How Hackers Are Targeting Cryptocurrency

Crypto exchanges that want to maintain credibility must implement some of the same "know your customer" controls used by banks and similar institutions.

John LaCour, Founder and CTO of PhishLabs by HelpSystems

November 2, 2021

4 Min Read
Bitcoin image
Source: DedMityay via Adobe Stock

As the cryptocurrency and digital asset markets mature, so have hackers' approaches to compromising exchanges, asset owners, and other parts of the crypto-financial ecosystem. Whereas cryptocurrencies' role in attacks used to simply be ransomware payments, the market has changed. In leveraging cryptocurrency for ransomware payments, hackers have had to educate themselves on these systems, giving them awareness and understanding of various platforms in the space, the security controls they do or don't have in place, and their potential weaknesses.

For a long time, banks, credit unions, and other financial services have had to perform customer due diligence also called "know your customer" (KYC), to comply with anti-money laundering (AML) laws. And while many exchanges, particularly ones that serve US citizens and customers in other developed countries, already do this same KYC process, the global nature of cryptocurrency means that not all exchanges (such as the Russian-based Suex, which was sanctioned) and other financial ecosystem providers are operating under these rules. Global crypto exchanges that want to maintain credibility must implement some of the same controls used by banks and others to ensure they know their customers and the nature of their transactions.

Don't Sleep on Phishing Threats
At this point in the cybercrime life cycle, we probably all have received an email from an imposter posing as a bank we do business with, asking us to log in and verify something on our account. If you do log in and provide the requested credentials, you quickly fall victim to a phishing scam. So how have these phishing attacks made their way into the crypto world?

Crypto wallets, which store your private keys aiming to keep your crypto safe and accessible, have become popular — particularly multicurrency wallets. The problem is their applications are easily copied because they are Web-based or have elements that are Web-based (like a Chrome extension) allowing you to connect to your wallet through an app on your desktop, making them prime targets for phishing attacks.

If you look at how banks or other large financial institutions are normally attacked, you know the bad actor is going to set up a phishing site and drive traffic there through advertising, SEO results, mass emails, etc. The crypto community, however, is suffering from one-on-one support scams. Fully understanding how cryptocurrency works is hard for the average user. Often, people seek answers by going to support forums, like the Exodus wallet forum on Reddit or Telegram. There, users can get real-time answers from people who are either in support or use the wallet. But there are phishers in there, too, and these scammers try to manipulate the user into providing them with their actual login information or driving the user to a phishing page that mirrors a support page. It's not the same issue banks face, in that the losses are real, but for crypto exchanges it's a reputational loss that will catch up to them.

Mitigate Your Risk
The crypto market is crowded right now, and phishers know that. Fake Google ads are becoming a more popular phishing method and these phishing pages are now getting ranked above a legit crypto or wallet homepage in a Google search. It's easy to miss if you aren't specifically looking for it. When the first search result is a phishing site, a user clicks on it, needs to recover a password, and the next thing you know your user is now a victim. Crypto exchanges need to implement security services that not only monitor for fake ads and phishing sites but offer remediation and take-down services. Email protection is also key for crypto exchanges. If a wallet administrator gets spear-phished, the attacker can piece together access to the wallets on the exchange and ultimately access the fund.

Now Is the Time to Act
Financial institutions' willingness to offer cryptocurrency vehicles to their clients means a broader part of the population is or will be invested in cryptocurrencies. The second-quarter Coinbase initial public offering and Bitcoin all-time high early in the second quarter drew further attention and validation to this market, likely drawing additional entrants. Any place where money is flowing in, hackers will follow. With Bitcoin again above $45,000, and the entire crypto market worth over $2 trillion today, we expect to continue to see a strong focus from hackers on this market for the rest of the year.

The recent Poly network attack shows the crypto industry's willingness to collaborate on security solutions. In some ways the "computational trust" that digital ledgers and cryptocurrency provide should enable these systems to be more secure in the long run. Companies need to be prepared and understand how to identify and mitigate these attacks. Implementing the "know your customer" spirit is crucial. You are only as secure as your weakest link, of which there are many.

About the Author(s)

John LaCour

Founder and CTO of PhishLabs by HelpSystems

John LaCour is the founder and CTO of PhishLabs, which was acquired by HelpSystems. PhishLabs by HelpSystems is a cyber threat intelligence company that delivers Digital Risk Protection through curated threat intelligence and complete mitigation. PhishLabs provides brand impersonation, account takeover, data leakage and social media threat protection in one complete solution for the world’s leading brands and companies.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights