Contents
The crypto economy is developing at a tremendous speed, the value of coins, despite the crypto winter, is growing, and fraudsters are coming up with more and more inventive methods of stealing virtual money. So, we at Buidlbee decided to look into crypto hacking, how it works, and some of the examples of how cryptocurrency gets stolen.
Cryptocurrencies are based on blockchain technology, which is considered unchanged. However, the growing popularity of cryptocurrencies has prompted cybercriminals to find innovative ways to attack the underlying blockchain.
Hacks occur by spreading malware. Such viruses can be divided into two types:
Targeted attacks on specific wallets are much less common. As a rule, these are wallets in which the developers made mistakes, allowing them to seize control over the victim’s funds. These attacks require the hacker to have substantial knowledge of reverse engineering and building financial software.
The brand new newsletter with insights, market analysis and daily opportunities.
Let’s grow together!
According to experts, cryptocurrency theft has increased, primarily due to the principles of anonymity of cryptocurrencies. This allows cybercriminals to “launder” and cash out stolen funds without difficulty. In the language of hackers, who specialize in stealing money from a credit card: stolen funds don’t need to be “washed,” they can be withdrawn immediately.
It is reported that this trend affects the cybersecurity industry. Now the “payload” of such viruses after hitting the victim’s computer mainly looks for wallets with cryptocurrencies, and only then for e-banking systems. Antivirus software developers are also noticing that.
Hackers, in turn, aggressively search for vulnerabilities in smart contracts of popular ICO projects. They often don’t disdain good old-fashioned phishing. To do this, crypto hackers substitute the sites of the ICOs themselves, posting code clones on GitHub and sometimes even replacing fundraising wallets.
However, the cryptocurrency community has something to counteract attackers trying to steal their funds. Amid a wave of hacks of popular products, Bug Bounty platforms, and blockchain security, startups are gaining popularity. They do not know just audit code but also audit smart contracts and wallets by hackers.
Several experts are inclined to think that keeping a staff of testers is no longer so profitable in objectively identifying code bugs. Using actual “white” hackers to test the whole product is more advantageous.
Also, first-generation anti-viruses working only with signature analysis have lost their effectiveness. They are not as effective as “behavioral factor” antiviruses.
The experts say a comprehensive approach is essential here: the security of your code in combination with the protection of the development environment and third-party libraries used in creating the product. We also can’t exclude the human factor, which often contributes to active infections.
Cryptocurrency security is one of the main benefits of blockchain technology, but nothing is perfect. Each algorithm has its vulnerabilities that attackers find. The principle of protection is based on the fact that transaction information is validated by other participants in the network who are unfamiliar with each other, which attackers exploit by intercepting transaction information. Here’s how attackers can get users’ funds.
DDoS attacks and time delays. DDoS attacks and time delays. The attack is not performed for economic gain but to hurt the startup or shut down the network altogether. Sending frequent multiple “garbage” data to the node that processes transactions complicates its work and slows down data transfer, network updates, and the formation of new blocks. Each project has its protections for this. For example, Bitcoin has built-in protection against this attack; some cryptocurrencies introduce symbolic commissions that screen out empty transactions generated by robots. The large flow of “junk” transactions leads to higher commissions. In November 2017, IOTA suffered a major DDoS attack.
To hack a cryptocurrency wallet, hackers need to know a minimum of information about the user. It can be first name, last name, and phone number. Using network vulnerabilities, it is possible to intercept SMS messages containing one-time passwords to enter the wallet. Unfortunately, the technology of sending temporary messages cannot be rejected yet, because it is simple and, at the same time, quite compelling.
To protect against hackers, it is enough to follow basic cyber-security rules: install all updates on time, use only complex passwords and check the correctness of the configuration settings of the equipment used.
You don’t have to be a hacker to get hold of someone else’s cryptocurrency. People are so naive that they are willing to give it away voluntarily, hoping to get some easy money. Here are a few traditional scammers use to get not only BTC but other altcoins as well:
It is worth mentioning the classic fraud schemes in which scammers convince to transfer BTCs or other coins to support some promising project. Or to give them money for trust management because they (scammers) have some insider information. Surprisingly, such schemes, despite their simplicity, are still working. Alas, the desire for easy money is more vital than rationality.
Cryptocurrency worth hackers stole a record $14 billion in 2021. That’s 79% more than in 2020. In 2022 hackers stole nearly $1.3 billion worth of crypto assets during the first quarter of 2022 and $670 million in cryptocurrency in Q2 2022. Hackers’ appetites are growing, so it’s important to know how to protect your money.
Recently 8000 Solana wallets suffered a hack. Experts estimate that the criminals stole about $6–8 million from wallets such as Phantom, Trust Wallet, and Slope during a massive hacker attack. So, at first, we recommended using reliable wallets.
It is equally important to protect the seed phrase.
You can find more information on how to protect your seed phrase in our article.
The stealing of money from bank accounts is gradually receding into the background, as many cybercriminals are switching to stealing money from cryptocurrency wallets. But why doesn’t the same happen to traditional banks at a similar scale? According to Reddit user GrammelHupfNockler, being decentralized, crypto requires users to take care of their security. But most people are just not competent enough to safely use such currencies.
“The complex process for using them lead many people to use exchanges that take care of their wallets. But since a lot of money is involved, there are many incentives to attack these exchanges, and even the best IT security experts make mistakes sometimes — attackers only need to get it right once,” he said.
But there is a reason why we can’t reverse these attacks: the blockchain technology underlying every cryptocurrency is append-only. What has been written to the chain cannot be changed without a hard fork. GrammelHupfNockler says that an essential concept in the space is also that code is law, so if your code does something wrong, it’s your fault.
The banks have government regulations requiring IT security, traceability, and similar things, making reversing transactions or finding perpetrators of such attacks possible in many cases. The author thinks that banks are just not lucrative with this much higher risk and lower attach surface.
The cryptocurrency community and companies have long been a target for hackers. According to analysts, the blockchain industry has lost more than $13.6 billion by October 2020 if you add up all attacks since 2012. And here are some of the cases where companies have lost a lot of money due to hacks.
And here you can read about 6 investors who lost their crypto in the stupidest ways.
Thus, the cryptocurrency system is still relatively young and largely unregulated. This opens up opportunities for criminal attempts to defraud investors through various schemes and methods aimed at gaining access to wallets or pulling in their hard-earned money by promising attractive but unrealistic profits. Nevertheless, this does not make cryptocurrency a less attractive investment tool. Still, it should encourage investors to learn more about how such fraudulent schemes work and how they can be proactively avoided. We hope you agree with us, guys.
U.S. Senators Elizabeth Warren and Bill Cassidy are taking action to combat the use of…
A unique turn of events unfolded for pre-order holders of Solana's 'Chapter 2' mobile phone,…
A recent advisory from the Federal Bureau of Investigation (FBI), advising against the use of…
In a move to tackle money laundering, the European Parliament has approved new regulations imposing…
Since its introduction following Bitcoin's halving event on April 20, Runes, a novel token standard…
Following the euphoria of Bitcoin's recent halving event, miners are now grappling with a stark…