According to the annual report Hi-Tech Crime Trends 2017 presented by Group-IB at CyberCrimeCon, the total damage caused by targeted hacker attacks on the crypto-currency industry amounts to more than $168 million, and the income from attacks on cryptocurrency exchanges varies from $1.5 million (Bitcurex) to $72 million (Bitfinex). While a successful attack on a bank brings criminals only about $1.5 million on average. In addition to higher profitability, hackers are attracted by anonymity being one of the basic principles of the cryptocurrency industry.
Cryptocurrencies and related services represent an extremely dynamic and high-yielding market. With such a rate of development and money inflow, security issues are often considered by blockchain startups as being of minor importance. And hackers take advantage of this. The more successful a fintech project is, the larger its financial footprint or ICO. This makes it more attractive for attacks. In each case, attackers can use a wide range of existing techniques from commonplace phishing and interception of control over domains to vulnerabilities in source codes and targeted attacks with a view to gaining access to companies’ local networks.
An example of a phishing page used by attackers to collect secret keys and gain access to users’ e-wallets
Dmitry Volkov
Head of Threat Intelligence Department, co-Founder of Group-IB
According to Chainalysis, hackers have managed to steal 10% of all the money invested in Ethereum ICO projects in 2017. The general damage in dollar equivalent amounted to $225 million; 30,000 investors lost $7,500 each on average.
In addition to higher profitability, targeting cryptocurrency gives attackers additional advantages as anonymity is the basis of the whole industry, as well as simpler and safer mechanisms for laundering and cash-out of stolen money.
The full version of Hi-Tech Crime Trends 2017