News

New targets on the block: cryptocurrency investors

on

Hackers are focussing their attention on easier targets these days: individual, inexperienced cryptocurrency users and their digital tokens. This follows a number of persistent, and presumably failed, attacks on exchanges, which have recently upped their security measures.

Cryptocurrencies are currently valued in the billions, with the lure of bitcoin and other digital currencies drawing in amateur investors, and equally as many opportunist cyber crooks.

Tom Robinson, the co-founder of London-based cryptocurrency criminal prevention company Elliptic, said: “What we’re seeing is a shift away from the exchanges to the users – so things like phishing attacks, and trying to trick people into giving money to them.

“The types of people who are starting to use and buy bitcoin are much less technically sophisticated now, and so are much more prone to phishing attacks.”

Elliptic’s primary clients are major US and European exchanges, and has witnessed a fivefold increase in attacks since January this year. Criminals have been posing as crypto exchanges or wallet-providers, and have been tricking individuals into submitting personal details and private keys.

Senior research engineer at cybersecurity company Cisco, Jeremiah O’Conner, claims criminals do this all too easily; just changing the domain address by a single letter or adding an accent has often deceived users to being unaware of the fact that they are on the wrong website.

“You’re entering your credentials into a bad site and you don’t even notice. If you’re looking at it on a smartphone, which people often are when using cryptocurrency wallets, it’s even easier not to notice,” said O’Connor.

It is estimated that hundreds of millions of dollars have been swindled over the past year due to cryptocurrency phishing attacks; a particularly successful Ukrainian group called Coinhoarder is suspected to have stolen more than 50 million USD.

As a result, Google has recently put a block on all cryptocurrency advertisements, as these were thought to be the most popular way to bait users into the scams through decoy site names.

“People are taught: don’t click on an email that looks suspect; they’re never taught not to click on ads that don’t look legitimate,” commented O’Connor.

Although the attacks on individuals continue, exchanges remain the prominent focus for hackers. Exchanges have lost one million bitcoins to hackers in eight years, with a valuation of 7 billion USD in today’s prices, and this does not include the value of other stolen cryptocurrencies.

Exchanges are changing the way they hold funds for its users, with some refusing to hold any on their platforms at all, and others outsourcing the security of funds and private keys in physical vaults to specialist businesses. These “cold storage” vaults are considered safe options, and having a guardian is a legislative requirement for several large hedge funds.

Despite this, president of Xapo – an example of a custodian company – Ted Rogers said: “[Cyber criminals] are always coming up with new ideas … so we’re constantly trying to anticipate that. It’s an ever-escalating arms race.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *