Get All Access for $5/mo

Why Hacked Accounts on Cryptocurrency Exchanges Rose 369% Last Year Users and exchanges disregard information security and underestimate the capabilities of cybercriminals

By Pooja Singh

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur Asia Pacific, an international franchise of Entrepreneur Media.

Shutterstock

The cryptocurrency industry is going through hard times. Rising fraudulent activity and increasing attention from criminals have plagued the digital asset industry, which is currently worth over $270 billion. A recent research says the number of hacked accounts on cryptocurrency exchanges websites rose 369 per cent in 2017 compared to the previous year, with 720 accounts across every major exchange been compromised.

Attack mode

The report, "2018 Cryptocurrency Exchanges: User Accounts Leaks Analysis", released by Group-IB, an international company that specialises in preventing cyberattacks and develops information security solutions, is based on data of cyber attacks on the 19 largest cryptocurrency exchanges in 2016 and 2017.

The US, Russia, and China are the top three countries affected by cyber attacks—and a third of all victims are in the US, says the report. The data from Group-IB found 50 active botnets, or networks made up of remote-controlled, used by cybercriminals to launch attacks on both users as well as exchanges. Over 55 per cent of the malicious infrastructure is coming from the US, while 21.5 per cent from the Netherlands, says the report. It adds that 4.3 per cent and 3.2 per cent of hackers' equipment is placed in Ukraine and Russia, respectively.

Go, went, gone

A big draw, as well as drawback, of a cryptocurrency transaction on the blockchain is that anyone can look at it—unlike transactions made through traditional banks where information is mostly under wraps. To gain account access, cybercriminals use good-old Trojans like Xbot, HawkEye, and AZORult that often work by disguising themselves as a harmless file or program. Over the years, however, the attacks have become more sophisticated. The Group-IB data shows the hackers are adapting tools used to attack banks to hijack cryptocurrency exchanges and wallets. For instance, they use fake ID to get a user's SIM card and recover passwords to gain control over their account.

"The number of malicious programs used by cybercriminals is constantly increasing, and the tools are regularly modified. Criminals have adapted patterns of attack on banks and used the same tools to hack cryptocurrency exchanges and wallets and make attacks on users," the report says.

Last year, Israeli startup CoinDash's initial coin offering was halted abruptly when a hacker changed the ethereum address the company was using to solicit funds—and stole $7 million worth of funds.

In May this year, cryptocurrency Verge suffered its second hack when attackers targeted a glitch in Verge's technology to mine multiple blocks virtually, and stole over 35 million XVGs (worth $1.7 million). The same tactic was used in a hack a month before which depleted Verge of 250,000 XVGs.

Where the Problem Lies

According to the Group-IB report, one of the main reasons for the increase in attacks is that both users and exchanges disregard information security and underestimate the capabilities of cybercriminals.

Both users and exchanges omit to use two-factor authentication, says the report, adding that they disregard basic security rules such as the use of complex and unique passwords. The data shows of the 720 accounts analysed, only one out of five users chooses a password shorter than eight characters.

"Increased fraudulent activity and attention of hacker groups to cryptoindustry, additional functional of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds signals that the industry is not ready to defend itself and protect its users. In 2018 we will see even more incidents," says Ruslan Yusufov, director of Group-IB, in the report.

Way Forward

One of the first things to be mindful of, recommends Group-IB, is password. It should contain at least 14 unique symbols, and different exchanges should have different passwords. It also recommends not to use public Wi-Fi.

"This situation requires prompt and effective response of all stakeholders, including experts in different areas," suggests Yusufov.


Pooja Singh

Former Features Editor, Entrepreneur Asia Pacific

 

A stickler for details, Pooja Singh likes telling people stories. She has previously worked with Mint-Hindustan Times, Down To Earth and Asian News International-Reuters. 

Business News

Meta Makes $1 Million Dollar Donation to Donald Trump's Inaugural Fund

Meta CEO Mark Zuckerberg also reportedly gave Trump a pair of Ray-Ban Meta smart glasses.

Starting a Business

They Bought an Ice Cream Truck Off eBay for $5,000. Now Their Company Has 70 Shops and Sells Treats in Over 12,000 Stores.

For the episode of "The Founder CEO," the co-founder and CEO of Van Leeuwen Ice Cream explains how one ice cream truck grew into a successful nationwide brand.

Leadership

Should I Stay or Should I Go? 8 Key Points to Navigate the Founder's Dilemma

Here are eight key signs that help founders determine whether to persevere or let go.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Marketing

Your Most Powerful Marketing Weapon Is Hiding in the Finance Department — Here's Why

Transform your marketing leadership by turning finance from a barrier into a strategic ally. Learn how aligning with your finance team can drive unprecedented growth and innovation.

Growing a Business

How Connecting With the Right Audience Drives Long-Term Business Success

Here's how targeted lead generation can help you unlock higher conversions, stronger brand loyalty and scalable growth.