Cryptocurrency Cyberattacks Result From “Underestimating Cybercriminals”, “Disregard” For Basic Security Measures, Security Firm Reports

Omar Faridi
  • Majority of crypto-related cyberattacks occur in the United States, Russia, and China, according to a study by Group-IB, an online security firm.
  • Group-IB found many crypto users don’t use basic security measures such two-factor authentication and using “complex and unique passwords.”

Group-IB, a global security firm focused on combating cyberattacks, has determined that crypto-related security breaches have increased by 369% between 2016 and 2017.

Notably, in January, 2018 a new record was set when “the number of [crypto-related hacks] jumped by 689% compared to the 2017 monthly average”, according to Group-IB’s findings.

“Every Third Victim Of The Attack Is Located In The US” 

The cybersecurity company’s blog also notes that the majority of crypto users who were targeted in cyberattacks were from the United States, China, and Russia. Moreover, Group-IB estimates that “every third victim of the attack is located in the US.”

Computer networks operated by cryptocurrency services were increasingly exploited when the crypto market reached record highs in late 2017, Group-IB’s blog stated. Data from the firm’s Threat Intelligence system was used by its security experts to analyze 720 compromised crypto accounts from the top 19 digital currency exchanges.

Additionally, 50 active botnets were found by Group-IB’s security team which had been designed specifically for cyberattacks on cryptocurrency exchanges. According to the security company’s data, the majority or 56% of the crypto hacking infrastructure was found in the US.

“Increasingly Wide Range” Of Malicious Software, Regularly Updated

Another 21.5% of the hacking systems were based in the Netherlands, 4.3% was in Ukraine, and 3.2% in Russia. As most other cybersecurity firms would be able to confirm, Group-IB’s investigation found that the attackers employ “an increasingly wide range of malicious software and update their tools on a regular basis.”

The most commonly used exploitative software programs are the Pony Formgrabber, Qbot and AZORult, according to the cybersecurity company’s research report. Hacking programs previously used to target traditional banks have also been altered to bypass the security systems of cryptocurrency exchanges, the report found.

“Underestimating Cybercriminals”

Group-IB concluded that a “successful attack” usually happens because of “disregard for information security and underestimating the capabilities of cybercriminals.” Significantly, the main factor identified in the report for crypto hacks is that users and even the exchanges often don’t enable two-factor authentication.

Many users were also found to be using fairly easy-to-guess or simple passwords, which showed their “disregard for basic security rules such as the use of complex and unique passwords”, Group-IB’s blog post notes.

Moreover, the company’s security experts came to a “bleak” realization that “currently no cryptocurrency exchange, regardless of its size and track record, can guarantee absolute security to its users.”

Vulnerable Source Code, Insecure Databases

Cryptocurrency exchange Bitfinex, Poloniex, Bithumb, Bitstamp, and HitBTC were specifically mentioned by Group-IB experts for “falling victim to targeted cyberattacks widely covered by the media.”

Vulnerable source code, insecure databases, lack of proper safety measures in transferring funds, and phishing attacks were also mentioned as frequently used “attack vectors” in the security firm’s blog.

Ruslan Yusufov, Director for Special Projects at Group-IB, stated, “Increased fraudulent activity and attention of hacker groups to crypto industry, additional functional of malicious software related to cryptocurrencies, as well as the significant amounts of already stolen funds signals that the industry is not ready to defend itself and protect its users.”