Why Hacked Accounts on Cryptocurrency Exchanges Rose 369% Last Year

Users and exchanges disregard information security and underestimate the capabilities of cybercriminals

You're reading Entrepreneur Asia Pacific, an international franchise of Entrepreneur Media.


The cryptocurrency industry is going through hard times. Rising fraudulent activity and increasing attention from criminals have plagued the digital asset industry, which is currently worth over $270 billion. A recent research says the number of hacked accounts on cryptocurrency exchanges websites rose 369 per cent in 2017 compared to the previous year, with 720 accounts across every major exchange been compromised.

Attack mode

The report, "2018 Cryptocurrency Exchanges: User Accounts Leaks Analysis", released by Group-IB, an international company that specialises in preventing cyberattacks and develops information security solutions, is based on data of cyber attacks on the 19 largest cryptocurrency exchanges in 2016 and 2017.

The US, Russia, and China are the top three countries affected by cyber attacks—and a third of all victims are in the US, says the report. The data from Group-IB found 50 active botnets, or networks made up of remote-controlled, used by cybercriminals to launch attacks on both users as well as exchanges. Over 55 per cent of the malicious infrastructure is coming from the US, while 21.5 per cent from the Netherlands, says the report. It adds that 4.3 per cent and 3.2 per cent of hackers' equipment is placed in Ukraine and Russia, respectively.

Go, went, gone

A big draw, as well as drawback, of a cryptocurrency transaction on the blockchain is that anyone can look at it—unlike transactions made through traditional banks where information is mostly under wraps. To gain account access, cybercriminals use good-old Trojans like Xbot, HawkEye, and AZORult that often work by disguising themselves as a harmless file or program. Over the years, however, the attacks have become more sophisticated. The Group-IB data shows the hackers are adapting tools used to attack banks to hijack cryptocurrency exchanges and wallets. For instance, they use fake ID to get a user's SIM card and recover passwords to gain control over their account.

"The number of malicious programs used by cybercriminals is constantly increasing, and the tools are regularly modified. Criminals have adapted patterns of attack on banks and used the same tools to hack cryptocurrency exchanges and wallets and make attacks on users," the report says.

Last year, Israeli startup CoinDash's initial coin offering was halted abruptly when a hacker changed the ethereum address the company was using to solicit funds—and stole $7 million worth of funds.

In May this year, cryptocurrency Verge suffered its second hack when attackers targeted a glitch in Verge's technology to mine multiple blocks virtually, and stole over 35 million XVGs (worth $1.7 million). The same tactic was used in a hack a month before which depleted Verge of 250,000 XVGs.

Where the Problem Lies

According to the Group-IB report, one of the main reasons for the increase in attacks is that both users and exchanges disregard information security and underestimate the capabilities of cybercriminals.

Both users and exchanges omit to use two-factor authentication, says the report, adding that they disregard basic security rules such as the use of complex and unique passwords. The data shows of the 720 accounts analysed, only one out of five users chooses a password shorter than eight characters.

"Increased fraudulent activity and attention of hacker groups to cryptoindustry, additional functional of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds signals that the industry is not ready to defend itself and protect its users. In 2018 we will see even more incidents," says Ruslan Yusufov, director of Group-IB, in the report.

Way Forward

One of the first things to be mindful of, recommends Group-IB, is password. It should contain at least 14 unique symbols, and different exchanges should have different passwords. It also recommends not to use public Wi-Fi.

"This situation requires prompt and effective response of all stakeholders, including experts in different areas," suggests Yusufov.