9 December 2022

How Hackers Are Stealing Billions In Cryptocurrency

DANIEL FEININGER

Cryptocurrency continues to sit at the forefront of finance news. Led by juggernauts such as Bitcoin or Ethereum, cryptocurrency (or simply "crypto") offers a new way to invest in, and develop a portfolio of, financial assets (via Investopedia). Cryptocurrency remains a volatile asset class, so anyone engaging in market speculation should do so only after conducting extensive research into the topic and any particular crypto assets that may be of interest.

One thing that's causing a lot of this volatility is the vulnerability that crypto exhibits when it comes to hackers and the theft of portfolio assets. Cybercriminals target cryptocurrency as a rule rather than an exception. The FBI has warned users in the past about scammers using ATMs and QR codes to steal money, but this is just scratching the surface.

CNBC notes that by July of 2022, hackers had already made off with almost $2 billion worth of cryptocurrency assets this year, almost double the same figure from last year. Experian reports that financial crimes are a gigantic cottage industry around the world, with over $6 billion in non-identity theft losses in 2021, and almost $50 billion in costs across the industry relating to compliance with financial law (via Insurance Journal). But the surging momentum of these thefts should be alarming to anyone invested or thinking of investing in crypto. Cryptocurrency is and has long been a prime target for cybercriminals for a variety of interesting reasons.

Blockchain technology is necessarily open source and therefore an easy prey

Maksim Shmeljov/Shutterstock

One thing that sets cryptocurrency apart from other investments is that it is, by design, an open-source environment, according to Koombea. In the same way that users who want to invent their own cryptocurrency or expand upon blockchain technology can easily access the source code for a coin or token, hackers who intend to engage in malicious activity are also able to study the code and test out potential breaches (via CNBC).

Because of this reality, blockchain technology is both phenomenally inviting for aspiring developers and vulnerable to attack at the hands of hackers simultaneously. HedgewithCrypto notes that 47 cryptocurrency exchanges have been breached at some point in their individual histories, so virtually all crypto users have likely been affected in some way or another (one notable exception being Coinbase, which has purportedly never been hacked).

In addition to the relative vulnerability that open source code exhibits, there is also a definite and intense benefit to hacking crypto resources. As with any type of theft, those who are looking to steal something are going to chase after things of value. Because cryptocurrency retains a sizable commodity value it is a natural target for hackers. Similarly, the ease of liquidation makes cryptocurrency a hotbed for this kind of behavior. In fact, many of the largest breaches are suspected of being orchestrated by company insiders who made off with millions or even tens of millions of dollars worth of assets.

Social engineering schemes are also rampant in the crypto environment

Chinnapong/Shutterstock

Social engineering is the practice of deceiving a victim into divulging critical information (via Webroot). For example, a hacker utilizing social engineering might email a known cryptocurrency owner with a message that appears to be from their crypto organization, urging them to log into their account. The email includes a link, bringing users to a replica login page that steals the user's password when they sign in.

Phishing attacks like these are incredibly successful and were in regular use before crypto was even a thing. PhishMe reports that more than $5 billion was stolen through phishing between 2013 and 2016 alone. Social engineering thefts take many different formats, including old-school scams like cold-calling or the classic Nigerian Prince scheme (CNBC notes that this antiquated approach still nets thieves nearly $1 million each year).

Because the cryptocurrency realm remains so lucrative, yet highly unregulated, thieves have targeted crypto users aggressively. This is changing, with new tools to help users manage and report their crypto gains, plus additional guardrails within wallets and exchanges. Cryptocurrency still struggles with mitigating these types of risks, however. While it may be straightforward for a bank to track down where a fraudulent transaction came from, theft in the crypto world is far less cut and dry. As a result, it is crucially important to remain vigilant and utilize best practices for securing your passwords and accounts at all times.

No comments: