Group-IB, a company that provides computer forensics and cybersecurity services large international companies, published a report last week the put a number to the frequent cryptocurrency exchange hacks that seem to happen on a weekly basis. According to Group-IB, attacks during 2017 and through Q3 of 2018 totaled $882 in value stolen. The report states that at least 14 different crypto exchanges have been hacked.
The most prolific hackers are the Lazarus group which is a state sponsored cyber terror organization backed by the North Korean government. While North Korea faired poorly at the winter Olympics in Pyeongchang, South Korea this year, they certainly have earned the gold medal of crypto-hacking.
Group-IB reports that five attacks can be traced back to the North Korean Lazarus group. This includes the hack of the Japanese crypto exchange Coincheck which saw a whopping $534 million siphoned from its digital coffers.
Lazarus group attacked the following crypto exchanges: Yapizon, Coinis, YouBit, Bithumb, and Coinckeck. Group-IB says that after the local network is compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.
Group-IB explains that cyber-crooks typically use traditional tools and methods to steal funds. This includes “spear phishing,” social engineering, malware and “website defacement.”
Spear Phishing was said to be a major attack for corporate networks. Fraudsters send malware in an email with a fake CV. Click on the file named .doc and its all over.
A single hack can deliver tens of millions of dollars in cryptocurrencies with little repercussion for the thefts.
Regarding initial coin offering theft, Group-IB states that over 56% of funds were stolen through phishing attacks.
In 2017 more than 10% of funds raised through ICOs were stolen. Approximately 80% of projects disappeared with the money without fulfilling any obligations towards their investors … even while ICO funding increased dramatically.
Group-IB pointed to the TON project, founded by Pavel Durov, where cybercriminals managed to steal $35,000 in Ethereum.
These Phishing attacks are not always aimed at stealing money. Apparently there were several cases of investor database theft. This information may be re-sold on the dark net or potentially used to blackmail individuals.
Another novel scam is to steal the White Paper of an ICO project and then present an identical idea under a new brand name. Quickly create the site, launch the offering, and off you go.
Group-IB predicts that in 2019 the number of crypto exchange hacks will rise.
Mining is at risk too, as mining pools may become a new target using a 51% attack to gain control.