With Bitcoin’s recent surge to nearly $20,000 per coin, and with the cryptocurrency ecosystem’s value blowing past the $600 billion mark, cybercriminals are increasingly targeting bitcoin users and cryptocurrency exchanges, according to Bryce Boland, chief technology officer (CTO) for cybersecurity firm FireEye, in the Asia Pacific region.
The cybersecurity expert, speaking to ZDNet, claimed extorsion victims, presumably of ransomware, are increasingly being asked to pay in cryptocurrency. Earlier this year, a Google report pointed to 34 different ransomware families earning $25 million in the last two years, making it clear it’s a very profitable business.
“We have been seeing a huge amount of extortion against businesses, and most of those extortions are using cryptocurrencies for the payment — mostly it’s Bitcoin — and so many of our customers are having to deal with coin security issues, or have to acquire Bitcoin to potentially pay criminals.”
Boland added that the exponential value growth in some cryptocurrencies has created a sense that people need to stockpile them. However, taking into account the ecosystem’s value surge, many new cryptocurrency owners – including both individuals and businesses – are left vulnerable to attacks.
Those who adopted cryptocurrencies when they had just been created spent a lot of time understanding them, and figuring out how they could be kept safe, Boland noted, adding that a vast number of those who recently bought cryptocurrencies are just trying to make a profit by speculating on their future value. The cybersecurity expert concluded that this creates a huge opportunity for criminals, as these investors aren’t aware of how easily their money can be stolen.
Cryptography Can’t Fix Human Vulnerabilities
Boland, who’s studied cryptography, noted that the wonderful thing about it is that it can solve any problem with perfection, as long as it is a mathematical one. Criminals turn to cryptocurrencies to reduce the chance of getting caught, but they’re still humans, targeting other humans. To the CTO, there’s a challenge in there, as cryptography “doesn’t solve human problems terribly well.” He added:
“Even if you think you’ve got a really strong password and you only use that computer for accessing cryptocurrencies and cryptocurrency sites, you can still be the target of an attacker trying to steal your digital wallet.”
Part of the problem may be in the use of “crypto” as it can lead some to believe that it’s somehow safe to use these currencies. However, criminals don’t brute force wallets, they steal files and data credentials that give them access to these wallets.
Various cryptocurrency exchanges saw their userbase grow, in line with the whole ecosystem. The exchanges run by small organizations, Boland believes, may become a target for criminals, as they’re struggling to keep up with the load.
Although these exchanges understand how cybersecurity works and how to secure tokens, their struggle to keep up with the load may make them focus on other things other than cybersecurity, which can lead to disaster. He explained:
“We’ve seen DDoS attacks against them; we’ve seen different groups targeting cryptocurrency exchanges trying to steal the currencies they hold; trying to garner information on how they operate, particularly how they operate their KYC processes for anti-money laundering; we also see them try and understand who are the insiders, who are the people that might work there to conduct other crimes.
A real-world example of what Boland means recently made headlines, as a relatively unknown Seoul-based cryptocurrency exchange, Youbit, saw hackers breach its hot wallet and steal 17 percent of its total assets.