Another day, another report of a hacking loss in the crypto world. Hacking compromises of crypto exchanges have become all too common, even in 2018 after the network has had some time to work through necessary security enhancements. A new report from Cyphertrace claims that “some $927 million had been stolen from cryptocurrency exchanges in the first three quarters of 2018 alone”. Based on these figures, it would be safe bet to say that total hacking losses for 2018 will easily exceed $1 billion.
Crypto exchanges are still in their infancy period, mostly un- or under-regulated and evolving independent of common operating standards and security protocols. The nature of the space is that some entities are well capitalized with healthy security budgets, but many are not there yet. This latter group will continue to be unwilling targets of the criminal element in our society until things change radically.
So how do hackers do it, and who are they? Per one security professional:
The how remains sadly predictable throughout the year, truth be told; exploiting vulnerabilities in crypto wallet software and servers, social engineering/password compromises and insider theft. The who covers equally predictable territory with lone wolf criminal opportunists at the lower end of scale through to well-resourced nation-state actors at the other.
Firstly, losses can occur with a crypto holder’s account that is outside the purview of the related exchange. One of the hottest new fraud trends sweeping the planet involves what is called a “SIM-Swap” scam (also known as Port-Out scam or SIM splitting). The fraud exploits a mobile phone operator’s ability to seamlessly port a telephone number to a new SIM destination. Crooks target individuals beforehand, then convince phone operators that the targeted phone has been lost. Personal keys and passwords are soon exposed. In one case, an opportunistic criminal was able to steal $1 million from the crypto account of a prominent executive in the field by employing this ruse.
Aside from small timers out for a quick buck, security professionals have traced large-scale hacking exercises back to the Lazarus Group, “thought to be nation-state players tasked with cyber heists to help boost the beleaguered North Korean economy”. The group’s “cyber footprint” has been detected on several occasions.
How many occasions? Security executives have noted that:
Lazarus is thought to have been spectacularly successful: more than $571 million in cryptocurrency is reported to have been stolen by the Lazarus Group since the start of 2017 and it is thought that 65% of stolen cryptocurrency ends up in North Korea.
How can losses exceed $1 billion? When 2018 commenced, the first major hacking episode occurred in Japan with the Coincheck exchange. It had actually been forewarned by the local regulator “to address security concerns about the way it manages customer assets”. Most exchanges move the majority of client funds to offline “cold storage” wallets for security reasons, but Coincheck preferred to employ “hot” online wallets to enable quicker trading. This vulnerability resulted in the disappearance of $532 million worth of customer coins. Details have never been made public.