Categories
Articles Crypto

Crypto hacks, heists & scams

As cryptocurrency is becoming more popular for investments and transactions, so too is it becoming a bigger target for crypto hacking. In this article we look at some of the recent events that have taken place.

Crypto hacks, heists & scams

How secure is cryptocurrency?

Much of the technology associated with cryptocurrency is supposed to be secure by design:

  • Transactions use Public and Private Keys to generate a Hash consisting of a unique 66 character string.
  • Unique addresses are used within a transaction to send cryptocurrency between.
  • Blockchains utilize consensus decision making, and ledger replication over multiple servers, to prevent single point compromises impacting the whole crypto network.

With this in mind you would think that cryptocurrency is completely secure? Unfortunately this is not the case because there are areas of weaknesses. These include the following vulnerabilities:

  • Exchanges (Centralized & Decentralized) – at risk if software is not being regularly updated with security patches.
  • Software or Hot Wallets – vulnerable if there are bugs in the software that can be exploited.
  • User devices – computers, smartphones & tablets are subject to software not being updated or apps containing exploitable bugs.
  • Internet connections – using public WiFi or unsecured connections to interact with wallet and exchanges can lead to hackers intercepting traffic and capturing login credentials.
  • Human behavior – the use of weak passwords, the same ones being used for multiple site logins, and writing passwords down can lead to usernames/passwords being discovered or guessed.

All of the above lead to opportunities for criminal elements in the world of cyber crime. Let’s take a look at some recent events that have been in the news…

KuCoin Crypto Exchange $280m hack

The Singapore-headquartered digital asset exchange KuCoin said in a statement it detected large withdrawals of bitcoin (BTC) and ethereum (ETH) tokens to an unknown wallet…

coindesk.com – Sep 26, 2020

This breach involved hackers gaining access to hot wallets on the exchange having obtained the Private Keys. Cryptocurrency was then transferred out of these wallets. Fortunately the exchange held a portion of the crypto in cold wallets so these were unaffected.

How the Private Keys were obtained was not known.

Click here for more coverage.

UK-based EXMO Exchange $52m hack

…the security audit report showed that some amounts of BTC, XRP, ZEC, USDT, ETC and ETH in EXMO’s hot wallets were transferred out of the exchange. We reacted immediately and re-deployed hot wallets. The affected hot wallets comprise near 5% of the total assets.

exmo.com – Dec 21, 2020

EXMO went on to stress that all crypto held in cold wallets was safe and that any user funds affected by the incident were covered. The incident was reported to the Cybercrime team of the London Police.

As a consequence of this breach EXMO are developing a new infrastructure for hot wallets. No explanation for the cause of the original breach was released.

Check here to read further.

Ledger Wallet provider data breach

Ledger is a Paris-based company who make hardware wallets such as the Nano S and Nano X. These devices are used by individuals to secure their crypto offline. The hardware wallet is connected to the Ledger Live app running on smartphones, tablets and computers.

The firm suffered a data breach in July 2020 whereby personal information of 270k+ users was stolen from their website due to a vulnerability. Customer data such as email addresses, names, phone numbers, and addresses was obtained from a connected database.

Many bitcoin and cryptocurrency investors have since been subject to a barrage of phishing attempts with scammers using the data to try to trick users into handing over the keys to their bitcoin and crypto wallets…

forbes.com – Dec 23, 2020

It is understood that an estimated 9.5k customers were affected via phishing attacks as a result of this hack. Other attacks include SIM Swaps whereby hackers contact the target’s cellular provider and migrate the number onto a new SIM to subsequently exploit.

Click here for the full article.

Yearn.finance Vault raided for $2.8m

…an unknown entity stole $2.8 million from a shared digital “vault” on the investment website Yearn.finance. The culprit exploited the vault using Aave, an open-source cryptocurrency platform that allows people to make “flash loans,” a rapid borrowing and repaying of money without the need for collateral.

newsweek.com – Feb 4, 2021

Yearn.finance, like many other cryptocurrency projects, allows users to ‘stake’ their own Yearn crypto into vaults that is then used by the Decentralized Finance (DeFi) site to fund their offerings. In return the users receive earnings of up to 27% per week.

The exploit performed by the hacker involved issuing an Aave loan against a vault and subsequently draining it of funds. To date further details of the breach have not yet been released.

Yearn.finance

Read more here.

Further reading

Check out our previous articles, Keeping your Digital Currency safe using Crypto Wallets and Trading Safely with Cryptocurrencies, to find out more about staying safe in the world of cryptocurrency.

Have you been impacted by cryptocurrency crime? How were you affected and did you manage to resolve the issue? Let us know in the comments below.

Leave a Reply