Get All Access for $5/mo

Why Hacked Accounts on Cryptocurrency Exchanges Rose 369% Last Year Users and exchanges disregard information security and underestimate the capabilities of cybercriminals

By Pooja Singh

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur Asia Pacific, an international franchise of Entrepreneur Media.


The cryptocurrency industry is going through hard times. Rising fraudulent activity and increasing attention from criminals have plagued the digital asset industry, which is currently worth over $270 billion. A recent research says the number of hacked accounts on cryptocurrency exchanges websites rose 369 per cent in 2017 compared to the previous year, with 720 accounts across every major exchange been compromised.

Attack mode

The report, "2018 Cryptocurrency Exchanges: User Accounts Leaks Analysis", released by Group-IB, an international company that specialises in preventing cyberattacks and develops information security solutions, is based on data of cyber attacks on the 19 largest cryptocurrency exchanges in 2016 and 2017.

The US, Russia, and China are the top three countries affected by cyber attacks—and a third of all victims are in the US, says the report. The data from Group-IB found 50 active botnets, or networks made up of remote-controlled, used by cybercriminals to launch attacks on both users as well as exchanges. Over 55 per cent of the malicious infrastructure is coming from the US, while 21.5 per cent from the Netherlands, says the report. It adds that 4.3 per cent and 3.2 per cent of hackers' equipment is placed in Ukraine and Russia, respectively.

Go, went, gone

A big draw, as well as drawback, of a cryptocurrency transaction on the blockchain is that anyone can look at it—unlike transactions made through traditional banks where information is mostly under wraps. To gain account access, cybercriminals use good-old Trojans like Xbot, HawkEye, and AZORult that often work by disguising themselves as a harmless file or program. Over the years, however, the attacks have become more sophisticated. The Group-IB data shows the hackers are adapting tools used to attack banks to hijack cryptocurrency exchanges and wallets. For instance, they use fake ID to get a user's SIM card and recover passwords to gain control over their account.

"The number of malicious programs used by cybercriminals is constantly increasing, and the tools are regularly modified. Criminals have adapted patterns of attack on banks and used the same tools to hack cryptocurrency exchanges and wallets and make attacks on users," the report says.

Last year, Israeli startup CoinDash's initial coin offering was halted abruptly when a hacker changed the ethereum address the company was using to solicit funds—and stole $7 million worth of funds.

In May this year, cryptocurrency Verge suffered its second hack when attackers targeted a glitch in Verge's technology to mine multiple blocks virtually, and stole over 35 million XVGs (worth $1.7 million). The same tactic was used in a hack a month before which depleted Verge of 250,000 XVGs.

Where the Problem Lies

According to the Group-IB report, one of the main reasons for the increase in attacks is that both users and exchanges disregard information security and underestimate the capabilities of cybercriminals.

Both users and exchanges omit to use two-factor authentication, says the report, adding that they disregard basic security rules such as the use of complex and unique passwords. The data shows of the 720 accounts analysed, only one out of five users chooses a password shorter than eight characters.

"Increased fraudulent activity and attention of hacker groups to cryptoindustry, additional functional of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds signals that the industry is not ready to defend itself and protect its users. In 2018 we will see even more incidents," says Ruslan Yusufov, director of Group-IB, in the report.

Way Forward

One of the first things to be mindful of, recommends Group-IB, is password. It should contain at least 14 unique symbols, and different exchanges should have different passwords. It also recommends not to use public Wi-Fi.

"This situation requires prompt and effective response of all stakeholders, including experts in different areas," suggests Yusufov.

Pooja Singh

Former Features Editor, Entrepreneur Asia Pacific


A stickler for details, Pooja Singh likes telling people stories. She has previously worked with Mint-Hindustan Times, Down To Earth and Asian News International-Reuters. 

Business News

Want to Start a Business? Skip the MBA, Says Bestselling Author

Entrepreneur Josh Kaufman says that the average person with an idea can go from working a job to earning $10,000 a month running their own business — no MBA required.

Growing a Business

The Next Phase of Fiverr—the Freelance Marketplace Expands Into Hiring

Is their AI and Business Partner service a game-changer for hiring talent?

Business News

How Nvidia CEO Jensen Huang Transformed a Graphics Card Company Into an AI Giant: 'One of the Most Remarkable Business Pivots in History'

Here's how Nvidia pivoted its business to explore an emerging technology a decade in advance.

Side Hustle

She Had Less Than $800 When She Started a Side Hustle — Then This Personal Advice From Tony Robbins Helped Her Make $45 Million

Cathryn Lavery built planner and conversation card deck company BestSelf Co. without any formal business education.


Your Definition of Leadership Is Outdated — Here's How to Be a Better Leader in the Modern Workplace

In my nearly thirty years as a leader, I've focused on setting a clear vision and empowering my team to achieve our goals. We prioritize establishing shared objectives while allowing for flexibility when needed.


4 Ways To Use ChatGPT To Increase Your Productivity

While AI and ChatGPT are still developing technologies, there is still much to learn and explore. However, companies are already starting to see significant benefits from judicious use of these tools across departments and functions.