According to a recent report published by cybersecurity firm Carbon Black, cybercriminals have stolen over $1.1 billion worth of cryptocurrency this year, with moves that purportedly weren’t too hard to pull off.
As reported by CNBC, cybercriminals use the dark web to facilitate cryptocurrency theft. Carbon Black estimates that there are 12,000 marketplaces with about 34,000 listings related to cryptocurrency theft on them.
Malware used to steal cryptocurrencies, per McElroy, often comes with customer service, and costs an average of $224, but can be as cheap as $1.04. Per Carbon Black’s study, marketplaces listing tools used to steal cryptocurrencies have grown into a $6.7 million economy.
McElroy added that to become a cybercriminal, all dark web users need to do is access specific websites and buy specific products. After that, they don’t even need to know how to code, as customer service will help them along the way.
A strategist at the cybersecurity firm, Rick McElroy, was quoted as saying:
"It's surprising just how easy it is without any tech skill to commit cybercrimes like ransomware. It's not always these large nefarious groups, it's in anybody's hands."
As such, crypto thefts can come from organized cartels running sophisticated schemes, or from groups and individuals extorting exchanges and companies. Often, the strategist noted, highly trained unemployed engineers who need to pay rent turn to cybercrime.
He added that first-time investors fail to properly secure their funds, and that unlike fiat currencies stored in banks, cryptocurrencies aren’t protected by a third party. The strategist said:
"Usually we rely on banks, the tools are out there but investors need to know how to do this. A lot of people are unaware in this new gold rush, people are using cloud wallets and not securing their money."
Per Carbon Black’s report, exchanges are the most popular target cybercriminals hit, as they were hit with 27 percent of this year’s attacks. The most notable case was that of Tokyo-based Coincheck, which lost over $500 million worth of NEM tokens earlier this year. Recently, cryptocurrency exchange Bitfinex was hit with a distributed denial of service (DDoS) attack, although seemingly no funds were lost.
After exchanges, businesses were the most targeted group, making up for 21 percent of the attacks. Per Carbon Black, hackers often encrypt their files to demand a ransom in cryptocurrency. No names were revealed, as “some of the incidents were not yet public.”
Cybercriminals prefer Monero
The cybersecurity firm’s report further reveals that bitcoin isn’t the most sought-after cryptocurrency among cybercriminals, as only about 10 percent of attacks were looking for it. Ethereum, the second largest cryptocurrency by market cap, accounted for 11 percent.
Notably, 44 percent of all attacks were related to privacy-centric cryptocurrency Monero (XMR), because of the anonymity it provides, with its relatively low transaction fees also being a factor. The United States were the most affected country, hit with 24 percent of crypto-related attacks, while China was hit with 10 percent. The United Kingdom came in third place, with 8 percent of attacks directed towards it.