tampering with the consensus protocol that monitors transactions or through some other unknown method.
Blockchain: Distribution and Encryption As Safety Measures
Blockchain acts as the bank vault that stores tokens and the ledger that records transactions. A blockchain is a series of lists—the blocks—which contain data and pointers that link one block to the previous block. Blockchain is a distributed software system. This means that functionally similar copies of blockchain software and the data they hold reside on many computers connected to each other through a peer-to-peer network. According to a Check Point analyst, there are 10 different software versions just for bitcoin. The computers on the network use a consensus protocol to confirm the records of verified transactions and verify new transactions in the blockchain. To steal tokens or otherwise alter a blockchain, criminals would have to compromise many hundreds or thousands of distributed computers at the same time. Blockchain’s decentralized structure and use of computer-intensive encryption makes cryptocurrencies resistant to tampering.
Bitcoin is an open system which means a community of developers creates updates for Bitcoin’s software. Members of Bitcoin’s blockchain-processing community (coin miners or operators) choose whether or not to install these updates on their computers. On one hand there isn’t a process for making automatic software updates that attackers could take advantage of for installing malware. On the other hand, if a serious vulnerability is found in bitcoin software, computer operators are using several versions of the software, which could make patching difficult. In addition, all bitcoin operators might not install patches in a timely manner, leaving computers on the network vulnerable to exploitation.
Blockchains can be attacked other ways. A “51% attack” happens when a miner or group of miners controls over 50% of a network’s computing power or “hash rate.” Controlling the majority of a network’s computing power could let an attacker monopolize the recording of new blocks and prevent other minors from completing blocks. This lets the attackers receive all of the mining rewards and can block other users’ transactions. Or, the attacker could send a transaction, and then reverse the transaction, making it appear they still had the coin they spent. This is called double spending. Krypton and Shift, cryptocurrencies whose blockchains are based on Etherium, suffered 51% attacks in August 2016.
Looking beyond infrastructure, there are many examples of cyber-attacks that steal, extort or scam using cryptocurrencies.
Cryptocrime Does Pay
Coin Miners and Claim Jumpers
When a computer in a blockchain network processes an encrypted transaction, it adds the details of the transaction to a block. In return for this participation the cryptocurrency’s decentralized mining application creates a block that contains a mining reward that all the networks’ computers validate. Processing transactions and receiving tokens in payment is called currency mining. However, not all mining is done legally. A criminal campaign planted malware called Adylkuzz in 200,000 computers, turning them into zombie miners. The owners of the compromised computers paid for the electricity and processing power needed to make blockchain transactions. However, it was the claim jumpers controlling the zombie computers who received an estimated €1,000,000 worth of a cryptocurrency called Monero for free. Likewise, Pirate Bay, the leading torrent download site, was caught secretly planting an in-browser cryptocurrency miner on its website that uses its visitors’ CPU processors to mine digital currencies without their knowledge or permission.
Exchanges are websites where members of the public can buy, sell and trade cryptocurrencies. Exchanges present several possible points of compromise. For example, criminals recently stole bitcoins from customers of the world’s 4th largest bitcoin exchange called Bithumb located in Korea. They did this by first stealing the personal data of 31,000 customers from a Bithumb employee’s computer. The criminals used the data for a social engineering campaign in which a phone scammer tricked Bithumb customers into divulging their wallet credentials, which the criminals used to steal the victims’ bitcoins.
Besides compromising exchanges to steal tokens, criminals can launch denial-of-service attacks against exchanges to manipulate the value of cryptocurrencies. Since the price of bitcoin is set by several exchanges around the world, denying access to one or more exchanges could let a complicit trader take advantage of price differences. Indeed, threat actors have attacked two exchanges, Bitfinex and BTC-e with denial service attacks with the intent of manipulating cryptocurrencies’ prices.
Who’s In Your Wallet?
Crypto wallets are different than digital wallets. A digital wallet holds digital versions of credit cards, bank cards, and other standard payment methods. In contrast, crypto wallets are software applications that hold the owners’ public and private encryption keys and interact with blockchains. These wallets let users make transactions and keep track of their tokens stored on the blockchain. Crypto wallets do not contain tokens. So far, wallets’ risk factors depend mainly on the security of the wallet’s owner and the devices where he or she keeps the wallet. A crypto wallet that you keep on your computer or smartphone can be compromised if attackers steal your wallet credentials using malicious apps, spyware, phishing and other standard cyber-attack methods. Recently, researchers identified a new type of ransomware designed to steal bitcoin wallet information and other sensitive information.
Perhaps cryptocurrencies’ most prominent contribution to global cybercrime is its use as the payment method of choice in ransomware attacks. In 2015 researchers at Check Point discovered that threat actors were scaling back banking Trojan attacks and increasing ransomware attacks. One reason behind the changeover was that banks have safeguards that block suspicious money transfers. Also, bank transfers are easier for law enforcement agencies to trace. In contrast, ransomware demands payments in tokens that are much harder to trace and transactions can’t be blocked. It has been reported that someone recently emptied the 3 wallets used by the WannaCry ransomware attack of $140,000 in bitcoins. Due to growing interest by government regulators, cryptocurrencies and exchanges could become less anonymous payment methods for cyber criminals. However, there is a growing trend towards complete privacy through untraceable cryptocurrencies such as Monero and Zcash. They use advanced methods to hide transaction details in the ledger. They are becoming more popular among criminals than bitcoin, due to bitcoin’s transparent ledger.
Feasting on ICOs
To raise startup capital, some entrepreneurs issue their own cryptocurrencies. Investors buy the newly issued tokens in events called initial coin offerings (ICOs). Besides legitimate investment opportunities, ICOs can create opportunities for scammers and thieves. Scammers who want to raise money by holding an ICO can simply pretend to issue a cryptocurrency and instead set up a Ponzi scheme. Authorities in Mumbai, India raided a company called OneCoin seizing more than $2 million in investor funds. According to news reports, OneCoin was a Ponzi scheme that had allegedly moved at least $350 million in scammed funds through a payment processor in Germany.
A different group found a simple way to use an ICO to steal tokens. When a trading platform for an ether-based cryptocurrency named Coindash held their ICO, cyber criminals took over Coindash’s website and replaced Coindash’s ether wallet address with their own wallet address. Before Coindash discovered the attack, investors sent $7.4 million worth of ethers to the criminals’ wallet.
Pump and Dump
Like shares of stock, the value of tokens can quickly vary. This makes them, like shares of stock, subject to pump and dump fraud schemes in which a scammer makes misleading statements that cause a token’s price to rise. The scammers sell their tokens at the inflated price.
Money laundering makes “dirty money” derived from illegal activities appear to be legal or “clean.” A launderer brings the illicit money into the financial system, performs transactions to obscure the money’s source, and then return the proceeds of these transactions to the mainstream economy. Cryptocurrencies are ideal for laundering money. Despite the transparency of bitcoin transactions, the transactions don’t capture personally identifiable information (PII) which gives users anonymity. Under this cover, users can quickly make transactions among several wallets, then purchase goods through participating merchants or turn their tokens back into regular money at exchanges. Traditional banks have largely avoided cryptocurrencies as their use could cause problems complying with money-laundering regulations such as the Bank Secrecy Act (BSA) and the Anti-Money Laundering (AML) Act. Also, the hundreds of blockchains now running and new ICOs that could be an attractive way to launder money make investigations by law enforcement agencies more difficult.
What It All Means
Cryptocurrencies create risks whether you are a player on the field or sit on the sidelines. Businesses must be aware that processing blockchain transactions to receive coin mining rewards is expensive for miners due to the high cost of computing resources and the electricity it takes to run and cool them. These high mining costs make it worthwhile for criminals to hijack large numbers of computers from legitimate businesses to mine tokens. Having computing resources hijacked for mining is especially risky for organizations that use scalable virtual machines in a lightly protected public cloud environment. Whether your IT program uses a business network or a public cloud, you must protect your computing resources with advanced threat prevention and anti-bot security technology or risk paying for mining someone else’s tokens.
Currency miners should also protect their computers with advanced threat prevention to protect their computing resources from being hijacked, protect their computing assets against denial of service attacks and prevent computers from becoming infected with malware intended to monitor computing activity or otherwise manipulate the value of a cryptocurrency.
Exchanges should protect their user’s cryptocurrency by using cold storage to store user funds. This involves moving private keys to offline devices. In addition, for stronger hot storage security, exchanges should use multisignature (multisig) wallets that use more than one key to authorize transactions. In addition, exchanges should protect their core networks against denial of service and advanced threats to prevent manipulation of currency prices. To prevent exposing customer data to criminals, exchanges must also protect the endpoint computers employees use.
If you are a personal user of cryptocurrencies, the emphasis moves to your own security practices. The best way to do this is to store cryptocurrency on special hardware wallets that are not connected to the Internet such as Trezor and Ledger Nano S. If you continue to use your current devices for your crypto wallet, be sure you at least have antivirus installed on your devices including mobile-threat prevention on your smartphone. Never give out your wallet credentials to anyone. Preventing spyware and phishing attacks from stealing your wallet’s credentials is your responsibility. Cryptocurrencies offer great opportunities for decentralizing transactions of many kinds, but, they still have some work to do before you can feel secure using them.
Source: Bob Matlow, Cyber Security Advocate, Check Point Software Technologies