2018’s most high-profile cryptocurrency catastrophes and cyberattacks
Bitcoin, Ripple. Ethereum. Monero. BTC, XRP, ETH, and XMR.
The names, the jargon, the stream of white papers that proclaim the infinite possibilities of the blockchain, the startups, token sales — also known as Initial Coin Offerings (ICOs) — all culminated in an explosion of interest in virtual currency at the end of 2017.
The excitement over virtual currency was a worldwide phenomenon, even leading to Venezuela coming up with the idea of the Petro, a token designed to help bring the country out of its economic crisis.
At the time, Bitcoin, the most well-known cryptocurrency on the market, surged in value and reached an unprecedented value of just shy of $20,000 for a single virtual coin.
Since then, the market has waned and the price has dropped to under $5,000, which may also in part be due to a controversial hard fork and the creation of Bitcoin Cash SV, a token that Kraken has branded a “high-risk investment.”
Last year, the cryptocurrency market was rife with ICO fraud and exit scams, as well as coin thefts from both wallets and exchanges.
Little seems to have changed — except that attacks are becoming more novel and malware appears to be becoming a more prevalent threat, with the old and new merging in order to compromise wallets and steal user funds.
Estimates suggest that the cryptocurrency market could potentially hit $1 trillion before the end of the year. It might seem like a lot, but considering how much Bitcoin and Ethereum alone accounts for — at least before the recent slump in crypto prices — if interest is rekindled and the market stabilizes, this may be possible.
Lucrative assets, a slapdash approach to regulation worldwide, cryptocurrency exchanges with poor security, and malware capable of using our CPUs to mine for virtual coins behind the scenes — all of these factors have resulted in a market ripe for exploit by determined attackers.
Over the course of 2018, we have seen everything from students hijacking university systems to covertly mine for cryptocurrency to 51 percent attacks and exchanges being left without a coin to their name after a cyberattack.
So, let’s take a deeper dive.
It was not long after celebrations welcoming in the new year ended that those in the cryptocurrency field were given a headache caused by more than just too much champagne.
The BlackWallet application became a target for attackers, who were able to compromise the browser-based cryptocurrency storage application and make off with roughly $400,000 in Stellar Lumen (XLM) coins.
In the same month, a software developer revealed the CoffeeMiner attack, a means to use public Wi-Fi networks to perform cryptojacking — the covert mining of cryptocurrency without user consent.
Facebook decided to ban the advertising of ICOs, cryptocurrencies, and binary options on the social network due to the prevalent risk of scams and fraudulent schemes.
Kodak decided to jump on the blockchain bandwagon and launched its own token, KodakCoin, but by November, developers had labeled the scheme a scam and claimed that contractors were owed at least $100,000 in unpaid wages.
One of Japan’s largest cryptocurrency exchanges, Coincheck, was hacked. The security incident resulted in the loss of $530 million in cryptocurrency.
All of these events are of note, but one of the defining moments was the closure of BitConnect, a platform that allowed users to loan cryptocurrency — made in Bitcoin (BTC) and exchanged on the platform in BitConnect’s own BCC token — in exchange for inflated returns “averaging one percent per day.”
BitConnect blamed regulators for the closure of the lending platform, which caused BCC values to collapse — and users were unable to convert these tokens back to BTC or ETH, which rendered their investments close to worthless.
The organization had previously been accused of being a Ponzi scheme and “too good to be true.” The closure of the platform is considered an exit scam.
However, January was about to become worse for cryptocurrency investors. Benebit, one of the most hyped startups intending to launch an ICO, pulled an exit scam and stole what is believed to be up to $4 million from would-be investors.
It certainly wasn’t an amusing situation for operators or law enforcement, but the idea of a nuclear facility being used to mine for cryptocurrency must have raised a few eyebrows.
In February, employees at the Russian Federation Nuclear Center were arrested for using the center’s supercomputing power to mine virtual coins. The Sarov-based nuclear facility researches nuclear weaponry at the computational and theoretical levels and has a one-petaflop supercomputer in operation.
Over in the United Kingdom, the government was facing its own cryptocurrency-related problems.
Government service websites, including the UK’s Information Commissioner’s Office (ICO), Student Loans Company (SLC), and the UK National Health Service (NHS) Scotland, were infected with cryptocurrency mining software via a vulnerable third-party plugin.
This discovery led to the examination of US and Australian websites, of which both countries were infected with the cryptojacking code through the same medium of exploit.
As visitors browsed the websites in question, of which 4,000 were roughly affected, their PC power was stolen for the purpose of mining cryptocurrency on behalf of the threat actors.
Following Facebook’s lead, in March, Google took steps to tackle the issue of fraudulent ICOs, and chose to ban ICO, wallet, and cryptocurrency consultancy services from purchasing adverts for display on the tech giant’s search engine.
Binance was forced to deal with the aftermath of a credential-stealing scheme that was used en masse to sell user funds and convert them into altcoins, which drove up the price of lesser-known virtual currencies. While the Binance platform itself was not compromised, users reported the sale of their coins without consent — and it appears a clever phishing campaign was to blame.
In the same month, Palo Alto Network researchers published an analysis on ComboJack, a new form of malware that is able to steal Bitcoin Litecoin, Monero, and Ethereum by replacing the addresses of cryptocurrency transactions with addresses of wallets controlled by attackers.
April was not free of cryptocurrency-related incidents, either. A suspected case of fraud emerged with the Chief Strategy Officer (CSO) of cryptocurrency exchange Coinsecure being blamed for the loss or embezzlement of 438 Bitcoins, worth roughly $3.3 million at the time.
In May, the Bitcoin Gold (BTG) hard fork, originating from the Bitcoin (BTC) blockchain, suffered what is known as a 51 percent attack. These attacks use hash power to perform double-spending, in which attackers attempt to wrestle control of at least 50 percent of a chain.
If successful, as in this case, they can force a blockchain to reorganize and they will be able to both modify and exclude transactions of their own coins from blocks.
The BTG attack was levied against exchanges and resulted in the theft of roughly $17.5 million.
Taylor, a startup that aims to bridge the connection between cryptocurrency exchanges and mobile technology through the design and launch of a dedicated trading app, said in the same month that the company had been entirely cleaned out of cryptocurrency and token reserves.
In total, 2,578.98 ETH and TAY tokens from the Taylor Team and Bounty pools was stolen, equating to roughly $1.5 million at the time.
Taylor said the incident appeared to be a “highly advanced and coordinated attack,” and in a roadmap released in June based on recovery from the attack, the startup summed things up:
“Yes, we f*cked up! We could have prevented this unfortunate situation. But we are doing our best to fix everything.”
A tea-based blockchain project, the Shenzhen Puyin Blockchain Group, ran a fraudulent ICO and reportedly raised approximately $48 million from investors. In total, 3,000 individuals were defrauded by the scam, which claimed that the value of its tokens was connected – in a so-called stable fashion — to the value of particularly rare blends of Chinese tea.
Bitcoin ABC mining software also advised users of its software in the same month to update their builds to protect themselves against a critical flaw that could be used against mining pools to force a Bitcoin Cash split.
As a research paper appeared, which claimed the market for cryptocurrency-stealing malware was now worth millions of dollars, South Korean cryptocurrency exchange Coinrail was relieved of roughly 30 percent of its coin reserves — worth approximately $40 million — from hot wallets due to a cyberattack.
Only a week later, another South Korean exchange, Bithumb lost $31.5 million to hackers.
Another ICO exit scam was also performed halfway through the year, this time by Block Broker, an organization that claimed to develop anti-fraud blockchain technologies.
Ironically, while the company said it was working to prevent ICO fraud, Block Broker stole $3 million from traders and wiped its online presence after it was found the CEO’s picture had been stolen from an unaffiliated photographer.
During July, blockchain startup Bancor said a company wallet was compromised. While the alleged attackers apparently attempted to steal $23.5 million, but once the wallet was identified and frozen, only $12.5 million in Ethereum (ETH), alongside $1 million in Pundi X (NPXS) and $10 million in Bancor Network Tokens (BNT) was taken.
BitConnect, which performed an exit scam in January, resurfaced in the news over August as the Indian head of the firm was reportedly arrested in Dubai. Two months later, former BitConnect investors banded together to launch a lawsuit accusing the company of fraud.
In the same month, three Chinese nationals were arrested over the alleged theft of theft of $87 million in cryptocurrencies by targeting both individual and corporate wallets.
In September, Osaka-based cryptocurrency exchange Zaif lost $60 million in company and user funds following a cyberattack in which hackers siphoned away Bitcoin, Bitcoin Cash, and MonaCoin from Zaif hot wallets.
A new phishing scheme was also uncovered in September, in which the legitimate Jaxx wallet became the target of a fraudulent campaign designed to spread malware capable of compromising user wallets and stealing funds.
A vulnerability was also discovered in the Monero system that could have permitted attackers to steal vast amounts of the cryptocurrency. After a theoretical question was posted online, developers realized a serious bug in the framework existed and rapidly worked to patch the problem.
In October, an Australian woman was accused of stealing 100,000 Ripple tokens, worth roughly AU$450,000, from a man in his fifties.
Pincoin operators ran off with $660 million in trader funds after pulling an ICO exit scam, which was unsurprising considering the 48 percent return that the organization promised investors.
A brash cryptojacking scheme was uncovered in November in which Nova Scotia’s St. Francis Xavier University, located in Canada, was forced to close down its network to stop the use of the institution’s power for cryptocurrency mining.
A public disclosure was also issued relating to Ethereum transactions that permitted what is known as a griefing vector, permitting attackers to force exchanges to burn their own Ethereum on high transaction costs. By minting GasTokens, attackers could also potentially profit from anyone who creates ETH transactions to arbitrary addresses.
Researchers also revealed the existence of DarkGate, a cryptojacking malware that avoids detection by the majority of traditional antivirus programs.
However, there is another way that attackers seeking cryptocurrency can compromise your systems — and this way is a new spin on an old attack.
Known as SIM-swapping, a fraudster rings up the customer service provider responsible for your mobile number and attempts to convince them to divert the number to a new handset. Should they succeed, even temporarily, this can be used to bypass two-factor authentication methods and give attackers an opportunity to recover the passwords and access valuable online accounts.
In this particular case, a 21 year old performed a SIM-swap attack, stealing a victim’s life savings.
The CEO of AriseBank, a blockchain startup that promised to allow users to “serve as their own bank,” was then arrested over claims that the executive was operating a scam in order to defraud investors of $4 million.
As we move through December, it will be interesting to see how the cryptocurrency market will perform. There are many legitimate and potentially lucrative programs and coins out there, but as with any investment or speculation, there is often a degree of risk — whether this relates to a coin’s value, security, or ICO scams.
Previous and related coverage:
If you think your cryptocurrency is not being watched over by a central authority, think again.
Nick Saponaro, GM and lead full stack developer at The Divi Project, sits down with Tonya Hall and talks government, banks, and cryptocurrency.
Like the early stages of the dot com boom, the initial speculative crypto bubble is over. Expect waves of rapid evolution next, as maturity kicks in and serious players emerge and scale.