The increased interest in major cryptocurrencies by investors and the high values touched by some of them in recent months have meant that malicious actors have stepped up their operations. You may have noticed that I have used the term malicious actors and not cybercriminals because even groups operating for governments such as North Korea have conducted various operations to steal large amounts of cryptocurrencies from the targeted organizations. Let’s try to understand what are the main ways of attack and online scams that they take affect the profitable cryptocurrency sector.
There is no doubt that one of the main threats is represented by the plethora of fake websites that emerge every day on the net that presenting themselves as cryptocurrency exchanges or start-ups specialized in profitable trading activities try to deceive users and steal their sensitive information, such as their wallet addresses and their passwords. In some cases these sites are clones of legitimate sites and are also sometimes used to trick visitors into downloading malicious applications onto their cryptocurrency stealing devices.
Sometimes users are offered to download malicious mobile apps designed to steal access credentials to the main exchanges (exchanges) used by users or to hijack cryptocurrency transactions by replacing the legitimate addresses of destination wallets with those used by attackers. Another practice observed over the months is the compromise and subsequent use of social accounts belonging to celebrities and influencers to propose unlikely and profitable investments in cryptocurrencies.
Fake celebrity accounts have been created in some campaigns to carry out the complimentary Bitcoin scam. In this fraudulent scheme, the account that presents itself as belonging to a celebrity who invites followers to make bitcoin transfers to specific wallets with the promise of having an equal amount for free. Elon Musk is among the most targeted celebrities for this fraudulent activity. Obviously the attackers use every means to deceive users online, and the use of email could not be an exception. Massive email campaigns impersonating legitimate companies increase in number as the months go by.
The messages use real company logos and layouts and invite those who receive the message to invest in cryptocurrencies by offering stratospheric gains. In reality, the e-mails start from domains created ad hoc with names that resemble those of legitimate companies and the main exchange platforms. Just in recent weeks, CERT-AGID has published an alert on various campaigns of this kind that have been circulating in Italy for some time. In recent weeks, the CERT-AGID has had evidence of numerous fraudulent emails against Italian users and important institutions.
Often even users more accustomed to cryptocurrencies are invited to invest in ICOs, or initial coin offers. Still in the wake of the enormous interest in the world of cryptocurrencies, some criminal groups have stood out for attacks on those who are looking for equipment for the production of cryptocurrencies (mining).
The unfortunates are sent an email, which is actually a notification from Google, informing them of the limited availability of a batch of equipment temporarily unavailable from the official supplier. Notifications coming from Google are not filtered as malicious by spam filters and arrive in the inbox of the victims. Potential victims then receive an email stating that they have been mentioned in a Google Docs file by a user with the nickname BitmainTech, the name of a real mining equipment manufacturer.
In short, everything seems legitimate if it were nothing other than the user interacting with the received document is redirected to a fake manufacturer’s site where he is induced to pay, obviously, in cryptocurrencies, for devices that will not receive emails. The interest in potential earnings related to the purchase of cryptocurrencies can also be exploited for more complex attacks that see a greater iteration between criminals and potential victims.
According to the report “Kaspersky Fraud Prevention” published in February, in 2020 one in two fraudulent transactions in the financial sector involved the acquisition of accounts (account takeover). Cryptocurrencies are no exceptions, the report cites the case of attacks in which cyber criminals act trying to induce the victim to provide access credentials to their accounts. Scammers pretend to be employees of an investment company, or investment advisors from a particular bank, and call clients by offering a quick way to make money and by proposing investments in cryptocurrencies or stocks directly from the client’s account without the need to go to bank. Obviously, to access the service, the attackers guide the user in accessing their home banking service by asking them to provide the code received in a text message or in a push notification. This is the device code that allows the attacker to carry out the transaction on behalf of the victim.
A possible variation to this attack could materialize if the victim reveals to the attacker that he already has an account with a cryptocurrency trading platform and provides his credentials. The types of attacks described are just some of those observed in recent years. However, there have often been attacks against the cryptocurrency platforms themselves, and in many cases their digital cryptocurrency purses have been stolen for a compressive value of tens, and sometimes hundreds, millions of euros.
In May 2019 the Binance Exchange platform announced the theft of $ 41 million worth of Bitcoin from its systems, the same fate befell other platforms such as Bithumb, Bitstamp Bitcoin exchange, and Livecoin.
The attack on the platforms is certainly more complex, it is in some respects comparable to a bank robbery, instead of running after the clients of the financial institution, they prefer to empty the vault. Although these attacks are more complex to carry out they are certainly more profitable and allow attackers with high capabilities, such as nation-state actors, to maximize the returns of the attack.
We close this quick rundown with some statistics related to criminal activities against the cryptocurrency sector. Americans have lost more than $ 80 million in cryptocurrency investment scams since October, a 1,000% increase from the fall of 2019, according to Federal Trade Commission data. People between the ages of 20 and 39 were particularly hard hit, accounting for about 44% of reported losses.
According to research by Trading Platforms UK, cryptocurrency hacks and thefts in 2020 led to the loss of $ 513 million in bitcoin and other cryptocurrencies worldwide. This figure represents an increase of 38.38% compared to 2019. Also according to the research, blockchain fraud and misappropriation of funds were valued at almost $ 1.4 billion in 2020. These figures can only confirm the enormous value. financial sector and the huge potential profits for the attackers, for this reason a significant increase in attacks can be expected. The invitation for users is to remain alert and attentive, the attackers are around the corner.