Five Ways Cyber-Criminals are Trying to Cash in on Crypto-Currency

Wallet stealing, using phones and PCs for crypto-mining and hacking exchange accounts are just some of the ways that cyber-criminals are looking to cashing in on crypto-currency.


Before speculation led to the skyrocketing market capitalizations of crypto-currencies over the past year, online crime was a significant driver of the commercial value of Bitcoin, Ethereum and other digital currencies. 

Dark Web transactions for drugs, payoffs for ransomware attacks and money laundering for a variety of criminal enterprises drove much of the initial value increases of the currencies. 

Yet, criminals have increasingly targeted the burgeoning ecosystem for virtual currencies, looking to illicitly generate currency through mining, by stealing currency from exchanges and wallets, and by finding new ways to deny service for extortion and revenge. 

In January, for example, hackers compromised crypto-currency exchange Coincheck, stealing 500 million NEM tokens from the company's vulnerable wallet. The total value of the haul was about $534 million, according to the most recent estimates. The attack, which accounted for about a sixth of the $3.7 billion NEM market capitalization, could have destroyed the currency, but Japanese online brokerage firm Monex Group bought the company for about $33 million. 

Such attacks will continue as the value of crypto-currencies grow and as their uses become more legitimate and oversight becomes more stringent, said Ian Gray, senior intelligence analyst with risk intelligence firm Flashpoint. 

"Definitely, the rising valuations of crypto-currency has had an impact on the number of attacks that we have seen," he said. "Not just with exchanges, but also in terms of wallets and the number of crypto-currency miners we have seen recently." 

While cyber-criminals have often used crypto-currencies as a way to monetize their diverse illicit schemes, they are increasingly finding other ways to incorporate crypto-currencies into their attacks and operations. 

Malware, for example, has increasingly incorporated payloads that manipulate crypto-currencies, either searching for and stealing wallets or turning a compromised computer into a currency-mining bot. In the third quarter of 2017, about half of all malware focused on crypto-currencies, but by the last quarter of the year, that had grown to about 90 percent of malware, according to web application security firm Imperva. 

"The attackers are evolving and doing whatever they can to maximize their profit," said Nadav Avital, security research team leader at Imperva. 

As the value of the crypto-currency ecosystem grows, and more companies adopt the distributed ledger technology of the blockchain to implement security in other contexts, cyber-criminals will focus more heavily on taking advantage of the digital currencies. 

Here are five ways that criminals are utilizing cryptocurrencies in their attacks. 

1. Taking advantage of lax exchange security 

Cyber-attackers will continue to assail currency exchanges. 

Coincheck is just the latest—and most major—breach of an exchange. In 2014, Bitcoin exchange Mt. Gox failed following two breaches, one for nearly $9 million in 2011 and another for a whopping $450 million in 2014. The following year, another exchange, BitStamp, announced that its "hot wallet," or operational funds, had been stolen by hackers. 

With a greater focus on security and risk management and more oversight by government regulators, however, exchanges are getting better at fending off hackers, said Flashpoint's Gray. 

"A lot of exchanges are getting a lot more serious about security and creating risk programs that better protect their assets," he said. "A lot of governments are also getting more serious about how they are treating crypto-currency, not only regulating the exchanges, but improving the anti-money laundering procedures and other operations." 

2. Enslaving devices to mine crypto-currency 

When the Berkeley SETI Research Center introduced its desktop-based application, [email protected] in 1999 to process of radio signals from space in search of extraterrestrial civilizations, the group kicked off the idea of using users' systems to parallelize the processing of a compute-intensive task. Malicious bot software copied the idea, turning compromised systems into a large distributed computer. 

Online criminals with an interest crypto-currency mining have reproduced the same infrastructure. From PCs to routers to phones to browsers, illicit crypto-currency miners compromise systems, install malware and execute programs to crunch the numbers needed to generate tokens in their preferred currency. 

Most recently, attackers have used vulnerabilities in Apache Struts and Drupal to infect web servers with their programs, which also often attempt to infect visitors' systems with crypto-mining tools, said Ryan Barnett, principal security researcher at Akamai. 

"While these are the most current vulnerabilities, attackers are agile and will quickly migrate to new vulnerabilities that will allow them download their crypto-mining tools into vulnerable systems," he said. 

3. Virtual pickpocketing of insecure wallets 

Security firm Zscaler has seen a doubling in the number of crypto-mining payloads in 2018, but it has also seen an increase in malware targeting the wallets used by consumers to store the security keys needed to sign and verify crypto-currency transactions, according to Deepen Desai, vice president of security research and operations. 

If attacking the exchanges is like a bank heist, breaking into and stealing from insecure wallets is akin to virtual pickpocketing.  

"With the exponential increase in crypto-currency values, lots of consumers are also engaged in legitimate mining activity using their own hardware resources," Desai said. "Cyber-criminals on the other hand are performing mining activity on the compromised systems as well as attempting to steal crypto-currency wallets from the user's system." 

While best security practice for crypto-currency wallets calls for the majority of digital value to be kept in offline storage—a ‘cold wallet,’ many consumers do not take this step. 

4. Fueling crime and tax evasion

Criminals are naturally attracted to crypto-currencies because the financial instruments have helpful attributes—such as varying levels of anonymity and the ability to turn processing power directly into cash. While no one has been able to measure the actual proportion of crypto-currency transactions that are illicit, signposts do exist. In 2015, for example, academic research that scraped data from major sites on the Dark Web found that 70 percent of sales consisted of cannabis-, ecstasy- and cocaine-related products with most being sold for crypto-currency. 

In a 2017 report on crypto-currencies published by a public-private group of government agencies and financial firms found that few consumer applications of crypto-currencies had taken off. 

"The crypto-currency payments market remains small, despite the regular introduction of new crypto-currencies," the report stated. "Crypto-currency users are slowly growing and evolving. However, widespread adoption of crypto-currencies by the general public remains unlikely in the near future." 

In January, while acknowledging the usefulness of the technology behind crypto-currencies, Larry Fink, the CEO of financial firm BlackRock called crypto-currencies “more of an index of money laundering than anything more than that.” 

Yet, government agencies are cracking down on the use of crypto-currencies for money laundering and tax evasion. Japan's Financial Services Agency, for example, has put pressure on exchanges to drop support for certain crypto-currencies—such as Monero, Zcash, and Dash—that are thought to be used by criminals because of their privacy protections. 

In April, the European Parliament voted to tighten regulations on virtual currencies, forcing exchanges to operate more like banks, including a customer verification requirement. 

5. Targeting the blockchain infrastructure 

Criminals are also finding ways to exploit the distributed ledgers, or blockchains, used by crypto-currencies to record transactions and provide proof of work for miners. 

In 2016, for example, members of the community behind the Ethereum crypto-currency created the Decentralized Autonomous Organization, or DAO, as a blockchain-based venture capital fund based on a smart contract. However, two issues in the implementation of the DAO allowed an attacker to drain approximately $70 million in funds from the contract: The DAO allowed recursive calls, and the smart contract decremented funds before updating the internal balance. 

To fix the issue, the group performed a controversial “hard fork” of the Ethereum currency—in some ways similar to a stock split that delivers two different shares to each shareholder: Ethereum (ETH) and Ethereum Classic (ETC). In retribution, however, attackers used a distributed denial-of-service attack against the currency's blockchain to slow down transaction processing. 

Such attacks are not limited to online criminals and dissidents. Law enforcement agencies are using blockchain exploits to expose the identities of criminal networks and money launderers trafficking in illicit drugs. In January testimony, Greg Nevano, deputy assistant director of the Department of Homeland Security said the investigative group looks to disrupt crypto-currency transactions often used to fund narcotics trafficking and launder money. 

“In support of its diverse financial investigative efforts ICE uses undercover techniques to infiltrate and exploit peer-to-peer crypto-currency exchangers who typically launder proceeds for criminal networks engaged in or supporting dark net marketplaces,” Nevano said. “Furthermore, ICE leverages complex Blockchain technology exploitation tools to analyze the digital currency transactions and identify transactors.”

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...